Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

svchost and dllhost downloading viruses and slowing CPU and disabling

Started by KidRoleplay , Apr 23 2012 06:08 PM

Please log in to reply

#1
KidRoleplay

Posted 23 April 2012 - 06:08 PM

Member

Member
21 posts

I've just installed some new Windows Updates and rebooted the computer. When I did, some old problems began to return. Again I've had an issue with my Symantec Antivirus auto protection being disabled, and it'll return to being disabled right after attempting to enable it. A dllhost.exe appears briefly whenever that happens.

Also, svchost.exe is going nuts. Over a dozen instances of that application opens at once, downloading things to my computer which Microsoft Security Essentials catches every now and then as well as Malwarebytes. I use both of those because Sysmantec seems to be easily disabled.

I'm running in safe mode at the moment, but when not, this experience cuts into my memory and CPU usage quite a bit, slowing things down. Windows has already crashed once.

Lastly, and I haven't seen this since rebooting, my mouse cursor would rapidly flick the "busy and arrow" image after a while, and would never end, flickering about two times per second. I suspect it may be associated with the rest of the stuff that's running in the background.

This OTL log is made in Safe Mode. I could try it again in normal mode if need be, although that's when everything crashed.

---

OTL logfile created on: 4/23/2012 7:57:52 PM - Run 3
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Users\Executive\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 72.74% Memory free
6.19 Gb Paging File | 5.61 Gb Available in Paging File | 90.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.16 Gb Total Space | 47.09 Gb Free Space | 16.29% Space Free | Partition Type: NTFS
Drive D: | 8.93 Gb Total Space | 1.01 Gb Free Space | 11.25% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 85.94 Gb Free Space | 28.83% Space Free | Partition Type: NTFS
Drive F: | 7.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: M8120N-2 | User Name: Executive | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/23 19:57:50 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Executive\Downloads\OTL (2).exe
PRC - [2011/04/27 16:39:26 | 000,228,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/10/23 15:46:14 | 000,075,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\SavUI.exe
PRC - [2008/10/23 15:46:06 | 001,956,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2008/02/01 01:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - [2012/04/12 20:22:50 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/05/05 16:36:04 | 000,018,432 | ---- | M] () [Auto | Stopped] -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe -- (DAZContentManagementService)
SRV - [2011/04/27 16:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/01 18:45:34 | 004,949,288 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\WINDOWS\System32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2009/09/22 18:34:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/10 13:34:40 | 000,093,848 | ---- | M] (SiSoftware) [Disabled | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008/10/23 15:46:14 | 000,121,744 | ---- | M] (symantec) [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2008/10/23 15:46:06 | 001,956,752 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/10/23 15:45:56 | 000,031,120 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2008/09/18 11:57:32 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/02/01 01:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2008/02/01 01:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/02/01 01:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/12/05 12:25:58 | 000,364,192 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\atwtusb.exe -- (WTService)
SRV - [2007/04/19 21:10:42 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/09/11 19:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2006/09/11 19:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2006/09/11 18:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM) Intel®
SRV - [2006/09/11 18:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2006/09/03 13:32:28 | 000,208,896 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/01 02:47:56 | 000,026,624 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2006/05/10 12:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\xusb21.sys -- (xusb21)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\opmg.sys -- (uhrwvuew)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\quqmdxzs.sys -- (quqmdxzs)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ED337E0D-109F-4A88-A6C3-005540AE1F1A}\MpKslfc1736c4.sys -- (MpKslfc1736c4)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FBE9B9BC-0EA3-43CE-8A14-8099D2921752}\MpKsldf003fb0.sys -- (MpKsldf003fb0)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C08D8469-5E7E-4129-B561-18D5C957DBEB}\MpKsla0f1757c.sys -- (MpKsla0f1757c)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FDBDB3A2-F40F-4E35-80B2-296E49DDAEBF}\MpKsl8f2d3885.sys -- (MpKsl8f2d3885)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C2772690-4FFA-45A5-9EFF-2E92224F95D8}\MpKsl870b8f17.sys -- (MpKsl870b8f17)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6892D7CD-A18C-44C4-A6F6-E337C026ABE3}\MpKsl5ced6617.sys -- (MpKsl5ced6617)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CD61E065-3D0E-4B6A-B27C-5E88A3E86A61}\MpKsl3ec0200b.sys -- (MpKsl3ec0200b)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F57AA790-120D-4E1F-A716-C13B2CF6F4CF}\MpKsl2e07f020.sys -- (MpKsl2e07f020)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FDBDB3A2-F40F-4E35-80B2-296E49DDAEBF}\MpKsl1257c805.sys -- (MpKsl1257c805)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/02/04 05:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/04 05:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/14 12:26:18 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120423.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/14 12:26:18 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120423.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/10/15 04:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/07/07 19:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011/04/27 16:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 14:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/04/12 17:13:04 | 000,091,216 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\TotRec8.sys -- (TotRec8)
DRV - [2010/01/24 18:32:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009/09/21 18:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/08/07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009/03/31 22:31:52 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/11/22 14:48:16 | 000,011,392 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\dualshock3.sys -- (dualshock3) DUALSHOCK3 Controller HID Minidriver (USB)
DRV - [2008/10/13 12:31:46 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/10/13 12:31:46 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\SRTSP.SYS -- (SRTSP)
DRV - [2008/10/13 12:31:46 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/09/16 13:15:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner v2.11\RivaTuner32.sys -- (RivaTuner32)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/19 00:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/17 18:24:44 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/04/18 16:30:16 | 000,366,080 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\hcw18bda.sys -- (hcw18bda)
DRV - [2007/02/16 14:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/01/09 16:46:26 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2007/01/09 16:46:26 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2007/01/04 12:41:50 | 000,255,488 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\netr73.sys -- (netr73)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\System32\speedfan.sys -- (speedfan)
DRV - [2005/12/12 13:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Executive\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\PROGRA~1\SONYON~1\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Executive\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Executive\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/23 18:46:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/23 18:46:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Executive\Program Files\DNA [2010/07/05 19:27:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F94F4922-FBE8-43D1-B920-B401166DCB48}: C:\Users\Executive\AppData\Local\{F94F4922-FBE8-43D1-B920-B401166DCB48}\ [2010/06/30 20:10:14 | 000,000,000 | ---D | M]

