Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PUP.Bitminer kwrd.dll infection [Solved]

Started by integrinB4 , Dec 31 2011 09:11 AM

  • This topic is locked This topic is locked

#1
integrinB4
Posted 31 December 2011 - 09:11 AM

integrinB4

    Member

  • Member
  • PipPip
  • 61 posts
Contracted the "Win 7 Antivirus 2012" malware yesterday. Successfully removed it using the MBAM tools. However, MBAM has now repeatedly told me that I have "PUP.Bitminer" located in "C:\Windows\assembly\temp\kwrd.dll"

MBAM has quarantiend it and removed it, but upon reboot and rescan with MBAM, it shows up again. I am also experiencing REDIRECTS in IE. Currently machine is in Safe Mode with Networking. I havwe not done much else with the machine since I detected the win 7 antivirus 2012 malware yesterday. My wife has Trend Micro Office Scan installed on the computer and I was unable to turn off teh realtime scannin when I was removing the win 7 antivurs 2012. I am concerned that may have been part of the problem. Also, once she thought the machine was clean (Before Pup.Bitminer kept showing up), she did a windows update and it installed spk1. Not sure if that is going to screw things up when trying to remove this thing.

Here is the OTL log:
OTL logfile created on: 12/31/2011 9:51:05 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mike\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.11 Gb Available Physical Memory | 71.44% Memory free
11.50 Gb Paging File | 10.07 Gb Available in Paging File | 87.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.07 Gb Total Space | 411.51 Gb Free Space | 70.46% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 2.14 Gb Free Space | 17.85% Space Free | Partition Type: NTFS

Computer Name: DESKTOP | User Name: Mike | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/31 09:45:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
PRC - [2011/12/24 17:50:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/07/13 20:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE


========== Modules (No Company Name) ==========

MOD - [2010/11/20 07:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 07:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 14:00:32 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/11/11 14:00:32 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/11/11 13:59:36 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/27 13:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2011/12/14 20:10:48 | 003,316,000 | ---- | M] () [Auto | Stopped] -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/08/26 01:52:40 | 002,772,096 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2011/08/26 01:43:24 | 002,771,856 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2011/04/26 15:23:02 | 000,223,088 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/04/15 12:17:44 | 000,918,032 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/04 13:55:54 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2011/03/31 13:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motport.sys -- (motport)
DRV:64bit: - [2011/03/31 13:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 19:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 19:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/09 05:38:42 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/19 11:19:38 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/29 16:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2011/07/12 10:56:50 | 000,342,288 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2011/07/12 10:56:36 | 000,042,768 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2011/07/12 10:47:06 | 002,077,456 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files (x86)\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files (x86)\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/01/09 20:11:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/09 11:09:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/02 16:39:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/11/12 15:44:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/04/22 12:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2011/04/22 12:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/01/23 11:44:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ck0r55w1.default\extensions
[2011/12/16 20:26:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/22 07:35:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/06 21:23:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/09 20:11:18 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2010/12/06 21:23:35 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