[2011/03/16 03:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Executive\AppData\Roaming\Mozilla\Extensions
[2012/02/23 18:23:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Executive\AppData\Roaming\Mozilla\Firefox\Profiles\3g5vzlzc.default\extensions
[2011/03/16 07:14:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Executive\AppData\Roaming\Mozilla\Firefox\Profiles\3g5vzlzc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/18 03:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/18 03:01:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2010/07/05 19:27:22 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\EXECUTIVE\PROGRAM FILES\DNA
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/12/18 18:29:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [MacrokeyManager] C:\Windows\System32\WTMKM.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72695822-AF9B-4097-9294-0AD86EB046E5}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: E:\!Recovery\BloodElf.bmp
O24 - Desktop BackupWallPaper: E:\!Recovery\BloodElf.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/28 16:13:14 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/10 08:00:09 | 004,990,176 | R--- | M] (Crytek) - F:\AutoRunCD.exe -- [ UDF ]
O32 - AutoRun File - [2008/08/17 07:39:34 | 000,000,000 | R--D | M] - F:\autorun -- [ UDF ]
O32 - AutoRun File - [2008/07/29 06:38:20 | 000,000,081 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/23 18:36:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/04/11 22:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

========== Files - Modified Within 30 Days ==========

[2012/04/23 20:00:48 | 000,673,832 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/23 20:00:48 | 000,129,832 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/23 20:00:00 | 000,000,680 | ---- | M] () -- C:\Users\Executive\AppData\Local\d3d9caps.dat
[2012/04/23 19:53:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/23 19:35:10 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/23 19:35:09 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/23 16:40:37 | 000,002,651 | ---- | M] () -- C:\Users\Executive\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/04/22 17:57:01 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/21 23:29:22 | 000,002,609 | ---- | M] () -- C:\Users\Executive\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2012/04/21 16:47:14 | 000,000,748 | ---- | M] () -- C:\Users\Public\Desktop\Unity.lnk
[2012/04/15 10:25:28 | 000,000,177 | ---- | M] () -- C:\Users\Public\Desktop\Get 3D Models.url
[2012/04/13 16:17:15 | 000,000,274 | ---- | M] () -- C:\Users\Public\Documents\neople_uninstaller0.bat
[2012/04/11 22:56:07 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/04/23 19:56:15 | 000,000,680 | ---- | C] () -- C:\Users\Executive\AppData\Local\d3d9caps.dat
[2012/04/15 10:15:30 | 000,000,177 | ---- | C] () -- C:\Users\Public\Desktop\Get 3D Models.url
[2012/04/13 16:17:15 | 000,000,274 | ---- | C] () -- C:\Users\Public\Documents\neople_uninstaller0.bat
[2012/04/11 22:56:07 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/27 08:23:48 | 000,004,608 | ---- | C] () -- C:\Users\Executive\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/18 17:20:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/18 17:20:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/18 17:20:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/18 17:20:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/18 17:20:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/24 21:48:46 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\dualshock3.sys
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/28 10:44:49 | 000,036,335 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/02/04 13:51:33 | 000,000,006 | -HS- | C] () -- C:\Users\Executive\AppData\Roaming\date
[2011/02/04 13:51:32 | 000,000,002 | -HS- | C] () -- C:\Users\Executive\AppData\Roaming\evf6
[2010/11/23 22:54:04 | 000,000,132 | ---- | C] () -- C:\Users\Executive\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/11/23 21:09:17 | 000,000,132 | ---- | C] () -- C:\Users\Executive\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/11/23 14:04:07 | 000,000,132 | ---- | C] () -- C:\Users\Executive\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2010/10/09 23:53:39 | 000,000,132 | ---- | C] () -- C:\Users\Executive\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/09/26 18:14:33 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2010/09/23 20:18:10 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/09/23 20:18:09 | 000,022,328 | ---- | C] () -- C:\Users\Executive\AppData\Roaming\PnkBstrK.sys
[2010/09/23 20:17:58 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/09/23 20:17:57 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010/09/23 20:17:57 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/08/03 21:28:53 | 012,824,576 | ---- | C] () -- C:\ProgramData\sandra.mda

========== LOP Check ==========

[2008/06/10 02:11:24 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\Aim
[2009/09/24 22:06:42 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\Cakewalk
[2010/01/26 00:08:12 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\Clickteam
[2008/11/11 10:49:26 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\CrystalApp
[2008/11/11 10:49:22 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\CrystalSpace
[2012/04/15 10:13:30 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\DAZ 3D
[2009/08/26 03:10:12 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\DNA
[2010/02/07 20:31:26 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\Eltima Software
[2010/06/25 21:04:32 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\GetRightToGo
[2010/07/05 05:12:30 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\gtk-2.0
[2011/04/18 16:34:50 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\Ideas From the Deep
[2008/06/10 05:23:01 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\Jasc
[2012/02/23 22:15:36 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\MonoDevelop-Unity-2.8
[2011/11/24 22:12:15 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\MotioninJoy
[2009/09/23 07:40:55 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\Music Recognition
[2011/11/24 04:54:16 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\NeopleLauncherDFO
[2012/02/23 04:59:04 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\PACE Anti-Piracy
[2008/11/11 10:56:53 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\PlaneShift
[2010/03/14 17:40:08 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\Planetside Software
[2009/09/20 08:20:53 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\Power Mixer
[2010/07/05 05:10:30 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\RadiantSettings
[2008/12/10 01:54:02 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\Raia
[2012/04/13 16:14:55 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\RIFT
[2009/10/30 22:38:03 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\SecondLife
[2008/12/10 01:53:13 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\ShadeExplorer
[2008/05/29 19:18:04 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\Snapfish
[2011/12/26 05:59:08 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/06/25 21:15:09 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\TotalRecorder
[2010/03/14 17:40:08 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\uk.co.planetside
[2012/02/24 23:47:48 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\Unity
[2012/03/05 19:59:26 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\Virtual Mechanics
[2008/05/30 23:48:43 | 000,000,000 | ---D | M] -- C:\Users\Executive\AppData\Roaming\WinBatch
[2012/04/23 19:44:44 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

#2
Amlak

Posted 23 April 2012 - 08:10 PM

Member 1K

Member
1,470 posts

Welcome to GTG. Let's help you out with your malware issue(s).

***

Start -> Run (if you're using Vista/7, press and hold the Windows key on your keyboard and then press R to access Run):
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply. You can take a screenshot by pressing the PrintScreen/PrtScrn button located somewhere at the top of your keyboard and using Paste in the Paint program to paste the copied screenshot.

***

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

#3
KidRoleplay

Posted 24 April 2012 - 03:45 PM

Member

Topic Starter
Member
21 posts

Alrighty. I'll try and reply as quickly as I can. I'll be going out in a bit. Also, I'm still in Safe Mode.

Posted Image

There's also this, if this means anything:
Posted Image

The log is sent as an attachment.