Hosts file not found
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [OfficeScanNT Monitor] -HideWindow File not found
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4:64bit: - HKLM..\RunOnce: [DCERegBootClean64] C:\Windows\RegBootClean64.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft....?LinkID=122915" /build:7601 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {161A7465-FEEE-4B40-8A85-ED752B93F73E} http://cvmris.ncsu.e...IntraLaunch.CAB (IntraLaunch.MainControl)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA} http://152.7.129.70/..._5_0_silent.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1A0FBCA-0112-4F48-9677-74A15FF817D4}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{88a36ff9-ccab-11e0-926b-90e6baec8e90}\Shell - "" = AutoRun
O33 - MountPoints2\{88a36ff9-ccab-11e0-926b-90e6baec8e90}\Shell\AutoRun\command - "" = K:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/31 09:50:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2011/12/30 18:05:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/12/30 18:03:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/12/30 17:58:36 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\malware removal
[2011/12/30 15:35:15 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Malwarebytes
[2011/12/30 15:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/30 15:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/30 15:35:03 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/30 15:35:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/30 14:46:15 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2010/11/11 14:04:20 | 001,526,512 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIX.dll
[2010/11/11 14:04:20 | 001,243,888 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShell.dll
[2010/11/11 14:04:20 | 001,151,728 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneDBApi.dll
[2010/11/11 14:04:20 | 000,645,872 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIX.renderapi.dll
[2010/11/11 14:04:18 | 001,284,848 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIXcontrols.dll
[2010/11/11 14:00:34 | 000,896,240 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneWmdu.dll
[2010/11/11 14:00:34 | 000,157,936 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.Library.dll
[2010/11/11 14:00:32 | 000,467,696 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneWlanCfgSvc.exe
[2010/11/11 14:00:32 | 000,306,416 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneComm.exe
[2010/11/11 14:00:32 | 000,195,312 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.Mobile.dll
[2010/11/11 14:00:32 | 000,156,912 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.ZuneHD.dll
[2010/11/11 14:00:32 | 000,152,304 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.Classic.dll
[2010/11/11 14:00:32 | 000,027,888 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneTCP2UDP.dll
[2010/11/11 14:00:32 | 000,021,232 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneDTPTDNS.dll
[2010/11/11 14:00:32 | 000,018,672 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneCommProxyStub.dll
[2010/11/11 14:00:32 | 000,009,456 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneWmduResources.dll
[2010/11/11 14:00:30 | 000,100,080 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneTaskbar.dll
[2010/11/11 14:00:18 | 000,507,120 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSP.dll
[2010/11/11 14:00:14 | 016,873,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShellResources.dll
[2010/11/11 14:00:14 | 001,521,392 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSetup.exe
[2010/11/11 14:00:14 | 000,916,208 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneQP.dll
[2010/11/11 14:00:14 | 000,683,760 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSH.dll
[2010/11/11 14:00:14 | 000,514,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSE.dll
[2010/11/11 14:00:14 | 000,366,320 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSrcWrp.dll
[2010/11/11 14:00:14 | 000,155,888 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSA.dll
[2010/11/11 14:00:14 | 000,074,480 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShellExt.dll
[2010/11/11 14:00:12 | 001,404,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneResources.dll
[2010/11/11 14:00:12 | 001,240,304 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneService.dll
[2010/11/11 14:00:12 | 000,017,648 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShare.exe
[2010/11/11 13:59:38 | 009,971,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneNativeLib.dll
[2010/11/11 13:59:38 | 000,347,888 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneNssci.dll
[2010/11/11 13:59:36 | 008,251,120 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneNss.exe
[2010/11/11 13:59:36 | 002,109,680 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEncEng.dll
[2010/11/11 13:59:36 | 001,744,624 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIXrender.dll
[2010/11/11 13:59:36 | 001,184,496 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneH264Dec.dll
[2010/11/11 13:59:36 | 001,161,456 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneMde.dll
[2010/11/11 13:59:36 | 001,084,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneMarketplaceResources.dll
[2010/11/11 13:59:36 | 000,855,280 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneMBR.dll
[2010/11/11 13:59:36 | 000,376,560 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEvr.dll
[2010/11/11 13:59:36 | 000,223,472 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Zune.exe
[2010/11/11 13:59:36 | 000,163,568 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneLauncher.exe
[2010/11/11 13:59:36 | 000,130,800 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZunePresenter.dll
[2010/11/11 13:59:36 | 000,020,720 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZunePS.dll
[2010/11/11 13:59:32 | 001,464,560 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneCore.dll
[2010/11/11 13:59:32 | 000,218,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneHost.exe
[2010/11/11 13:59:32 | 000,072,944 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneDXVA2.dll
[2010/11/11 13:59:30 | 000,707,824 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZUNEMP4SDECD.dll
[2010/11/11 13:59:24 | 000,212,208 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneDB.dll
[2010/11/11 13:59:24 | 000,129,264 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEffects.dll
[2010/11/11 13:59:24 | 000,121,072 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneAACDec.dll
[2010/11/11 13:59:24 | 000,061,680 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneCfg.dll
[2010/11/11 13:59:24 | 000,056,560 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneConfig.exe
[2010/11/11 13:59:24 | 000,038,640 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEnc.exe
[2010/11/11 13:59:24 | 000,035,568 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIXsup.dll
[2010/09/24 11:19:24 | 000,182,784 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Program Files\l3codecp.acm
[2010/09/24 10:49:20 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr90.dll
[2010/09/24 10:49:18 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp90.dll
[2010/09/24 10:49:18 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcm90.dll
[2007/10/02 14:12:44 | 001,642,568 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msidcrl40.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/31 09:52:31 | 001,088,148 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/31 09:52:31 | 000,894,628 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/31 09:52:31 | 000,192,994 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/31 09:45:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2011/12/30 23:34:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/30 23:34:13 | 334,942,207 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/30 20:55:14 | 000,020,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/30 20:55:14 | 000,020,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/30 20:54:52 | 000,129,024 | ---- | M] () -- C:\Windows\RegBootClean64.exe
[2011/12/30 20:54:52 | 000,001,342 | ---- | M] () -- C:\Windows\RegBootClean64.CFG
[2011/12/30 20:52:16 | 004,990,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/30 18:03:27 | 000,017,142 | ---- | M] () -- C:\Windows\cfgall.ini
[2011/12/30 17:52:29 | 000,000,394 | ---- | M] () -- C:\Windows\DCEBOOT.RST
[2011/12/30 16:32:37 | 000,021,520 | ---- | M] () -- C:\Windows\DCEBoot64.exe
[2011/12/30 15:36:25 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/30 15:17:14 | 001,008,141 | ---- | M] () -- C:\Users\Mike\Desktop\iExplore.exe
[2011/12/30 14:51:19 | 000,008,474 | -HS- | M] () -- C:\Users\Mike\AppData\Local\bfw826jj2ggq08uq3m012q5njwytp0gv6goyc
[2011/12/30 14:51:19 | 000,008,474 | -HS- | M] () -- C:\ProgramData\bfw826jj2ggq08uq3m012q5njwytp0gv6goyc
[2011/12/22 08:13:53 | 000,000,021 | ---- | M] () -- C:\tmuninst.ini
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/30 18:10:45 | 000,001,342 | ---- | C] () -- C:\Windows\RegBootClean64.CFG
[2011/12/30 17:52:28 | 000,000,394 | ---- | C] () -- C:\Windows\DCEBOOT.RST
[2011/12/30 16:32:37 | 000,021,520 | ---- | C] () -- C:\Windows\DCEBoot64.exe
[2011/12/30 15:36:25 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/30 15:20:30 | 001,008,141 | ---- | C] () -- C:\Users\Mike\Desktop\iExplore.exe
[2011/12/30 14:48:32 | 000,129,024 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2011/12/30 14:46:05 | 000,008,474 | -HS- | C] () -- C:\Users\Mike\AppData\Local\bfw826jj2ggq08uq3m012q5njwytp0gv6goyc
[2011/12/30 14:46:05 | 000,008,474 | -HS- | C] () -- C:\ProgramData\bfw826jj2ggq08uq3m012q5njwytp0gv6goyc
[2011/12/22 08:13:52 | 000,000,021 | ---- | C] () -- C:\tmuninst.ini
[2011/08/27 14:40:14 | 000,011,586 | ---- | C] () -- C:\Users\Mike\AppData\Local\tmpBUTTERFLY_navi.JPG
[2011/08/27 14:40:13 | 002,153,753 | ---- | C] () -- C:\Users\Mike\AppData\Local\tmpBUTTERFLY.JPG
[2011/08/27 11:09:33 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/24 12:52:30 | 001,070,674 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/24 10:51:32 | 000,000,659 | ---- | C] () -- C:\Program Files\Zune.exe.config
[2010/09/24 10:51:18 | 000,138,893 | ---- | C] () -- C:\Program Files\quickplaymap_nld.png
[2010/09/24 10:51:18 | 000,138,241 | ---- | C] () -- C:\Program Files\quickplaymap_ptb.png
[2010/09/24 10:51:18 | 000,138,239 | ---- | C] () -- C:\Program Files\quickplaymap_por.png
[2010/09/24 10:51:18 | 000,124,277 | ---- | C] () -- C:\Program Files\quickplaymap_deu.png
[2010/09/24 10:51:18 | 000,124,066 | ---- | C] () -- C:\Program Files\quickplaymap_ita.png
[2010/09/24 10:51:18 | 000,122,665 | ---- | C] () -- C:\Program Files\quickplaymap_frc.png
[2010/09/24 10:51:18 | 000,121,667 | ---- | C] () -- C:\Program Files\quickplaymap_esm.png
[2010/09/24 10:51:18 | 000,121,034 | ---- | C] () -- C:\Program Files\quickplaymap.png
[2010/09/24 10:51:18 | 000,118,456 | ---- | C] () -- C:\Program Files\softwaremap_ptb.png
[2010/09/24 10:51:18 | 000,113,696 | ---- | C] () -- C:\Program Files\softwaremap_por.png
[2010/09/24 10:51:18 | 000,112,268 | ---- | C] () -- C:\Program Files\softwaremap_nld.png
[2010/09/24 10:51:18 | 000,104,707 | ---- | C] () -- C:\Program Files\softwaremap_esm.png
[2010/09/24 10:51:18 | 000,103,753 | ---- | C] () -- C:\Program Files\softwaremap_deu.png
[2010/09/24 10:51:18 | 000,103,128 | ---- | C] () -- C:\Program Files\softwaremap_frc.png
[2010/09/24 10:51:18 | 000,102,831 | ---- | C] () -- C:\Program Files\softwaremap_ita.png
[2010/09/24 10:51:18 | 000,100,035 | ---- | C] () -- C:\Program Files\softwaremap.png
[2010/09/24 10:51:18 | 000,001,922 | ---- | C] () -- C:\Program Files\TopBar.gif
[2010/09/24 10:51:18 | 000,000,988 | ---- | C] () -- C:\Program Files\ZuneLogo.gif
[2010/09/24 10:51:18 | 000,000,631 | ---- | C] () -- C:\Program Files\Background.jpg
[2010/09/24 10:51:18 | 000,000,054 | ---- | C] () -- C:\Program Files\Arrow.gif
[2010/09/03 19:42:03 | 000,421,888 | ---- | C] () -- C:\Windows\SysWow64\OpenQuicktimeLib.dll
[2010/09/03 19:42:03 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\libfaac.dll
[2010/09/03 19:42:02 | 000,679,936 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/09/03 19:42:02 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/09/03 19:42:01 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\cpuinf32.dll
[2009/12/24 10:26:38 | 000,017,142 | ---- | C] () -- C:\Windows\cfgall.ini
[2009/07/15 19:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/08/17 19:42:49 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Canon
[2011/06/01 00:26:32 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\EndNote
[2009/12/26 07:08:21 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\PictureMover
[2010/08/08 18:22:13 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/04/22 12:16:11 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Thunderbird
[2011/06/30 09:00:00 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2009/07/14 00:08:49 | 000,025,686 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Users\Mike\Desktop\Sig.tiff:3or4kl4x13tuuug3Byamue2s4b

< End of report >
  • 0

Advertisements

#2
CompCav
Posted 02 January 2012 - 11:06 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Hi, integrinB4! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

I am currently reviewing your log and will return with the first step to clean your computer later today.

CompCav
  • 0

#3
CompCav
Posted 02 January 2012 - 12:03 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Hello again integrinB4. Let's get started.

Step 1.

Download RogueKiller to your desktop.

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.


Step 2.

Rerun RogueKiller
  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.


Step 3.

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :processes
killallprocesses


:OTL
[2010/12/06 21:23:35 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
O4:64bit: - HKLM..\Run: [OfficeScanNT Monitor] -HideWindow File not found
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA} http://152.7.129.70/..._5_0_silent.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{88a36ff9-ccab-11e0-926b-90e6baec8e90}\Shell - "" = AutoRun
O33 - MountPoints2\{88a36ff9-ccab-11e0-926b-90e6baec8e90}\Shell\AutoRun\command - "" = K:\setup.exe -a
[2011/12/30 14:51:19 | 000,008,474 | -HS- | M] () -- C:\Users\Mike\AppData\Local\bfw826jj2ggq08uq3m012q5njwytp0gv6goyc
[2011/12/30 14:51:19 | 000,008,474 | -HS- | M] () -- C:\ProgramData\bfw826jj2ggq08uq3m012q5njwytp0gv6goyc
@Alternate Data Stream - 168 bytes -> C:\Users\Mike\Desktop\Sig.tiff:3or4kl4x13tuuug3Byamue2s4b



:files
ipconfig /flushdns /c
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C


:reg


:Commands
[purity]
[resethosts]
[emptyflash]
[emptyjava]
[createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 4.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.



Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now


Step 5.

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 6.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users, and under Extra Registry select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 7.

Please Post:

both RkReport.txt files
Combofix log
TDSSKiller log
OTL.txt
Extras.txt


How is your computer doing? Are your wallpaper and icons normal?
  • 0

#4
integrinB4
Posted 03 January 2012 - 07:24 AM

integrinB4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
I just saw your post. I will do the things listed this evening as I am at work now. I have NOT resolved the issue nor have I tried to work on it since I posted the intial message on here.
  • 0

#5
CompCav
Posted 03 January 2012 - 07:48 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Thanks for the update!
  • 0

#6
integrinB4
Posted 03 January 2012 - 10:45 PM

integrinB4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Step 1 Report:

RogueKiller V6.2.2 [12/31/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User: Mike [Admin rights]
Mode: Remove -- Date : 01/03/2012 23:44:32

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤
[SUSP PATH] HKLM\[...]\RunOnce : DCERegBootClean64 (C:\Windows\RegBootClean64.exe) -> DELETED
[BLACKLIST DLL] HKLM\[...]\Wow6432Node\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] sys32\consrv.dll present!