Attached Files

aswMBR.txt 4.63KB 96 downloads

Edited by KidRoleplay, 24 April 2012 - 03:49 PM.

#4
Amlak

Posted 24 April 2012 - 07:33 PM

Member 1K

Member
1,470 posts

Fair enough, but for next time, please copy/paste the contents of every log you post rather than have them attached to make things easier.

Next thing to do:

Run OTL.

Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\opmg.sys -- (uhrwvuew)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\quqmdxzs.sys -- (quqmdxzs)
[2011/02/04 13:51:33 | 000,000,006 | -HS- | C] () -- C:\Users\Executive\AppData\Roaming\date
[2011/02/04 13:51:32 | 000,000,002 | -HS- | C] () -- C:\Users\Executive\AppData\Roaming\evf6

:FILES
C:\ProgramData\Symantec\SRTSP\Quarantine\APQD326.tmp
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4F95B361.TMP
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4F95B36D.TMP
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4F95B370.TMP
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4F95B373.TMP

:COMMANDS
[emptytemp]

Click the Run Fix button at the top.
When done, post the content of the resultant log in your next reply.

***

Also, it seems you've run ComboFix (judging from your OTL log). Could you please go directly to C:, locate the ComboFix.txt log, and paste its contents here?

#5
KidRoleplay

Posted 24 April 2012 - 07:45 PM

Member

Topic Starter
Member
21 posts

Strange... OTL seems to have crashed at the [emptytemp] command. I had to "End Task". Also, the ComboFix log is from December of last year. Are you sure its this one you want?

---

ComboFix 11-12-18.01 - Executive 12/18/2011 17:02:43.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2060 [GMT -5:00]
Running from: c:\users\Executive\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Adobe\sn.txt
c:\users\Executive\AppData\Local\assembly\tmp
c:\users\Executive\AppData\Roaming\Microsoft\Windows\Templates\486307x7t044a585y742y0ssj2u3
c:\users\Executive\AppData\Roaming\Microsoft\Windows\Templates\pltlgn5f0xfj6kyw5qlc5r666y6h
c:\windows\$NtUninstallKB56419$
c:\windows\$NtUninstallKB56419$\1331039053
c:\windows\$NtUninstallKB56419$\639105652\@
c:\windows\$NtUninstallKB56419$\639105652\bckfg.tmp
c:\windows\$NtUninstallKB56419$\639105652\cfg.ini
c:\windows\$NtUninstallKB56419$\639105652\Desktop.ini
c:\windows\$NtUninstallKB56419$\639105652\keywords
c:\windows\$NtUninstallKB56419$\639105652\kwrd.dll
c:\windows\$NtUninstallKB56419$\639105652\L\qnbwvoto
c:\windows\$NtUninstallKB56419$\639105652\lsflt7.ver
c:\windows\$NtUninstallKB56419$\639105652\U\00000001.@
c:\windows\$NtUninstallKB56419$\639105652\U\00000002.@
c:\windows\$NtUninstallKB56419$\639105652\U\00000004.@
c:\windows\$NtUninstallKB56419$\639105652\U\80000000.@
c:\windows\$NtUninstallKB56419$\639105652\U\80000004.@
c:\windows\$NtUninstallKB56419$\639105652\U\80000032.@
c:\windows\system32\odbcad32.exe
E:\install.exe
.
Infected copy of c:\windows\system32\drivers\SRTSP.SYS was found and disinfected
Restored copy from - The cat found it