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 3bd7e4448353601829182bd969c7cde2
[BSP] 84075f653f7649b0eb28ea262717bad6 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 104 Mo
1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 206848 | Size: 627137 Mo
3 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 1225084928 | Size: 12890 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#7
integrinB4
Posted 03 January 2012 - 10:49 PM

integrinB4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Step 2 Report:

RogueKiller V6.2.2 [12/31/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User: Mike [Admin rights]
Mode: Shortcuts HJfix -- Date : 01/03/2012 23:48:13

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 11 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 468 / Fail 0
My documents: Success 3 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 305 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 482 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume7 -- 0x2 --> Restored

¤¤¤ Infection : ZeroAccess ¤¤¤

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
  • 0

#8
integrinB4
Posted 03 January 2012 - 10:57 PM

integrinB4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Step 3 report:

========== PROCESSES ==========
All processes killed
========== OTL ==========
C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\OfficeScanNT Monitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}
C:\Windows\Downloaded Program Files\amicasjreinstaller_1_5_0_silent.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88a36ff9-ccab-11e0-926b-90e6baec8e90}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88a36ff9-ccab-11e0-926b-90e6baec8e90}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88a36ff9-ccab-11e0-926b-90e6baec8e90}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88a36ff9-ccab-11e0-926b-90e6baec8e90}\ not found.
File K:\setup.exe -a not found.
C:\Users\Mike\AppData\Local\bfw826jj2ggq08uq3m012q5njwytp0gv6goyc moved successfully.
C:\ProgramData\bfw826jj2ggq08uq3m012q5njwytp0gv6goyc moved successfully.
Unable to delete ADS C:\Users\Mike\Desktop\Sig.tiff:3or4kl4x13tuuug3Byamue2s4b .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Mike\Desktop\cmd.bat deleted successfully.
C:\Users\Mike\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Mike\Desktop\cmd.bat deleted successfully.
C:\Users\Mike\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Mike\Desktop\cmd.bat deleted successfully.
C:\Users\Mike\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Mike\Desktop\cmd.bat deleted successfully.
C:\Users\Mike\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Mike\Desktop\cmd.bat deleted successfully.
C:\Users\Mike\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 41620 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mike
->Flash cache emptied: 45771 bytes

User: Public

User: Toni
->Flash cache emptied: 2118630 bytes

Total Flash Files Cleaned = 2.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Mike
->Java cache emptied: 2356179 bytes

User: Public

User: Toni
->Java cache emptied: 3889806 bytes

Total Java Files Cleaned = 6.00 mb

Error creating restore point.

OTL by OldTimer - Version 3.2.31.0 log created on 01032012_235109

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#9
integrinB4
Posted 03 January 2012 - 11:10 PM

integrinB4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
I attempted to run Combofix in Step 4. My realtime virus protection is disabled, but combofix says it detects that it is running. SO I stopped and am asking what to do.

Should I uninstall the virus detection program? I disabled it and combo fix still detects it. I cna reinstall when we are done.

It is Trend Micro OfficeScan Client

Thanks for the help
  • 0

#10
CompCav
Posted 04 January 2012 - 06:52 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
First make sure your antivirus is disabled and even though it warns you that it is on if you know it is not, run ComboFix.



If that does not work then uninstall the antivirus and run ComboFix.

After running ComboFix then reinstall your Antivirus and continue with running TDSSKiller.
  • 0

Advertisements

#11
integrinB4
Posted 04 January 2012 - 07:48 PM

integrinB4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
So I ran combo fix without uninstalling the virus software.

It completed, rebooted the machine and then posted a log.
However, I am unable to open IE.

It gives the prompt: c:\Program Files (x86)\Internet Explorer\iexplore.exe
Illegal operation attempted on a registry key that has been marked for deletion.

Also, all the recent .exe files on teh desktop that I loaded to help remove this (OTL.exe, Combofix.exe, etc) all have a blue and gold windows shield over the lower right quadrant of thier icons. What does this mean?

I have copied the .txt log on a usb drive and posted it here using another computer. Also, when I tried to eject my usb drive, the comptuer told me that it was an illegal operation and that it's rgistry key has been marked for deletion. Why I will not move forward until I hear from you.