.
((((((((((((((((((((((((( Files Created from 2011-11-18 to 2011-12-18 )))))))))))))))))))))))))))))))
.
.
2011-12-18 22:27 . 2011-12-18 22:33 -------- d-----w- c:\users\Executive\AppData\Local\temp
2011-12-18 22:27 . 2011-12-18 22:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-18 20:30 . 2011-12-18 20:30 -------- d-----w- C:\_OTL
2011-12-18 07:02 . 2011-12-18 07:02 -------- d-----w- c:\program files\Common Files\Java
2011-12-18 07:01 . 2011-11-10 10:54 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-12-18 06:42 . 2011-12-18 06:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-18 06:42 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-18 02:34 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-18 00:15 . 2011-11-03 23:16 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-12-18 00:15 . 2011-11-03 22:37 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2011-12-18 00:15 . 2011-11-03 22:42 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2011-12-17 22:54 . 2011-12-17 22:53 703824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FBFFE6D-DCF2-44AA-B94D-42EDDAA8330A}\gapaengine.dll
2011-12-17 22:32 . 2011-12-17 22:35 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-17 22:27 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-12-17 21:01 . 2011-12-18 22:29 -------- d-----w- c:\windows\system32\wbem\repository
2011-12-17 19:11 . 2011-12-17 19:23 438239854 ----a-w- C:\RegBackup (12-17-11).reg
2011-12-17 13:49 . 2011-12-17 19:27 -------- d-----w- c:\programdata\PC Tools
2011-12-16 18:18 . 2011-12-16 18:18 -------- d-----w- c:\users\Executive\AppData\Local\ElevatedDiagnostics
2011-12-16 16:53 . 2011-12-16 16:54 444043452 ----a-w- C:\RegBackup (12-16-11).reg
2011-12-10 23:57 . 2011-12-11 00:00 -------- d-----w- c:\users\Executive\AppData\Roaming\DAZ 3D
2011-11-25 02:15 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2011-11-25 02:15 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2011-11-25 02:12 . 2011-11-25 02:12 -------- d-----w- c:\users\Executive\AppData\Roaming\MotioninJoy
2011-11-25 02:12 . 2011-11-25 02:12 -------- d-----w- c:\program files\MotioninJoy
2011-11-25 01:48 . 2008-11-22 18:48 11392 ----a-w- c:\windows\system32\drivers\dualshock3.sys
2011-11-24 08:34 . 2011-11-24 08:54 -------- d-----w- c:\users\Executive\AppData\Roaming\NeopleLauncherDFO
2011-11-24 08:34 . 2011-11-24 08:34 -------- d-----w- c:\users\Executive\New Folder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:37 . 2011-12-18 02:34 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 10:47 . 2011-12-16 06:22 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B6FFD57-967B-4E3D-A79A-6209F4977FDF}\mpengine.dll
2011-11-13 23:43 . 2011-07-22 03:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-10 10:54 . 2010-07-07 00:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-08 14:42 . 2011-12-18 02:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-18 00:15 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-18 00:15 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-18 00:15 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-18 00:15 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-27 08:01 . 2011-12-18 02:34 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-27 08:01 . 2011-12-18 02:34 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-25 15:56 . 2011-12-18 02:34 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-15 08:53 . 2011-10-25 12:11 61248 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-15 08:53 . 2011-10-25 12:11 18871616 ----a-w- c:\windows\system32\nvoglv32.dll
2011-10-15 08:53 . 2011-10-25 12:11 10327360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-10-15 08:53 . 2011-10-25 12:11 5578560 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-15 08:53 . 2011-10-25 12:11 2401088 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-15 08:53 . 2011-10-25 12:11 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-15 08:53 . 2011-10-25 12:11 17248576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-15 08:53 . 2011-08-10 03:42 7041856 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-10-15 08:53 . 2011-08-10 03:42 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-15 08:53 . 2011-08-10 03:42 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-15 08:53 . 2011-08-10 03:42 13205312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-10-15 08:53 . 2010-12-27 15:22 6350144 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2010-12-27 15:22 3840320 ----a-w- c:\windows\system32\nvsvc.dll
2011-10-15 08:53 . 2010-12-27 15:22 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2010-12-27 15:22 1136448 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2010-12-27 15:22 602432 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-10-15 08:53 . 2010-08-02 01:48 2458432 ----a-w- c:\windows\system32\nvapi.dll