Combofix Log:
ComboFix 12-01-04.03 - Mike 01/04/2012 20:25:03.1.4 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.5887.4890 [GMT -5:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro OfficeScan Anti-spyware *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\background.jpg
c:\users\Toni\AppData\Local\assembly\tmp
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\temp\keywords
c:\windows\assembly\temp\kwrd.dll
c:\windows\system32\consrv.dll
c:\windows\system32\java.exe
c:\windows\System64
c:\windows\SysWow64\is-4FUTM.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))
.
.
2012-01-04 04:51 . 2012-01-04 04:51 -------- d-----w- C:\_OTL
2011-12-30 23:05 . 2011-12-30 23:05 -------- d-----w- c:\windows\system32\SPReview
2011-12-30 23:03 . 2011-12-30 23:03 -------- d-----w- c:\windows\system32\EventProviders
2011-12-30 21:32 . 2011-12-30 21:32 21520 ----a-w- c:\windows\DCEBoot64.exe
2011-12-30 20:35 . 2011-12-30 20:35 -------- d-----w- c:\users\Mike\AppData\Roaming\Malwarebytes
2011-12-30 20:35 . 2011-12-30 20:35 -------- d-----w- c:\programdata\Malwarebytes
2011-12-30 20:35 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-30 20:35 . 2011-12-30 20:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-30 19:48 . 2012-01-04 04:57 129024 ----a-w- c:\windows\RegBootClean64.exe
2011-12-30 17:12 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2CE2F9CB-B8DC-4FF6-86AF-2C8F1867D2D9}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-30 23:14 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-30 23:14 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-10-09 20:01 . 2011-06-17 10:36 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2010-11-11 19:04 . 2010-11-11 19:04 645872 ----a-w- c:\program files\UIX.renderapi.dll
2010-11-11 19:04 . 2010-11-11 19:04 1526512 ----a-w- c:\program files\UIX.dll
2010-11-11 19:04 . 2010-11-11 19:04 1243888 ----a-w- c:\program files\ZuneShell.dll
2010-11-11 19:04 . 2010-11-11 19:04 1151728 ----a-w- c:\program files\ZuneDBApi.dll
2010-11-11 19:04 . 2010-11-11 19:04 1284848 ----a-w- c:\program files\UIXcontrols.dll
2010-11-11 19:00 . 2010-11-11 19:00 896240 ----a-w- c:\program files\ZuneWmdu.dll
2010-11-11 19:00 . 2010-11-11 19:00 157936 ----a-w- c:\program files\ZuneZMDB.Library.dll
2010-11-11 19:00 . 2010-11-11 19:00 9456 ----a-w- c:\program files\ZuneWmduResources.dll
2010-11-11 19:00 . 2010-11-11 19:00 467696 ----a-w- c:\program files\ZuneWlanCfgSvc.exe
2010-11-11 19:00 . 2010-11-11 19:00 306416 ----a-w- c:\program files\WMZuneComm.exe
2010-11-11 19:00 . 2010-11-11 19:00 27888 ----a-w- c:\program files\WMZuneTCP2UDP.dll
2010-11-11 19:00 . 2010-11-11 19:00 21232 ----a-w- c:\program files\WMZuneDTPTDNS.dll
2010-11-11 19:00 . 2010-11-11 19:00 195312 ----a-w- c:\program files\ZuneZMDB.Mobile.dll
2010-11-11 19:00 . 2010-11-11 19:00 18672 ----a-w- c:\program files\WMZuneCommProxyStub.dll
2010-11-11 19:00 . 2010-11-11 19:00 156912 ----a-w- c:\program files\ZuneZMDB.ZuneHD.dll
2010-11-11 19:00 . 2010-11-11 19:00 152304 ----a-w- c:\program files\ZuneZMDB.Classic.dll
2010-11-11 19:00 . 2010-11-11 19:00 100080 ----a-w- c:\program files\ZuneTaskbar.dll
2010-11-11 19:00 . 2010-11-11 19:00 507120 ----a-w- c:\program files\ZuneSP.dll
2010-11-11 19:00 . 2010-11-11 19:00 916208 ----a-w- c:\program files\ZuneQP.dll
2010-11-11 19:00 . 2010-11-11 19:00 74480 ----a-w- c:\program files\ZuneShellExt.dll
2010-11-11 19:00 . 2010-11-11 19:00 683760 ----a-w- c:\program files\ZuneSH.dll
2010-11-11 19:00 . 2010-11-11 19:00 514288 ----a-w- c:\program files\ZuneSE.dll
2010-11-11 19:00 . 2010-11-11 19:00 366320 ----a-w- c:\program files\ZuneSrcWrp.dll
2010-11-11 19:00 . 2010-11-11 19:00 16873712 ----a-w- c:\program files\ZuneShellResources.dll
2010-11-11 19:00 . 2010-11-11 19:00 155888 ----a-w- c:\program files\ZuneSA.dll
2010-11-11 19:00 . 2010-11-11 19:00 1521392 ----a-w- c:\program files\ZuneSetup.exe
2010-11-11 19:00 . 2010-11-11 19:00 17648 ----a-w- c:\program files\ZuneShare.exe
2010-11-11 19:00 . 2010-11-11 19:00 1404144 ----a-w- c:\program files\ZuneResources.dll
2010-11-11 19:00 . 2010-11-11 19:00 1240304 ----a-w- c:\program files\ZuneService.dll
2010-11-11 18:59 . 2010-11-11 18:59 9971440 ----a-w- c:\program files\ZuneNativeLib.dll
2010-11-11 18:59 . 2010-11-11 18:59 347888 ----a-w- c:\program files\ZuneNssci.dll
2010-11-11 18:59 . 2010-11-11 18:59 855280 ----a-w- c:\program files\ZuneMBR.dll
2010-11-11 18:59 . 2010-11-11 18:59 8251120 ----a-w- c:\program files\ZuneNss.exe
2010-11-11 18:59 . 2010-11-11 18:59 376560 ----a-w- c:\program files\ZuneEvr.dll
2010-11-11 18:59 . 2010-11-11 18:59 223472 ----a-w- c:\program files\Zune.exe
2010-11-11 18:59 . 2010-11-11 18:59 2109680 ----a-w- c:\program files\ZuneEncEng.dll
2010-11-11 18:59 . 2010-11-11 18:59 20720 ----a-w- c:\program files\ZunePS.dll
2010-11-11 18:59 . 2010-11-11 18:59 1744624 ----a-w- c:\program files\UIXrender.dll
2010-11-11 18:59 . 2010-11-11 18:59 163568 ----a-w- c:\program files\ZuneLauncher.exe
2010-11-11 18:59 . 2010-11-11 18:59 130800 ----a-w- c:\program files\ZunePresenter.dll
2010-11-11 18:59 . 2010-11-11 18:59 1184496 ----a-w- c:\program files\ZuneH264Dec.dll
2010-11-11 18:59 . 2010-11-11 18:59 1161456 ----a-w- c:\program files\ZuneMde.dll
2010-11-11 18:59 . 2010-11-11 18:59 1084144 ----a-w- c:\program files\ZuneMarketplaceResources.dll
2010-11-11 18:59 . 2010-11-11 18:59 72944 ----a-w- c:\program files\ZuneDXVA2.dll
2010-11-11 18:59 . 2010-11-11 18:59 218864 ----a-w- c:\program files\ZuneHost.exe
2010-11-11 18:59 . 2010-11-11 18:59 1464560 ----a-w- c:\program files\ZuneCore.dll
2010-11-11 18:59 . 2010-11-11 18:59 707824 ----a-w- c:\program files\ZUNEMP4SDECD.dll
2010-11-11 18:59 . 2010-11-11 18:59 61680 ----a-w- c:\program files\ZuneCfg.dll
2010-11-11 18:59 . 2010-11-11 18:59 56560 ----a-w- c:\program files\ZuneConfig.exe
2010-11-11 18:59 . 2010-11-11 18:59 38640 ----a-w- c:\program files\ZuneEnc.exe
2010-11-11 18:59 . 2010-11-11 18:59 35568 ----a-w- c:\program files\UIXsup.dll
2010-11-11 18:59 . 2010-11-11 18:59 212208 ----a-w- c:\program files\ZuneDB.dll
2010-11-11 18:59 . 2010-11-11 18:59 129264 ----a-w- c:\program files\ZuneEffects.dll
2010-11-11 18:59 . 2010-11-11 18:59 121072 ----a-w- c:\program files\ZuneAACDec.dll
2010-09-24 16:19 . 2010-09-24 16:19 182784 ----a-w- c:\program files\l3codecp.acm
2010-09-24 15:49 . 2010-09-24 15:49 626688 ----a-w- c:\program files\msvcr90.dll
2010-09-24 15:49 . 2010-09-24 15:49 856576 ----a-w- c:\program files\msvcp90.dll
2010-09-24 15:49 . 2010-09-24 15:49 245760 ----a-w- c:\program files\msvcm90.dll
2007-10-02 19:12 . 2007-10-02 19:12 1642568 ----a-w- c:\program files\msidcrl40.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2011-06-28 4950664]
"Akamai NetSession Interface"="c:\users\Mike\AppData\Local\Akamai\netsession_win.exe" [2011-12-13 3305760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\WMZuneComm.exe [2010-11-11 306416]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]
S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [2011-07-12 342288]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [2011-07-12 42768]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [2011-04-15 918032]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 16334368]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 2114376]
"Zune Launcher"="c:\program files\ZuneLauncher.exe" [2010-11-11 163568]
"combofix"="c:\combofix\CF22221.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {161A7465-FEEE-4B40-8A85-ED752B93F73E} - hxxp://cvmris.ncsu.edu/Reports/IntraLaunch.CAB
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ck0r55w1.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Adobe Acrobat - Create PDF: [email protected] - c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2012-01-04 20:39:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-05 01:39
.
Pre-Run: 441,565,396,992 bytes free
Post-Run: 442,649,837,568 bytes free
.
- - End Of File - - 10E5CD9C852973BD96978C5F558E9229
  • 0

#12
integrinB4
Posted 04 January 2012 - 07:50 PM

integrinB4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
I saw that combofix had created a restore point? Should we resotre and let me try to uninstall the virus software and try this step again?
  • 0

#13
CompCav
Posted 04 January 2012 - 08:01 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
ComboFix just did not release some registry items. Please reboot the computer and that should clear the issues you described.

The shields are part or UAC and now when you run some programs you will be prompted to say yes in order for them to work.

CompCav
  • 0

#14
integrinB4
Posted 04 January 2012 - 09:50 PM

integrinB4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
OK. Rebooted and back in Safe Mode. The previous issues are resolved.

Ran Step 5: TDSSkiller.