2011-10-15 08:53 . 2010-07-09 20:37 123712 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 04:54 . 2011-10-15 04:54 321856 ----a-w- c:\windows\system32\nvStreaming.exe
2011-10-14 16:02 . 2011-12-18 02:34 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-09-20 21:02 . 2011-11-09 03:34 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-20 13:44 . 2011-11-09 03:34 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2008-10-23 136080]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"MacrokeyManager"="WTMKM.exe" [2007-11-13 1969824]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-04-20 151552]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-05-15 611712]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047200]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047200]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]
FactoryMode [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 10:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 10:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-08-31 22:01 1047200 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SnapfishMediaDetector]
2007-03-02 21:55 1441792 ----a-w- c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-08-28 20:12 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R0 uhrwvuew;uhrwvuew;c:\windows\System32\drivers\opmg.sys [x]
R1 MpKsl1257c805;MpKsl1257c805;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FDBDB3A2-F40F-4E35-80B2-296E49DDAEBF}\MpKsl1257c805.sys [x]
R1 MpKsl8f2d3885;MpKsl8f2d3885;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FDBDB3A2-F40F-4E35-80B2-296E49DDAEBF}\MpKsl8f2d3885.sys [x]
R1 MpKsldf003fb0;MpKsldf003fb0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FBE9B9BC-0EA3-43CE-8A14-8099D2921752}\MpKsldf003fb0.sys [x]
R1 quqmdxzs;quqmdxzs;c:\windows\system32\drivers\quqmdxzs.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\DRIVERS\dualshock3.sys [2008-11-22 11392]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2007-04-18 366080]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R4 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe [2009-08-10 93848]
R4 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2008-10-23 121744]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 WTService;WTService;c:\windows\system32\atwtusb.exe [2007-12-05 364192]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-10 106104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-01-04 255488]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-07-07 139880]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2010-04-12 91216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Executive\AppData\Roaming\Mozilla\Firefox\Profiles\3g5vzlzc.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.http -
FF - prefs.js: network.proxy.http_port -
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-PlayNC Launcher - (no file)
HKLM-Run-ISTray - c:\program files\PC Tools Security\pctsGui.exe
AddRemove-AnVir Task Manager Pro - c:\program files\AnVir Task Manager Pro\AnVir.exe
AddRemove-Bugdom Demo - e:\program files\Ideas From the Deep\Bugdom Demo\uninst.exe
AddRemove-IaMP English - c:\!recovery\Assignments\The Merging Is Complete\ImmaterialandMissingPower\Immaterial And Missing Power\uninstall_th075e.exe
AddRemove-Mabinogi - e:\nexon\Mabinogi\Mabinogi.exe
AddRemove-Multimedia Fusion 2 - HWA Beta Version - c:\program files\Multimedia Fusion 2\Uninstall HWA.exe
AddRemove-SpeedFan - c:\program files\SpeedFan\uninstall.exe
AddRemove-Spyware Doctor - c:\program files\PC Tools Security\unins000.exe
AddRemove-THE ‘åƒVƒƒƒ‹ƒƒbƒg_is1 - c:\!recovery\Assignments\The Merging Is Complete\THE ‘åƒVƒƒƒ‹ƒƒbƒg\unins000.exe
AddRemove-ZillaTube - c:\zillatube\uninst.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
"{22BF413B-C6D2-4D91-82A9-A0F997BA588C}"=hex:51,66,7a,6c,4c,1d,38,12,55,42,ac,
26,e0,88,ff,08,fd,bf,e3,b9,92,e4,1c,98
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b5,c7,3c,9f,1a,bc,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,5b,5a,de,fa,f8,09,4f,b0,ef,a5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,5b,5a,de,fa,f8,09,4f,b0,ef,a5,\
.
[HKEY_USERS\S-1-5-21-1761075619-41692359-743502292-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(748)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'Explorer.exe'(1148)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\Symantec AntiVirus\VPTray.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\WTMKM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\hp\kbd\kbd.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2011-12-18 17:42:39 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-18 22:41
.
Pre-Run: 34,333,188,096 bytes free
Post-Run: 34,152,906,752 bytes free
.
- - End Of File - - 0759859A501A8185EF6C2A5937938A11