22:44:21.0252 1996 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
22:44:21.0611 1996 ============================================================
22:44:21.0611 1996 Current date / time: 2012/01/04 22:44:21.0611
22:44:21.0611 1996 SystemInfo:
22:44:21.0611 1996
22:44:21.0611 1996 OS Version: 6.1.7601 ServicePack: 1.0
22:44:21.0611 1996 Product type: Workstation
22:44:21.0611 1996 ComputerName: DESKTOP
22:44:21.0611 1996 UserName: Mike
22:44:21.0611 1996 Windows directory: C:\Windows
22:44:21.0611 1996 System windows directory: C:\Windows
22:44:21.0611 1996 Running under WOW64
22:44:21.0611 1996 Processor architecture: Intel x64
22:44:21.0611 1996 Number of processors: 4
22:44:21.0611 1996 Page size: 0x1000
22:44:21.0611 1996 Boot type: Safe boot with network
22:44:21.0611 1996 ============================================================
22:44:22.0469 1996 Initialize success
22:45:07.0054 1340 ============================================================
22:45:07.0054 1340 Scan started
22:45:07.0054 1340 Mode: Manual; SigCheck; TDLFS;
22:45:07.0054 1340 ============================================================
22:45:08.0068 1340 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:45:08.0161 1340 1394ohci - ok
22:45:08.0208 1340 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
22:45:08.0286 1340 61883 - ok
22:45:08.0317 1340 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:45:08.0333 1340 ACPI - ok
22:45:08.0364 1340 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:45:08.0411 1340 AcpiPmi - ok
22:45:08.0458 1340 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:45:08.0473 1340 adp94xx - ok
22:45:08.0504 1340 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:45:08.0520 1340 adpahci - ok
22:45:08.0551 1340 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:45:08.0567 1340 adpu320 - ok
22:45:08.0629 1340 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
22:45:08.0676 1340 AFD - ok
22:45:08.0754 1340 AgereSoftModem (184e1ad35dbf9328add7d560a792e6e9) C:\Windows\system32\DRIVERS\agrsm64.sys
22:45:08.0801 1340 AgereSoftModem - ok
22:45:08.0863 1340 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:45:08.0863 1340 agp440 - ok
22:45:08.0894 1340 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:45:08.0894 1340 aliide - ok
22:45:08.0926 1340 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:45:08.0926 1340 amdide - ok
22:45:08.0972 1340 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:45:09.0019 1340 AmdK8 - ok
22:45:09.0050 1340 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:45:09.0082 1340 AmdPPM - ok
22:45:09.0128 1340 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
22:45:09.0128 1340 amdsata - ok
22:45:09.0160 1340 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:45:09.0175 1340 amdsbs - ok
22:45:09.0206 1340 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
22:45:09.0206 1340 amdxata - ok
22:45:09.0269 1340 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:45:09.0331 1340 AppID - ok
22:45:09.0378 1340 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:45:09.0394 1340 arc - ok
22:45:09.0394 1340 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:45:09.0409 1340 arcsas - ok
22:45:09.0440 1340 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:45:09.0550 1340 AsyncMac - ok
22:45:09.0596 1340 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:45:09.0596 1340 atapi - ok
22:45:09.0659 1340 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
22:45:09.0674 1340 Avc - ok
22:45:09.0737 1340 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:45:09.0784 1340 b06bdrv - ok
22:45:09.0830 1340 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:45:09.0862 1340 b57nd60a - ok
22:45:09.0877 1340 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:45:09.0940 1340 Beep - ok
22:45:09.0986 1340 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:45:10.0002 1340 blbdrive - ok
22:45:10.0080 1340 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:45:10.0111 1340 bowser - ok
22:45:10.0127 1340 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:45:10.0174 1340 BrFiltLo - ok
22:45:10.0189 1340 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:45:10.0205 1340 BrFiltUp - ok
22:45:10.0252 1340 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:45:10.0314 1340 BridgeMP - ok
22:45:10.0330 1340 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:45:10.0361 1340 Brserid - ok
22:45:10.0392 1340 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:45:10.0408 1340 BrSerWdm - ok
22:45:10.0454 1340 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:45:10.0486 1340 BrUsbMdm - ok
22:45:10.0486 1340 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:45:10.0517 1340 BrUsbSer - ok
22:45:10.0548 1340 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:45:10.0579 1340 BTHMODEM - ok
22:45:10.0595 1340 catchme - ok
22:45:10.0610 1340 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:45:10.0657 1340 cdfs - ok
22:45:10.0720 1340 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
22:45:10.0751 1340 cdrom - ok
22:45:10.0798 1340 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:45:10.0813 1340 circlass - ok
22:45:10.0844 1340 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:45:10.0860 1340 CLFS - ok
22:45:10.0907 1340 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:45:10.0922 1340 CmBatt - ok
22:45:10.0938 1340 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:45:10.0938 1340 cmdide - ok
22:45:10.0985 1340 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
22:45:11.0016 1340 CNG - ok
22:45:11.0047 1340 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:45:11.0047 1340 Compbatt - ok
22:45:11.0110 1340 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:45:11.0125 1340 CompositeBus - ok
22:45:11.0188 1340 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:45:11.0203 1340 crcdisk - ok
22:45:11.0266 1340 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
22:45:11.0312 1340 CSC - ok
22:45:11.0375 1340 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:45:11.0422 1340 DfsC - ok
22:45:11.0437 1340 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:45:11.0500 1340 discache - ok
22:45:11.0515 1340 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:45:11.0531 1340 Disk - ok
22:45:11.0562 1340 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:45:11.0593 1340 drmkaud - ok
22:45:11.0640 1340 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:45:11.0671 1340 DXGKrnl - ok
22:45:11.0749 1340 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:45:11.0827 1340 ebdrv - ok
22:45:11.0890 1340 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:45:11.0905 1340 elxstor - ok
22:45:11.0952 1340 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:45:11.0983 1340 ErrDev - ok
22:45:12.0030 1340 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:45:12.0077 1340 exfat - ok
22:45:12.0092 1340 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:45:12.0139 1340 fastfat - ok
22:45:12.0170 1340 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:45:12.0217 1340 fdc - ok
22:45:12.0248 1340 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:45:12.0248 1340 FileInfo - ok
22:45:12.0264 1340 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:45:12.0295 1340 Filetrace - ok
22:45:12.0326 1340 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:45:12.0342 1340 flpydisk - ok
22:45:12.0389 1340 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:45:12.0404 1340 FltMgr - ok
22:45:12.0420 1340 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:45:12.0420 1340 FsDepends - ok
22:45:12.0436 1340 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:45:12.0436 1340 Fs_Rec - ok
22:45:12.0482 1340 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:45:12.0498 1340 fvevol - ok
22:45:12.0514 1340 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:45:12.0529 1340 gagp30kx - ok
22:45:12.0545 1340 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:45:12.0560 1340 GEARAspiWDM - ok
22:45:12.0576 1340 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:45:12.0607 1340 hcw85cir - ok
22:45:12.0670 1340 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:45:12.0701 1340 HDAudBus - ok
22:45:12.0748 1340 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:45:12.0763 1340 HidBatt - ok
22:45:12.0779 1340 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:45:12.0810 1340 HidBth - ok
22:45:12.0841 1340 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:45:12.0841 1340 HidIr - ok
22:45:12.0872 1340 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
22:45:12.0888 1340 HidUsb - ok
22:45:12.0935 1340 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:45:12.0950 1340 HpSAMD - ok
22:45:12.0997 1340 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:45:13.0044 1340 HTTP - ok
22:45:13.0075 1340 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:45:13.0075 1340 hwpolicy - ok
22:45:13.0122 1340 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:45:13.0122 1340 i8042prt - ok
22:45:13.0138 1340 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
22:45:13.0153 1340 iaStorV - ok
22:45:13.0184 1340 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:45:13.0200 1340 iirsp - ok
22:45:13.0262 1340 IntcAzAudAddService (31c32bc56d85d109ebb0c526be5caca7) C:\Windows\system32\drivers\RTKVHD64.sys
22:45:13.0325 1340 IntcAzAudAddService - ok
22:45:13.0356 1340 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:45:13.0372 1340 intelide - ok
22:45:13.0418 1340 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:45:13.0434 1340 intelppm - ok
22:45:13.0481 1340 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:45:13.0528 1340 IpFilterDriver - ok
22:45:13.0574 1340 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:45:13.0590 1340 IPMIDRV - ok
22:45:13.0621 1340 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:45:13.0652 1340 IPNAT - ok
22:45:13.0684 1340 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:45:13.0715 1340 IRENUM - ok
22:45:13.0730 1340 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:45:13.0746 1340 isapnp - ok
22:45:13.0762 1340 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:45:13.0777 1340 iScsiPrt - ok
22:45:13.0793 1340 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:45:13.0808 1340 kbdclass - ok
22:45:13.0824 1340 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:45:13.0855 1340 kbdhid - ok
22:45:13.0886 1340 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
22:45:13.0886 1340 KSecDD - ok
22:45:13.0918 1340 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
22:45:13.0933 1340 KSecPkg - ok
22:45:13.0949 1340 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:45:13.0980 1340 ksthunk - ok
22:45:14.0042 1340 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:45:14.0089 1340 lltdio - ok
22:45:14.0152 1340 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:45:14.0152 1340 LSI_FC - ok
22:45:14.0198 1340 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:45:14.0198 1340 LSI_SAS - ok
22:45:14.0230 1340 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:45:14.0230 1340 LSI_SAS2 - ok
22:45:14.0261 1340 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:45:14.0261 1340 LSI_SCSI - ok
22:45:14.0292 1340 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:45:14.0323 1340 luafv - ok
22:45:14.0354 1340 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:45:14.0370 1340 megasas - ok
22:45:14.0386 1340 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:45:14.0386 1340 MegaSR - ok
22:45:14.0417 1340 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:45:14.0464 1340 Modem - ok
22:45:14.0510 1340 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:45:14.0542 1340 monitor - ok
22:45:14.0573 1340 motccgp (c94a2ea3fdfa5d650884926b710b7db1) C:\Windows\system32\DRIVERS\motccgp.sys
22:45:14.0588 1340 motccgp - ok
22:45:14.0620 1340 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
22:45:14.0635 1340 motccgpfl - ok
22:45:14.0682 1340 motmodem (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motmodem.sys
22:45:14.0713 1340 motmodem - ok
22:45:14.0760 1340 motport (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motport.sys
22:45:14.0776 1340 motport - ok
22:45:14.0838 1340 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
22:45:14.0838 1340 mouclass - ok
22:45:14.0869 1340 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:45:14.0900 1340 mouhid - ok
22:45:14.0932 1340 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:45:14.0947 1340 mountmgr - ok
22:45:14.0994 1340 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:45:14.0994 1340 mpio - ok
22:45:15.0025 1340 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:45:15.0072 1340 mpsdrv - ok
22:45:15.0134 1340 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:45:15.0166 1340 MRxDAV - ok
22:45:15.0212 1340 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:45:15.0228 1340 mrxsmb - ok
22:45:15.0275 1340 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:45:15.0290 1340 mrxsmb10 - ok
22:45:15.0306 1340 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:45:15.0322 1340 mrxsmb20 - ok
22:45:15.0368 1340 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:45:15.0368 1340 msahci - ok
22:45:15.0384 1340 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:45:15.0400 1340 msdsm - ok
22:45:15.0446 1340 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
22:45:15.0478 1340 MSDV - ok
22:45:15.0524 1340 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:45:15.0556 1340 Msfs - ok
22:45:15.0602 1340 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:45:15.0649 1340 mshidkmdf - ok
22:45:15.0665 1340 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:45:15.0665 1340 msisadrv - ok
22:45:15.0696 1340 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:45:15.0727 1340 MSKSSRV - ok
22:45:15.0743 1340 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:45:15.0805 1340 MSPCLOCK - ok