Edited by KidRoleplay, 24 April 2012 - 07:58 PM.

#6
Amlak

Posted 24 April 2012 - 08:00 PM

Member 1K

Member
1,470 posts

What do you mean by "seems to have crashed"? Do you mean it's still going but with some delays?

Also, you said:

When I did, some old problems began to return.

What old problems? And when did they happen?

#7
Amlak

Posted 24 April 2012 - 08:02 PM

Member 1K

Member
1,470 posts

Run OTL.

Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\opmg.sys -- (uhrwvuew)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\quqmdxzs.sys -- (quqmdxzs)
[2011/02/04 13:51:33 | 000,000,006 | -HS- | C] () -- C:\Users\Executive\AppData\Roaming\date
[2011/02/04 13:51:32 | 000,000,002 | -HS- | C] () -- C:\Users\Executive\AppData\Roaming\evf6

:FILES
C:\ProgramData\Symantec\SRTSP\Quarantine\APQD326.tmp
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4F95B361.TMP
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4F95B36D.TMP
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4F95B370.TMP
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4F95B373.TMP

Click the Run Fix button at the top.
When done, post the content of the resultant log in your next reply.

#8
KidRoleplay

Posted 24 April 2012 - 08:07 PM

Member

Topic Starter
Member
21 posts

It gets to the [emptytemp] command and completely freezes, to the point I can scroll another window over it, and it has an "infinite mirror" effect over it.

Around December, when I registered on this site, I had a problem with a fake antivirus software program coming onto my computer which I removed, but it also constantly disabled Symantec Antivirus's auto protect and put on Google redirect, and also had a PING.exe issue that really worked my CPU and kept downloading things. I worked with someone here to get rid of the Google redirect problem, while the Symantic Antivirus problem... seemingly went away on its own.

Apparently, that's back, and something associated with dllhost.exe is turning it back off. Svchost.exe spam is doing what PING.exe was, but to a lesser degree.

#9
KidRoleplay

Posted 24 April 2012 - 08:09 PM

Member

Topic Starter
Member
21 posts

This is what I got this time, since it actually ended with a log:

---

========== OTL ==========
Error: No service named uhrwvuew was found to stop!
Service\Driver key uhrwvuew not found.
File System32\drivers\opmg.sys not found.
Error: No service named quqmdxzs was found to stop!
Service\Driver key quqmdxzs not found.
File C:\Windows\system32\drivers\quqmdxzs.sys not found.
File C:\Users\Executive\AppData\Roaming\date not found.
File C:\Users\Executive\AppData\Roaming\evf6 not found.
========== FILES ==========
File\Folder C:\ProgramData\Symantec\SRTSP\Quarantine\APQD326.tmp not found.
File\Folder C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4F95B361.TMP not found.
File\Folder C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4F95B36D.TMP not found.
File\Folder C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4F95B370.TMP not found.
File\Folder C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4F95B373.TMP not found.

OTL by OldTimer - Version 3.2.41.0 log created on 04242012_220819

#10
KidRoleplay

Posted 25 April 2012 - 08:35 PM

Member

Topic Starter
Member
21 posts

Perhaps it's a false alarm?

There's ... still a ton of svchost.exe processes running, but it looks like it's no longer taking up 50 - 80% of my CPU. It's at a good 5 - 10% now. I've a feeling OTL got rid of the Sysmantec problem as it's no longer disabled upon starting up Windows. I do get an Auto Protect window that pops up immediately, yet it shows no results.

The only problem that is persisting is that Windows Firewall doesn't work any more, and I've no clue how to fix it.

Anyway, unless something new pops up in the next few days, I'm good. And thanks for the help in advance.

#11
Amlak

Posted 25 April 2012 - 08:43 PM

Member 1K

Member
1,470 posts

No worries. Obviously, we're not done yet as there are still some things to fix on your computer. I'll let you know the next steps to follow soon once my fix is approved.

#12
KidRoleplay

Posted 25 April 2012 - 08:51 PM

Member

Topic Starter
Member
21 posts

Alright. I need to get to bed though, and as I was sitting here, it's like I spoke too soon. All of a sudden the cursor blinking effect returned, where it rapidly pulses between the Pointer and Pointer + Busy twice per second, yet everything else is fine. It's almost like something is trying to load something but can't find it, yet keeps trying to over and over again in an eternal loop.

#13
Amlak

Posted 26 April 2012 - 04:18 PM

Member 1K

Member
1,470 posts

Download and Install Combofix

Delete the old version of ComboFix on your system (if it's still there) then do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#14
KidRoleplay

Posted 26 April 2012 - 06:59 PM

Member

Topic Starter
Member
21 posts

Computer's running fine at the moment, but I can't help a "wait for iiit" feeling. In resource monitor, while my computer was idle, there was some suspicious IPs my computer was connecting to: 65.55.184.152 and 204.245.63.83.

... Windows Firewall is back!

It's still all hard to say. Things could be dormant for all I know. I'll keep my eyes open for the next couple o' days.

---

ComboFix 12-04-26.01 - Executive 04/26/2012 19:59:09.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1360 [GMT -4:00]
Running from: c:\users\Executive\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-27 to 2012-04-27 )))))))))))))))))))))))))))))))
.
.
2012-04-27 00:27 . 2012-04-27 00:27 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{508E4291-C899-4F19-AD43-4D077042B300}\offreg.dll
2012-04-27 00:23 . 2012-04-27 00:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-27 00:23 . 2012-04-27 00:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-27 00:23 . 2012-04-27 00:23 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2012-04-27 00:23 . 2012-04-27 00:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-26 21:51 . 2012-04-26 21:51 -------- d-----w- c:\users\Executive\AppData\Roaming\FixZeroAccess
2012-04-26 03:15 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{508E4291-C899-4F19-AD43-4D077042B300}\mpengine.dll
2012-04-26 02:43 . 2012-04-26 02:43 -------- d-----w- C:\ProcExp
2012-04-26 02:40 . 2012-04-26 02:40 -------- d-----w- C:\ProcMon
2012-04-25 01:41 . 2012-04-25 01:41 -------- d-----w- C:\_OTL
2012-04-23 22:35 . 2012-02-28 01:58 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-04-23 22:34 . 2012-02-28 01:08 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-04-23 22:34 . 2012-02-28 01:13 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-23 22:34 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 02:55 . 2012-04-12 02:56 -------- d-----w- c:\program files\CCleaner
2012-04-11 20:15 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 07:36 . 2011-12-20 00:08 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-04 19:56 . 2011-12-18 06:42 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 06:39 . 2012-04-23 22:33 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-06 06:39 . 2012-04-23 22:33 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-05 21:20 . 2012-03-05 21:20 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-03-05 21:04 . 2012-03-05 21:04 7284 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2012-02-29 15:11 . 2012-04-23 22:34 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-23 22:34 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-23 22:34 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-28 01:18 . 2012-04-23 22:34 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-23 22:34 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-23 22:34 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-23 22:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-14 15:45 . 2012-03-14 10:29 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 10:29 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-14 10:29 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-14 10:29 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-14 10:29 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 13:23 . 2012-02-10 13:24 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FE81DE5-AB97-4BA8-9894-8BE89615F4B5}\gapaengine.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-02 15:16 . 2012-03-14 10:29 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2010-06-08 03:17 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2008-10-23 136080]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"MacrokeyManager"="WTMKM.exe" [2007-11-13 1969824]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-04-20 151552]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-05-15 611712]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]
FactoryMode [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 10:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 10:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-04-04 19:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SnapfishMediaDetector]
2007-03-02 21:55 1441792 ----a-w- c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2008-01-29 21:38 583048 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-08-28 20:12 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
FF - ProfilePath - c:\users\Executive\AppData\Roaming\Mozilla\Firefox\Profiles\3g5vzlzc.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-UnityWebPlayer - c:\users\Executive\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
"{22BF413B-C6D2-4D91-82A9-A0F997BA588C}"=hex:51,66,7a,6c,4c,1d,38,12,55,42,ac,
26,e0,88,ff,08,fd,bf,e3,b9,92,e4,1c,98
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b5,c7,3c,9f,1a,bc,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,5b,5a,de,fa,f8,09,4f,b0,ef,a5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,5b,5a,de,fa,f8,09,4f,b0,ef,a5,\
.
[HKEY_USERS\S-1-5-21-1761075619-41692359-743502292-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1761075619-41692359-743502292-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:34,4f,b7,43,09,7f,65,92,92,ee,b6,52,de,8a,a3,77,c4,9f,e7,1b,b3,
92,df,58,09,a9,b4,b0,72,8f,7e,69,aa,be,e1,4f,b8,d9,b2,bc,bc,0a,7b,f8,ab,53,\
"rkeysecu"=hex:28,12,f4,a3,02,4a,35,60,8e,a4,73,01,d5,8e,b1,90
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(744)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\DAZ 3D\Content Management Service\ContentManagementServer.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\Wacom_Tablet.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\windows\system32\Wacom_Tablet.exe
c:\windows\system32\conime.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Symantec AntiVirus\VPTray.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\WTMKM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\hp\kbd\kbd.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe
.
**************************************************************************
.
Completion time: 2012-04-26 20:38:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-27 00:38
.
Pre-Run: 46,959,943,680 bytes free
Post-Run: 47,000,952,832 bytes free
.
- - End Of File - - BB81E1AA370ED7D5D6C3BEA6F5F93EDE

#15
KidRoleplay

Posted 27 April 2012 - 03:47 PM

Member

Topic Starter
Member
21 posts

Symantec Antivirus reported the Trojan.ZeroAccess virus again after doing nothing more than visiting Gamestop.com. I left the internet on all night and nothing was reported at all until I went there. So it led me to believe that the Antivirus software itself was corrupt and downloading things and/or putting things back. ... It's also very old software, so I decided to just disable the service and uninstall it. I've already had Microsoft Essentials and Malwarebyes as a backup anyway, and now I have the Firewall up also.

Still going to watch things for a while though, but I believe that may have been part of the issue.