22:45:15.0821 1340 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:45:15.0868 1340 MSPQM - ok
22:45:15.0914 1340 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:45:15.0930 1340 MsRPC - ok
22:45:15.0946 1340 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:45:15.0961 1340 mssmbios - ok
22:45:15.0977 1340 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:45:16.0024 1340 MSTEE - ok
22:45:16.0055 1340 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:45:16.0102 1340 MTConfig - ok
22:45:16.0117 1340 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:45:16.0117 1340 Mup - ok
22:45:16.0164 1340 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:45:16.0180 1340 NativeWifiP - ok
22:45:16.0242 1340 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:45:16.0273 1340 NDIS - ok
22:45:16.0289 1340 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:45:16.0320 1340 NdisCap - ok
22:45:16.0351 1340 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:45:16.0398 1340 NdisTapi - ok
22:45:16.0429 1340 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:45:16.0492 1340 Ndisuio - ok
22:45:16.0538 1340 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:45:16.0570 1340 NdisWan - ok
22:45:16.0616 1340 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:45:16.0663 1340 NDProxy - ok
22:45:16.0679 1340 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:45:16.0726 1340 NetBIOS - ok
22:45:16.0757 1340 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:45:16.0788 1340 NetBT - ok
22:45:16.0850 1340 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:45:16.0850 1340 nfrd960 - ok
22:45:16.0882 1340 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:45:16.0913 1340 Npfs - ok
22:45:16.0944 1340 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:45:16.0975 1340 nsiproxy - ok
22:45:17.0053 1340 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
22:45:17.0100 1340 Ntfs - ok
22:45:17.0147 1340 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:45:17.0209 1340 Null - ok
22:45:17.0396 1340 nvlddmkm (1cf597c9f0745735a6c5181ecb83706e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:45:17.0677 1340 nvlddmkm - ok
22:45:17.0740 1340 NVNET (9c3024e48db4c98e50af7d8b72d0ef89) C:\Windows\system32\DRIVERS\nvmf6264.sys
22:45:17.0740 1340 NVNET - ok
22:45:17.0771 1340 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
22:45:17.0786 1340 nvraid - ok
22:45:17.0818 1340 nvsmu (afde3015bb8d76e26bec3b287c5443a0) C:\Windows\system32\DRIVERS\nvsmu.sys
22:45:17.0818 1340 nvsmu - ok
22:45:17.0864 1340 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
22:45:17.0880 1340 nvstor - ok
22:45:17.0911 1340 nvstor64 (6ba747b1a9297a6c0271700d12fdd495) C:\Windows\system32\DRIVERS\nvstor64.sys
22:45:17.0911 1340 nvstor64 - ok
22:45:17.0927 1340 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:45:17.0942 1340 nv_agp - ok
22:45:17.0989 1340 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:45:18.0020 1340 ohci1394 - ok
22:45:18.0052 1340 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:45:18.0052 1340 Parport - ok
22:45:18.0098 1340 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:45:18.0114 1340 partmgr - ok
22:45:18.0130 1340 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:45:18.0130 1340 pci - ok
22:45:18.0145 1340 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:45:18.0161 1340 pciide - ok
22:45:18.0176 1340 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:45:18.0192 1340 pcmcia - ok
22:45:18.0223 1340 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:45:18.0223 1340 pcw - ok
22:45:18.0239 1340 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:45:18.0301 1340 PEAUTH - ok
22:45:18.0410 1340 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:45:18.0457 1340 PptpMiniport - ok
22:45:18.0473 1340 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:45:18.0488 1340 Processor - ok
22:45:18.0551 1340 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:45:18.0582 1340 Psched - ok
22:45:18.0644 1340 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:45:18.0691 1340 ql2300 - ok
22:45:18.0707 1340 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:45:18.0722 1340 ql40xx - ok
22:45:18.0754 1340 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:45:18.0785 1340 QWAVEdrv - ok
22:45:18.0800 1340 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:45:18.0832 1340 RasAcd - ok
22:45:18.0847 1340 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:45:18.0878 1340 RasAgileVpn - ok
22:45:18.0925 1340 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:45:18.0972 1340 Rasl2tp - ok
22:45:18.0988 1340 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:45:19.0034 1340 RasPppoe - ok
22:45:19.0050 1340 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:45:19.0081 1340 RasSstp - ok
22:45:19.0112 1340 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:45:19.0159 1340 rdbss - ok
22:45:19.0190 1340 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:45:19.0206 1340 rdpbus - ok
22:45:19.0237 1340 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:45:19.0268 1340 RDPCDD - ok
22:45:19.0315 1340 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
22:45:19.0331 1340 RDPDR - ok
22:45:19.0346 1340 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:45:19.0393 1340 RDPENCDD - ok
22:45:19.0424 1340 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:45:19.0440 1340 RDPREFMP - ok
22:45:19.0487 1340 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
22:45:19.0518 1340 RDPWD - ok
22:45:19.0565 1340 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:45:19.0580 1340 rdyboost - ok
22:45:19.0596 1340 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:45:19.0643 1340 rspndr - ok
22:45:19.0674 1340 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:45:19.0690 1340 sbp2port - ok
22:45:19.0736 1340 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:45:19.0783 1340 scfilter - ok
22:45:19.0814 1340 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:45:19.0861 1340 secdrv - ok
22:45:19.0908 1340 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:45:19.0924 1340 Serenum - ok
22:45:19.0955 1340 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:45:19.0955 1340 Serial - ok
22:45:19.0986 1340 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:45:20.0002 1340 sermouse - ok
22:45:20.0048 1340 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:45:20.0080 1340 sffdisk - ok
22:45:20.0095 1340 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:45:20.0111 1340 sffp_mmc - ok
22:45:20.0142 1340 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:45:20.0173 1340 sffp_sd - ok
22:45:20.0204 1340 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:45:20.0204 1340 sfloppy - ok
22:45:20.0267 1340 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:45:20.0267 1340 SiSRaid2 - ok
22:45:20.0282 1340 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:45:20.0298 1340 SiSRaid4 - ok
22:45:20.0329 1340 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:45:20.0376 1340 Smb - ok
22:45:20.0423 1340 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:45:20.0423 1340 spldr - ok
22:45:20.0470 1340 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:45:20.0501 1340 srv - ok
22:45:20.0516 1340 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:45:20.0532 1340 srv2 - ok
22:45:20.0548 1340 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:45:20.0563 1340 srvnet - ok
22:45:20.0610 1340 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:45:20.0626 1340 stexstor - ok
22:45:20.0704 1340 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:45:20.0704 1340 swenum - ok
22:45:20.0813 1340 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:45:20.0875 1340 Tcpip - ok
22:45:20.0906 1340 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:45:20.0938 1340 TCPIP6 - ok
22:45:20.0984 1340 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:45:21.0031 1340 tcpipreg - ok
22:45:21.0062 1340 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:45:21.0109 1340 TDPIPE - ok
22:45:21.0125 1340 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:45:21.0156 1340 TDTCP - ok
22:45:21.0203 1340 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:45:21.0234 1340 tdx - ok
22:45:21.0250 1340 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:45:21.0265 1340 TermDD - ok
22:45:21.0343 1340 TmFilter (8b97ba7e28bd39a2bc4a2bb66a83fec0) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys
22:45:21.0359 1340 TmFilter - ok
22:45:21.0406 1340 TmPreFilter (1889f49a828b1cf0e2866cdd325875b0) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys
22:45:21.0406 1340 TmPreFilter - ok
22:45:21.0437 1340 tmtdi (a42e6780c52b248af54c6010a9a93384) C:\Windows\system32\DRIVERS\tmtdi.sys
22:45:21.0437 1340 tmtdi - ok
22:45:21.0484 1340 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:45:21.0530 1340 tssecsrv - ok
22:45:21.0608 1340 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:45:21.0608 1340 TsUsbFlt - ok
22:45:21.0671 1340 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:45:21.0718 1340 tunnel - ok
22:45:21.0749 1340 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:45:21.0749 1340 uagp35 - ok
22:45:21.0796 1340 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:45:21.0842 1340 udfs - ok
22:45:21.0905 1340 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:45:21.0905 1340 uliagpkx - ok
22:45:21.0967 1340 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:45:21.0983 1340 umbus - ok
22:45:22.0014 1340 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:45:22.0030 1340 UmPass - ok
22:45:22.0061 1340 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
22:45:22.0108 1340 USBAAPL64 - ok
22:45:22.0139 1340 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
22:45:22.0170 1340 usbccgp - ok
22:45:22.0232 1340 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:45:22.0248 1340 usbcir - ok
22:45:22.0264 1340 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
22:45:22.0264 1340 usbehci - ok
22:45:22.0310 1340 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
22:45:22.0342 1340 usbhub - ok
22:45:22.0373 1340 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
22:45:22.0373 1340 usbohci - ok
22:45:22.0435 1340 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:45:22.0451 1340 usbprint - ok
22:45:22.0498 1340 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:45:22.0529 1340 usbscan - ok
22:45:22.0544 1340 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\drivers\USBSTOR.SYS
22:45:22.0560 1340 USBSTOR - ok
22:45:22.0576 1340 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
22:45:22.0607 1340 usbuhci - ok
22:45:22.0669 1340 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:45:22.0669 1340 vdrvroot - ok
22:45:22.0700 1340 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:45:22.0716 1340 vga - ok
22:45:22.0732 1340 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:45:22.0763 1340 VgaSave - ok
22:45:22.0794 1340 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:45:22.0810 1340 vhdmp - ok
22:45:22.0825 1340 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:45:22.0841 1340 viaide - ok
22:45:22.0872 1340 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:45:22.0872 1340 volmgr - ok
22:45:22.0919 1340 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:45:22.0934 1340 volmgrx - ok
22:45:22.0966 1340 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:45:22.0966 1340 volsnap - ok
22:45:23.0075 1340 VSApiNt (3a5862d9a4fe4bbb2ffa1700e2b21b9b) C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys
22:45:23.0122 1340 VSApiNt - ok
22:45:23.0168 1340 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:45:23.0168 1340 vsmraid - ok
22:45:23.0200 1340 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
22:45:23.0215 1340 vwifibus - ok
22:45:23.0246 1340 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:45:23.0278 1340 WacomPen - ok
22:45:23.0324 1340 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:45:23.0371 1340 WANARP - ok
22:45:23.0387 1340 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:45:23.0418 1340 Wanarpv6 - ok
22:45:23.0465 1340 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:45:23.0465 1340 Wd - ok
22:45:23.0496 1340 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:45:23.0527 1340 Wdf01000 - ok
22:45:23.0558 1340 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:45:23.0590 1340 WfpLwf - ok
22:45:23.0605 1340 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:45:23.0621 1340 WIMMount - ok
22:45:23.0699 1340 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:45:23.0730 1340 WinUsb - ok
22:45:23.0746 1340 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:45:23.0746 1340 WmiAcpi - ok
22:45:23.0824 1340 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:45:23.0855 1340 ws2ifsl - ok
22:45:23.0902 1340 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:45:23.0948 1340 WudfPf - ok
22:45:23.0980 1340 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:45:24.0026 1340 WUDFRd - ok
22:45:24.0073 1340 MBR (0x1B8) (5778997d3e073c6583c14e80b2e5db74) \Device\Harddisk0\DR0
22:45:24.0307 1340 \Device\Harddisk0\DR0 - ok
22:45:24.0338 1340 Boot (0x1200) (dd0049a94e8e578110339918823c908b) \Device\Harddisk0\DR0\Partition0
22:45:24.0338 1340 \Device\Harddisk0\DR0\Partition0 - ok
22:45:24.0354 1340 Boot (0x1200) (b8636be3190ceba8f33f56e5cc9f9355) \Device\Harddisk0\DR0\Partition1
22:45:24.0354 1340 \Device\Harddisk0\DR0\Partition1 - ok
22:45:24.0385 1340 Boot (0x1200) (b1705779abf817ec1485f405b642ac8e) \Device\Harddisk0\DR0\Partition2
22:45:24.0385 1340 \Device\Harddisk0\DR0\Partition2 - ok
22:45:24.0385 1340 ============================================================
22:45:24.0385 1340 Scan finished
22:45:24.0385 1340 ============================================================
22:45:24.0401 1084 Detected object count: 0
22:45:24.0401 1084 Actual detected object count: 0
  • 0

#15
integrinB4
Posted 04 January 2012 - 10:03 PM

integrinB4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Step 6: OTL.txt

OTL logfile created on: 1/4/2012 10:54:39 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mike\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 5.17 Gb Available Physical Memory | 90.01% Memory free
11.50 Gb Paging File | 10.94 Gb Available in Paging File | 95.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.07 Gb Total Space | 410.71 Gb Free Space | 70.32% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 2.14 Gb Free Space | 17.85% Space Free | Partition Type: NTFS

Computer Name: DESKTOP | User Name: Mike | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/04 22:53:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 14:00:32 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/11/11 14:00:32 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/11/11 13:59:36 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/27 13:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2011/12/14 20:10:48 | 003,316,000 | ---- | M] () [Auto | Stopped] -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/08/26 01:52:40 | 002,772,096 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2011/08/26 01:43:24 | 002,771,856 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2011/04/26 15:23:02 | 000,223,088 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/04/15 12:17:44 | 000,918,032 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/04 13:55:54 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2011/03/31 13:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motport.sys -- (motport)
DRV:64bit: - [2011/03/31 13:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2010/12/07 14:58:38 | 000,108,624 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 19:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 19:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/09 05:38:42 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/19 11:19:38 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/29 16:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2011/07/12 10:56:50 | 000,342,288 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2011/07/12 10:56:36 | 000,042,768 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2011/07/12 10:47:06 | 002,077,456 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files (x86)\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files (x86)\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/01/09 20:11:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/09 11:09:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/03 23:51:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/11/12 15:44:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/04/22 12:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2011/04/22 12:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/01/23 11:44:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ck0r55w1.default\extensions
[2011/12/16 20:26:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/22 07:35:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/06 21:23:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/09 20:11:18 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN

O1 HOSTS File: ([2012/01/04 20:31:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {161A7465-FEEE-4B40-8A85-ED752B93F73E} http://cvmris.ncsu.e...IntraLaunch.CAB (IntraLaunch.MainControl)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1A0FBCA-0112-4F48-9677-74A15FF817D4}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/01/04 22:42:31 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mike\Desktop\tdsskiller.exe
[2012/01/04 20:32:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/04 20:29:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/04 20:22:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/04 20:22:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/04 20:22:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/04 20:20:21 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/04 00:02:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/04 00:01:30 | 004,370,643 | R--- | C] (Swearware) -- C:\Users\Mike\Desktop\ComboFix.exe
[2012/01/03 23:51:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/03 23:43:53 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\RK_Quarantine
[2011/12/31 09:50:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2011/12/30 18:05:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/12/30 18:03:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/12/30 17:58:36 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\malware removal
[2011/12/30 15:35:15 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Malwarebytes
[2011/12/30 15:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/30 15:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/30 15:35:03 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/30 15:35:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/11 14:04:20 | 001,526,512 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIX.dll
[2010/11/11 14:04:20 | 001,243,888 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShell.dll
[2010/11/11 14:04:20 | 001,151,728 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneDBApi.dll
[2010/11/11 14:04:20 | 000,645,872 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIX.renderapi.dll
[2010/11/11 14:04:18 | 001,284,848 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIXcontrols.dll
[2010/11/11 14:00:34 | 000,896,240 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneWmdu.dll
[2010/11/11 14:00:34 | 000,157,936 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.Library.dll
[2010/11/11 14:00:32 | 000,467,696 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneWlanCfgSvc.exe
[2010/11/11 14:00:32 | 000,306,416 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneComm.exe
[2010/11/11 14:00:32 | 000,195,312 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.Mobile.dll
[2010/11/11 14:00:32 | 000,156,912 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.ZuneHD.dll
[2010/11/11 14:00:32 | 000,152,304 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.Classic.dll
[2010/11/11 14:00:32 | 000,027,888 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneTCP2UDP.dll
[2010/11/11 14:00:32 | 000,021,232 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneDTPTDNS.dll
[2010/11/11 14:00:32 | 000,018,672 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneCommProxyStub.dll
[2010/11/11 14:00:32 | 000,009,456 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneWmduResources.dll
[2010/11/11 14:00:30 | 000,100,080 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneTaskbar.dll
[2010/11/11 14:00:18 | 000,507,120 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSP.dll
[2010/11/11 14:00:14 | 016,873,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShellResources.dll
[2010/11/11 14:00:14 | 001,521,392 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSetup.exe
[2010/11/11 14:00:14 | 000,916,208 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneQP.dll
[2010/11/11 14:00:14 | 000,683,760 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSH.dll
[2010/11/11 14:00:14 | 000,514,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSE.dll
[2010/11/11 14:00:14 | 000,366,320 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSrcWrp.dll
[2010/11/11 14:00:14 | 000,155,888 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSA.dll
[2010/11/11 14:00:14 | 000,074,480 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShellExt.dll
[2010/11/11 14:00:12 | 001,404,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneResources.dll
[2010/11/11 14:00:12 | 001,240,304 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneService.dll
[2010/11/11 14:00:12 | 000,017,648 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShare.exe
[2010/11/11 13:59:38 | 009,971,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneNativeLib.dll
[2010/11/11 13:59:38 | 000,347,888 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneNssci.dll
[2010/11/11 13:59:36 | 008,251,120 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneNss.exe
[2010/11/11 13:59:36 | 002,109,680 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEncEng.dll
[2010/11/11 13:59:36 | 001,744,624 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIXrender.dll
[2010/11/11 13:59:36 | 001,184,496 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneH264Dec.dll
[2010/11/11 13:59:36 | 001,161,456 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneMde.dll
[2010/11/11 13:59:36 | 001,084,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneMarketplaceResources.dll
[2010/11/11 13:59:36 | 000,855,280 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneMBR.dll
[2010/11/11 13:59:36 | 000,376,560 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEvr.dll
[2010/11/11 13:59:36 | 000,223,472 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Zune.exe
[2010/11/11 13:59:36 | 000,163,568 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneLauncher.exe
[2010/11/11 13:59:36 | 000,130,800 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZunePresenter.dll
[2010/11/11 13:59:36 | 000,020,720 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZunePS.dll
[2010/11/11 13:59:32 | 001,464,560 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneCore.dll
[2010/11/11 13:59:32 | 000,218,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneHost.exe
[2010/11/11 13:59:32 | 000,072,944 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneDXVA2.dll
[2010/11/11 13:59:30 | 000,707,824 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZUNEMP4SDECD.dll
[2010/11/11 13:59:24 | 000,212,208 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneDB.dll
[2010/11/11 13:59:24 | 000,129,264 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEffects.dll
[2010/11/11 13:59:24 | 000,121,072 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneAACDec.dll
[2010/11/11 13:59:24 | 000,061,680 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneCfg.dll
[2010/11/11 13:59:24 | 000,056,560 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneConfig.exe
[2010/11/11 13:59:24 | 000,038,640 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEnc.exe
[2010/11/11 13:59:24 | 000,035,568 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIXsup.dll
[2010/09/24 11:19:24 | 000,182,784 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Program Files\l3codecp.acm
[2010/09/24 10:49:20 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr90.dll
[2010/09/24 10:49:18 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp90.dll
[2010/09/24 10:49:18 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcm90.dll
[2007/10/02 14:12:44 | 001,642,568 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msidcrl40.dll

========== Files - Modified Within 30 Days ==========

[2012/01/04 22:53:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2012/01/04 22:45:24 | 001,088,148 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/04 22:45:24 | 000,894,628 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/04 22:45:24 | 000,192,994 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/04 22:42:41 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mike\Desktop\tdsskiller.exe
[2012/01/04 22:40:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/04 22:40:44 | 334,942,207 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/04 20:40:53 | 000,020,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/04 20:40:53 | 000,020,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/04 20:33:24 | 000,016,556 | ---- | M] () -- C:\Windows\cfgall.ini
[2012/01/04 20:31:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/04 20:20:56 | 004,370,643 | R--- | M] (Swearware) -- C:\Users\Mike\Desktop\ComboFix.exe
[2012/01/03 23:57:05 | 000,129,024 | ---- | M] () -- C:\Windows\RegBootClean64.exe
[2012/01/03 23:43:07 | 000,776,704 | ---- | M] () -- C:\Users\Mike\Desktop\RogueKiller.exe
[2011/12/30 20:52:16 | 004,990,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/30 17:52:29 | 000,000,394 | ---- | M] () -- C:\Windows\DCEBOOT.RST
[2011/12/30 16:32:37 | 000,021,520 | ---- | M] () -- C:\Windows\DCEBoot64.exe
[2011/12/30 15:36:25 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/30 15:17:14 | 001,008,141 | ---- | M] () -- C:\Users\Mike\Desktop\iExplore.exe
[2011/12/22 08:13:53 | 000,000,021 | ---- | M] () -- C:\tmuninst.ini
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/01/04 20:22:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/04 20:22:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/04 20:22:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/04 20:22:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/04 20:22:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/03 23:43:03 | 000,776,704 | ---- | C] () -- C:\Users\Mike\Desktop\RogueKiller.exe
[2011/12/30 17:52:28 | 000,000,394 | ---- | C] () -- C:\Windows\DCEBOOT.RST
[2011/12/30 16:32:37 | 000,021,520 | ---- | C] () -- C:\Windows\DCEBoot64.exe
[2011/12/30 15:36:25 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/30 15:20:30 | 001,008,141 | ---- | C] () -- C:\Users\Mike\Desktop\iExplore.exe
[2011/12/30 14:48:32 | 000,129,024 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2011/12/22 08:13:52 | 000,000,021 | ---- | C] () -- C:\tmuninst.ini
[2011/08/27 14:40:14 | 000,011,586 | ---- | C] () -- C:\Users\Mike\AppData\Local\tmpBUTTERFLY_navi.JPG
[2011/08/27 14:40:13 | 002,153,753 | ---- | C] () -- C:\Users\Mike\AppData\Local\tmpBUTTERFLY.JPG
[2011/08/27 11:09:33 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/24 12:52:30 | 001,070,674 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/24 10:51:32 | 000,000,659 | ---- | C] () -- C:\Program Files\Zune.exe.config
[2010/09/24 10:51:18 | 000,138,893 | ---- | C] () -- C:\Program Files\quickplaymap_nld.png
[2010/09/24 10:51:18 | 000,138,241 | ---- | C] () -- C:\Program Files\quickplaymap_ptb.png
[2010/09/24 10:51:18 | 000,138,239 | ---- | C] () -- C:\Program Files\quickplaymap_por.png
[2010/09/24 10:51:18 | 000,124,277 | ---- | C] () -- C:\Program Files\quickplaymap_deu.png
[2010/09/24 10:51:18 | 000,124,066 | ---- | C] () -- C:\Program Files\quickplaymap_ita.png
[2010/09/24 10:51:18 | 000,122,665 | ---- | C] () -- C:\Program Files\quickplaymap_frc.png
[2010/09/24 10:51:18 | 000,121,667 | ---- | C] () -- C:\Program Files\quickplaymap_esm.png
[2010/09/24 10:51:18 | 000,121,034 | ---- | C] () -- C:\Program Files\quickplaymap.png
[2010/09/24 10:51:18 | 000,118,456 | ---- | C] () -- C:\Program Files\softwaremap_ptb.png
[2010/09/24 10:51:18 | 000,113,696 | ---- | C] () -- C:\Program Files\softwaremap_por.png
[2010/09/24 10:51:18 | 000,112,268 | ---- | C] () -- C:\Program Files\softwaremap_nld.png
[2010/09/24 10:51:18 | 000,104,707 | ---- | C] () -- C:\Program Files\softwaremap_esm.png
[2010/09/24 10:51:18 | 000,103,753 | ---- | C] () -- C:\Program Files\softwaremap_deu.png
[2010/09/24 10:51:18 | 000,103,128 | ---- | C] () -- C:\Program Files\softwaremap_frc.png
[2010/09/24 10:51:18 | 000,102,831 | ---- | C] () -- C:\Program Files\softwaremap_ita.png
[2010/09/24 10:51:18 | 000,100,035 | ---- | C] () -- C:\Program Files\softwaremap.png
[2010/09/24 10:51:18 | 000,001,922 | ---- | C] () -- C:\Program Files\TopBar.gif
[2010/09/24 10:51:18 | 000,000,988 | ---- | C] () -- C:\Program Files\ZuneLogo.gif
[2010/09/24 10:51:18 | 000,000,054 | ---- | C] () -- C:\Program Files\Arrow.gif
[2010/09/03 19:42:03 | 000,421,888 | ---- | C] () -- C:\Windows\SysWow64\OpenQuicktimeLib.dll
[2010/09/03 19:42:03 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\libfaac.dll
[2010/09/03 19:42:02 | 000,679,936 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/09/03 19:42:02 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/09/03 19:42:01 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\cpuinf32.dll
[2009/12/24 10:26:38 | 000,016,556 | ---- | C] () -- C:\Windows\cfgall.ini
[2009/07/15 19:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/08/17 19:42:49 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Canon
[2011/06/01 00:26:32 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\EndNote
[2009/12/26 07:08:21 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\PictureMover
[2010/08/08 18:22:13 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/04/22 12:16:11 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Thunderbird
[2011/06/30 09:00:00 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2009/07/14 00:08:49 | 000,026,184 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\ERDNT\cache86\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{F1A0FBCA-0112-4F48-9677-74A15FF817D4}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 01 01 05 01 04 01 03 01 00 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 5
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< >

< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP