Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't connect to Internet - Malware-related? [Solved]

Started by Slash4848 , Jun 18 2012 01:44 PM

  • This topic is locked This topic is locked

#1
Slash4848
Posted 18 June 2012 - 01:44 PM

Slash4848

    Member

  • Member
  • PipPip
  • 52 posts
Yesterday I renewed my subscription to "Trend Micro Titanium Maximum Security 2012." (It had expired a couple of days before that.) The version I purchased is good for up to three PC's. All three computers (2 laptops and 1 desktop) worked fine and connected easily to my wireless network prior to renewing the Trend anti-virus software. After updating all three computers, one of the laptops will not connect to the internet. (The other computers are fine.) I contacted Trend Micro customer support, and after all of their troubleshooting they claim it isn't their program but something else causing the issue. The laptop was used for 2 days without a functioning virus/malware scanner prior to me renewing the subscription. I think some type of malware is preventing my connection. Please help.

Dell Inspiron I1720
2.40 Ghz, 2.00 GB RAM
Windows Vista Home Premium, 32-bit
  • 0

Advertisements

#2
Nedklaw
Posted 22 June 2012 - 09:34 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, Slash4848! :wave:

:welcome: I'm Nedklaw and I'll be glad to help you with your malware issues. :)

Sorry for the delay!!! Our volunteers are very busy and this can mean that some threads get looked over.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for Slash4848 only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


Step 1

Posted Image Download OTL to your desktop.

  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
    • Select Scan All Users.
    • Under the Custom Scan box paste this in:
    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
services.*
WSHELPER.*
explorer.exe
winlogon.exe
userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Step 2

Download aswMBR.exe (4.5MB) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image


Step 3

Please download Farbar Service Scanner and transfer it to the computer with the internet issue. Double click the file to run it.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    Posted Image
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Things I want to see in your next reply

  • OTL.txt
  • Extras.txt
  • aswMBR.txt
  • FSS.txt
  • 0

#3
Slash4848
Posted 22 June 2012 - 05:13 PM

Slash4848

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
No problem on the delay in replying. I'll work on this stuff and get back to you tomorrow.

Thanks!
  • 0

#4
Slash4848
Posted 22 June 2012 - 05:15 PM

Slash4848

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Oh, I forgot to ask. All of your instructions say to download to my "desktop." Obviously I can't do that on the computer in question since the issue is that I can't connect to the internet. I assume I can download to my regular computer's desktop, copy to a flashdrive, transfer to the laptop with the problem, and then run it there. Correct?
  • 0

#5
Nedklaw
Posted 22 June 2012 - 05:18 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Yes, download them on the computer your on now. Put them on a flash drive and transfer them over to the computer with the problem.
You can then transfer the logs back over and then post them here.
  • 0

#6
Slash4848
Posted 22 June 2012 - 06:59 PM

Slash4848

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Ok, I'll send you the results tomorrow.
  • 0

#7
Slash4848
Posted 23 June 2012 - 09:19 AM

Slash4848

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
All scans complete. Before I cut and paste the logs, here is some info you should know.

1. When the problem first happened to the laptop, and it would not connect to any wireless networks, I ran a Virus scan, a Malwarebytes scan, and Combofix. All with no results.

2. I ran OTL as you asked, but it did not save an "Extras.txt" file, only the "OTL.txt" file. Also, my virus scanner popped up an alert that said it blocked OTL, even though OTL appeared to run fine.

3. I ran aswMBR and it asked to download definitions, but obviously it could not since the laptop won't connect to the internet.

4. I ran FSS and it had an extra option "Windows Defender" that you didn't mention. I did not check that option since I wanted to follow your instructions exactly.

OK, that's all I think. I will now paste the following logs one at a time: "OTL.txt" "aswMBR.txt" and "FSS.txt"
  • 0

#8
Slash4848
Posted 23 June 2012 - 09:19 AM

Slash4848

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
OTL logfile created on: 6/23/2012 10:47:22 AM - Run 3
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\Bantas\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 50.90% Memory free
4.23 Gb Paging File | 2.94 Gb Available in Paging File | 69.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.28 Gb Total Space | 31.67 Gb Free Space | 14.38% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.05 Gb Free Space | 60.46% Space Free | Partition Type: NTFS
Drive F: | 3.94 Gb Total Space | 1.23 Gb Free Space | 31.36% Space Free | Partition Type: FAT

Computer Name: BANTAS-LAPTOP | User Name: Bantas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/23 09:38:08 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Bantas\Desktop\OTL.exe
PRC - [2012/06/14 23:21:24 | 000,200,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
PRC - [2012/06/14 23:21:24 | 000,142,952 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
PRC - [2012/02/27 09:44:06 | 001,006,864 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
PRC - [2012/02/27 09:44:06 | 000,133,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
PRC - [2011/04/08 08:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/05/27 12:56:26 | 000,389,120 | R--- | M] (Teleca) -- C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2010/03/17 16:22:52 | 001,019,904 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2010/03/17 16:08:22 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
PRC - [2010/03/17 16:08:04 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2010/01/12 10:07:44 | 000,033,792 | ---- | M] (Palm) -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
PRC - [2009/12/11 15:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2009/09/12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2009/09/12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2009/06/03 10:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Program Files\Common Files\Teleca Shared\logger.exe
PRC - [2009/04/14 13:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/27 09:12:54 | 000,455,112 | ---- | M] (Blockbuster) -- C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe
PRC - [2009/03/27 09:12:28 | 001,867,720 | ---- | M] (Blockbuster) -- C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe
PRC - [2009/01/27 16:18:12 | 000,425,472 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TiVoNotify.exe
PRC - [2009/01/27 16:05:46 | 000,315,392 | ---- | M] (TiVo Inc.) -- C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
PRC - [2009/01/27 16:03:54 | 000,520,192 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TranscodingService.exe
PRC - [2008/05/02 15:44:42 | 000,130,864 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
PRC - [2008/05/02 15:44:42 | 000,094,000 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2008/05/02 15:44:40 | 000,294,440 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2008/05/02 15:44:40 | 000,188,456 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/08/21 01:48:34 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2007/06/25 21:17:04 | 000,537,840 | ---- | M] ( ) -- C:\Windows\System32\dlbkcoms.exe
PRC - [2007/06/25 01:17:04 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/06/25 01:17:00 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/05/09 17:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/04/18 00:48:18 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/04/17 23:31:58 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/04/16 17:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/02/20 14:29:00 | 000,679,936 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
PRC - [2007/02/20 14:01:12 | 001,125,088 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/01/11 20:15:00 | 000,101,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
PRC - [2006/11/27 10:14:52 | 000,180,224 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
PRC - [2006/11/03 18:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 18:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/09/08 19:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2006/09/08 19:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 23:21:24 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
MOD - [2012/06/14 23:21:24 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/28 06:55:43 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2010/03/31 10:08:50 | 000,240,552 | R--- | M] () -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll
MOD - [2010/03/31 10:08:50 | 000,240,552 | R--- | M] () -- C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll
MOD - [2010/03/17 16:20:30 | 000,139,264 | R--- | M] () -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\tcpsock_object.dll
MOD - [2008/12/22 14:54:24 | 000,425,984 | ---- | M] () -- C:\Program Files\TiVo\Desktop\libmatroska.dll
MOD - [2008/12/22 13:49:50 | 000,188,416 | ---- | M] () -- C:\Program Files\TiVo\Desktop\libebml.dll
MOD - [2007/02/20 14:01:18 | 000,105,184 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2006/11/20 14:29:10 | 000,101,376 | ---- | M] () -- C:\Windows\System32\APOMngr.dll
MOD - [2006/11/13 11:07:34 | 000,066,560 | ---- | M] () -- C:\Windows\System32\CmdRtr.dll
MOD - [2006/11/03 18:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2003/01/30 06:04:00 | 000,618,496 | ---- | M] () -- C:\Program Files\TiVo\Desktop\StlpMt45.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Messenger)
SRV - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV - [2012/06/09 23:30:25 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/01/12 10:07:44 | 000,033,792 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe -- (NovacomD)
SRV - [2009/07/20 13:57:06 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/03/27 09:12:28 | 001,867,720 | ---- | M] (Blockbuster) [Auto | Running] -- C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe -- (Movielink Core Service)
SRV - [2008/05/02 15:44:40 | 000,188,456 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/21 01:48:34 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2007/06/25 21:17:04 | 000,537,840 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbkcoms.exe -- (dlbk_device)
SRV - [2007/06/25 01:17:00 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- -- (mrtRate)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/06/14 23:21:31 | 000,205,072 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2012/06/14 23:21:31 | 000,092,432 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2012/06/14 23:21:31 | 000,081,168 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2012/06/14 23:21:31 | 000,068,368 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/11/19 00:02:10 | 000,052,824 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stdriver32.sys -- (stdriver)
DRV - [2009/06/16 15:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/06/25 01:17:04 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/06/20 23:10:02 | 000,056,448 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2007/06/20 23:10:02 | 000,056,448 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3xx USB Smart Card Reader)
DRV - [2007/04/12 20:02:56 | 000,157,184 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/03/05 22:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/01/11 20:15:16 | 000,032,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/01/11 20:15:06 | 000,032,272 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2006/11/27 03:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 03:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 03:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/21 08:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/02 04:51:27 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/08/17 08:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 08:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 08:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 08:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/04/12 19:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005/04/12 19:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2005/04/12 19:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2005/04/12 19:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2179227837-3419367426-1334409123-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Bantas\Desktop
IE - HKU\S-1-5-21-2179227837-3419367426-1334409123-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2179227837-3419367426-1334409123-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2179227837-3419367426-1334409123-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2179227837-3419367426-1334409123-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2179227837-3419367426-1334409123-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-2179227837-3419367426-1334409123-1000\..\SearchScopes\{6b0d4c9d-c6eb-4a9a-981c-ac3f9d8373c0}: "URL" = http://search.xfinit...q={searchTerms}
IE - HKU\S-1-5-21-2179227837-3419367426-1334409123-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKU\S-1-5-21-2179227837-3419367426-1334409123-1000\..\SearchScopes\Comcast: "URL" = http://search.xfinit...art_tech_search
IE - HKU\S-1-5-21-2179227837-3419367426-1334409123-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2179227837-3419367426-1334409123-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Bantas\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bantas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bantas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Bantas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012/06/17 16:42:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2012/06/14 23:43:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/06/17 16:42:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Bantas\AppData\Roaming\Move Networks [2009/11/22 10:37:17 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Bantas\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bantas\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bantas\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Bantas\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Trend Micro Titanium (Enabled) = C:\Users\Bantas\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj\5.2.0.1035_0\npToolbarChrome.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Bantas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Bantas\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: TrendMicro Toolbar = C:\Users\Bantas\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj\5.2.0.1035_0\

O1 HOSTS File: ([2012/06/17 18:51:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKU\S-1-5-21-2179227837-3419367426-1334409123-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2179227837-3419367426-1334409123-1000\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LoadMSvcmm] C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe (Blockbuster)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-2179227837-3419367426-1334409123-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-2179227837-3419367426-1334409123-1000..\Run: [TivoNotify] C:\Program Files\TiVo\Desktop\TiVoNotify.exe (TiVo Inc.)
O4 - HKU\S-1-5-21-2179227837-3419367426-1334409123-1000..\Run: [TivoServer] C:\Program Files\TiVo\Desktop\TiVoServer.exe (TiVo Inc.)
O4 - HKU\S-1-5-21-2179227837-3419367426-1334409123-1000..\Run: [TranscodingService] C:\Program Files\TiVo\Desktop\TranscodingService.exe (TiVo Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2179227837-3419367426-1334409123-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2179227837-3419367426-1334409123-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Value error. File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2179227837-3419367426-1334409123-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2179227837-3419367426-1334409123-1000\..Trusted Domains: navy.mil ([webmail.east.nmci] https in Trusted sites)
O15 - HKU\S-1-5-21-2179227837-3419367426-1334409123-1000\..Trusted Domains: navy.mil ([webmail.nmci] https in Trusted sites)
O15 - HKU\S-1-5-21-2179227837-3419367426-1334409123-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8A7B05A-A01C-4D07-AC53-6A05B3B89030}: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCEAB79D-8543-4FC6-89A2-A09FCCBE1D3B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Humpback Whale.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Humpback Whale.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/23 10:45:18 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Bantas\Desktop\OTL.exe
[2012/06/23 10:45:14 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Bantas\Desktop\aswMBR.exe
[2012/06/17 19:11:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/17 18:52:06 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/17 18:30:46 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/14 23:44:49 | 000,000,000 | ---D | C] -- C:\Users\Bantas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security 2012
[2012/06/14 23:44:02 | 000,092,432 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys
[2012/06/14 23:44:00 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012/06/14 23:44:00 | 000,081,168 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmactmon.sys
[2012/06/14 23:44:00 | 000,068,368 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmevtmgr.sys
[2012/06/14 20:21:54 | 000,000,000 | ---D | C] -- C:\found.000
[2012/06/10 08:25:58 | 000,000,000 | ---D | C] -- C:\Users\Bantas\Desktop\Afg Trip 2
[2012/06/10 07:39:36 | 000,000,000 | ---D | C] -- C:\Users\Bantas\Desktop\Afg Trip
[4 C:\Users\Bantas\Desktop\*.tmp files -> C:\Users\Bantas\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/23 10:50:21 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2179227837-3419367426-1334409123-1000UA.job
[2012/06/23 10:46:56 | 005,422,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/23 10:46:56 | 001,826,670 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/23 10:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/23 10:09:21 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/23 09:44:04 | 000,340,609 | ---- | M] () -- C:\Users\Bantas\Desktop\FSS.exe
[2012/06/23 09:43:00 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Bantas\Desktop\aswMBR.exe
[2012/06/23 09:38:08 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Bantas\Desktop\OTL.exe
[2012/06/23 09:30:59 | 000,150,910 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/06/23 09:30:59 | 000,150,910 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/06/23 09:30:53 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/23 09:30:36 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/23 09:30:36 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/23 09:30:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/23 09:30:30 | 2143,506,432 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/18 19:15:14 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/06/18 12:52:54 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/06/17 18:51:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/14 23:45:05 | 000,001,149 | ---- | M] () -- C:\Users\Bantas\Desktop\Trend Micro Titanium Maximum Security 2012.lnk
[2012/06/14 23:41:54 | 000,000,056 | ---- | M] () -- C:\Windows\System32\SupportTool.exe.bat
[2012/06/14 23:21:31 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012/06/14 23:21:31 | 000,092,432 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys
[2012/06/14 23:21:31 | 000,081,168 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmactmon.sys
[2012/06/14 23:21:31 | 000,068,368 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmevtmgr.sys
[2012/06/14 22:50:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2179227837-3419367426-1334409123-1000Core.job
[2012/06/14 03:34:43 | 000,298,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/12 23:53:30 | 000,007,808 | ---- | M] () -- C:\Users\Bantas\AppData\Local\d3d9caps.dat
[2012/06/11 21:55:01 | 000,002,094 | ---- | M] () -- C:\Users\Bantas\Desktop\Google Chrome.lnk
[2012/06/10 08:57:09 | 000,000,121 | ---- | M] () -- C:\Windows\disney.ini
[2012/06/03 21:03:46 | 000,002,609 | ---- | M] () -- C:\Users\Bantas\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[4 C:\Users\Bantas\Desktop\*.tmp files -> C:\Users\Bantas\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/23 10:45:16 | 000,340,609 | ---- | C] () -- C:\Users\Bantas\Desktop\FSS.exe
[2012/06/14 23:44:49 | 000,001,149 | ---- | C] () -- C:\Users\Bantas\Desktop\Trend Micro Titanium Maximum Security 2012.lnk
[2011/11/25 13:58:20 | 000,000,056 | ---- | C] () -- C:\Windows\System32\SupportTool.exe.bat
[2011/11/25 13:58:12 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/12/28 23:05:10 | 000,129,320 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/03/11 14:19:41 | 002,780,171 | ---- | C] () -- C:\Users\Bantas\en[1].pdf
[2009/10/25 12:33:23 | 000,150,910 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/10/25 12:33:23 | 000,150,910 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/09/03 05:53:14 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/03 19:52:54 | 000,007,808 | ---- | C] () -- C:\Users\Bantas\AppData\Local\d3d9caps.dat
[2008/02/07 21:22:14 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007/12/23 21:20:59 | 000,000,000 | ---- | C] () -- C:\Users\Bantas\AppData\Local\rx_image.Cache
[2007/08/27 13:12:05 | 000,087,622 | ---- | C] () -- C:\Users\Bantas\AppData\Roaming\nvModes.001
[2007/08/27 12:44:45 | 000,087,622 | ---- | C] () -- C:\Users\Bantas\AppData\Roaming\nvModes.dat
[2007/08/26 14:29:39 | 000,104,960 | ---- | C] () -- C:\Users\Bantas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/04/21 20:52:35 | 000,000,000 | ---D | M] -- C:\Users\Bantas\AppData\Roaming\Audacity
[2010/11/28 18:47:39 | 000,000,000 | ---D | M] -- C:\Users\Bantas\AppData\Roaming\CanuckSoftware
[2008/04/19 11:47:24 | 000,000,000 | ---D | M] -- C:\Users\Bantas\AppData\Roaming\Disney Interactive Studios
[2011/02/21 11:42:16 | 000,000,000 | ---D | M] -- C:\Users\Bantas\AppData\Roaming\EuroTalk
[2010/01/01 20:36:42 | 000,000,000 | ---D | M] -- C:\Users\Bantas\AppData\Roaming\HandBrake
[2012/05/14 16:45:23 | 000,000,000 | ---D | M] -- C:\Users\Bantas\AppData\Roaming\ICAClient
[2008/04/19 11:44:34 | 000,000,000 | ---D | M] -- C:\Users\Bantas\AppData\Roaming\Leadertech
[2008/01/25 00:55:38 | 000,000,000 | ---D | M] -- C:\Users\Bantas\AppData\Roaming\MusicNet
[2012/04/15 17:18:19 | 000,000,000 | ---D | M] -- C:\Users\Bantas\AppData\Roaming\NCH Swift Sound
[2010/02/06 19:25:18 | 000,000,000 | ---D | M] -- C:\Users\Bantas\AppData\Roaming\Recordpad
[2011/11/03 16:09:19 | 000,000,000 | ---D | M] -- C:\Users\Bantas\AppData\Roaming\Smilebox
[2009/07/26 16:21:35 | 000,000,000 | ---D | M] -- C:\Users\Bantas\AppData\Roaming\SPORE Creature Creator
[2010/08/06 16:48:35 | 000,000,000 | ---D | M] -- C:\Users\Bantas\AppData\Roaming\TechWizard
[2011/04/18 22:09:26 | 000,000,000 | ---D | M] -- C:\Users\Bantas\AppData\Roaming\Teleca
[2009/12/22 23:41:42 | 000,000,000 | ---D | M] -- C:\Users\Bantas\AppData\Roaming\tmp
[2012/06/14 12:25:39 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ICAClient
[2012/06/14 12:26:03 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Teleca
[2012/06/18 19:15:17 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/14 00:06:55 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/14 00:06:55 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 17:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 17:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.BMP >
[2001/03/13 18:14:56 | 000,005,030 | ---- | M] () MD5=FDBB222415C2E2A4129C60B3133C2E0E -- C:\Program Files\Quicken\hpbiz\services.bmp

< MD5 for: SERVICES.EXE >
[2008/01/19 03:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 05:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\ERDNT\cache\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 08:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 08:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/09/17 06:46:22 | 000,001,688 | ---- | M] () MD5=BC4D396AA08B84511E27C46F40E5D023 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/09/17 06:46:22 | 000,001,688 | ---- | M] () MD5=BC4D396AA08B84511E27C46F40E5D023 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 08:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 08:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SVCHOST.EXE >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WSHELPER.DLL >
[2006/11/02 05:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\System32\wshelper.dll
[2006/11/02 05:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll

< MD5 for: WSHELPER.DLL.MUI >
[2006/11/02 08:41:20 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=1955EB7701DAB4C078BCCDFC5D2D1EE8 -- C:\Windows\System32\en-US\wshelper.dll.mui
[2006/11/02 08:41:20 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=1955EB7701DAB4C078BCCDFC5D2D1EE8 -- C:\Windows\winsxs\x86_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_6.0.6000.16386_en-us_aba6a9ba9bd9dfc2\wshelper.dll.mui

< End of report >
  • 0

#9
Slash4848
Posted 23 June 2012 - 09:20 AM

Slash4848

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-23 11:04:41
-----------------------------
11:04:41.089 OS Version: Windows 6.0.6002 Service Pack 2
11:04:41.089 Number of processors: 2 586 0xF0A
11:04:41.090 ComputerName: BANTAS-LAPTOP UserName: Bantas
11:04:43.982 Initialize success
11:04:58.984 AVAST engine download error: 0
11:05:13.623 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
11:05:13.625 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
11:05:13.642 Disk 0 MBR read successfully
11:05:13.645 Disk 0 MBR scan
11:05:13.647 Disk 0 Windows VISTA default MBR code
11:05:13.650 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 109 MB offset 63
11:05:13.662 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 225280
11:05:13.680 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 225564 MB offset 21196800
11:05:13.683 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 483151872
11:05:13.751 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 483153920
11:05:13.757 Disk 0 scanning sectors +488394752
11:05:13.823 Disk 0 scanning C:\Windows\system32\drivers
11:05:22.906 Service scanning
11:05:39.603 Modules scanning
11:05:47.186 Disk 0 trace - called modules:
11:05:47.220 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
11:05:47.224 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f2bac8]
11:05:47.228 3 CLASSPNP.SYS[897aa8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8641b030]
11:05:47.232 Scan finished successfully
11:06:10.353 Disk 0 MBR has been saved successfully to "C:\Users\Bantas\Desktop\MBR.dat"
11:06:10.377 The log file has been saved successfully to "C:\Users\Bantas\Desktop\aswMBR.txt"
  • 0

#10
Slash4848
Posted 23 June 2012 - 09:21 AM

Slash4848

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Farbar Service Scanner Version: 22-06-2012 01
Ran by Bantas (administrator) on 23-06-2012 at 11:07:18
Running from "C:\Users\Bantas\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

tdx Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-09 00:38] - [2012-03-30 08:39] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-06-13 22:22] - [2012-04-23 12:00] - 0133120 ____A (Microsoft Corporation) 75C6A297E364014840B48ECCD7525E30

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

Advertisements

#11
Nedklaw
Posted 24 June 2012 - 06:05 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Sometimes AV's can get over-protective and OTL only creates an Extras.txt file on its first run unless it is specified to create one.


Step 1

  • Save this file to your flash drive and then to the sick computer's desktop: Attached File  fix.txt   802bytes   70 downloads
  • Run OTL.
  • Drag and drop fix.txt into the Custom Scans and Fixes box.
  • If you cannot drag and drop for some reason then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your desktop.
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • Open OTL again and check the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 2

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry

  • Download ERUNT to your flash drive then the sick computer's desktop.
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed).
  • Install ERUNT by following the prompts.
    (Use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later).
  • Start ERUNT.
    (Either by double clicking on the desktop icon or choosing to start the program at the end of the setup).
  • Choose a location for the backup.
    (The default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked.
  • Press OK.
  • Press YES to create the folder.
Posted Image


Step 3

  • Download and extract the following files to your flash drive and then to your sick computer's desktop: Attached File  services.zip   745bytes   82 downloads
  • Double-click tdx.reg and start_services.bat and confirm the prompts.

Step 4

Please run Farbar Service Scanner again.

  • Tick "All" options.

    Posted Image
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Things I want to see in your next reply

  • OTL Fix Log
  • OTL.txt
  • FSS.txt
  • 0

#12
Slash4848
Posted 24 June 2012 - 08:30 AM

Slash4848

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Ran OTL with the fix.txt info in the Custom Scans and Fixes box. About 10min into the process, it stopped running, everything is frozen, and the computer did not reboot. Recommendations? Reboot and run again?
  • 0

#13
Slash4848
Posted 24 June 2012 - 10:01 AM

Slash4848

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
never mind. spoke too soon.
  • 0

#14
Slash4848
Posted 24 June 2012 - 11:43 AM

Slash4848

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Here is the OTL Fix Log, OTL.txt, and FSS.txt one at a time.
  • 0

#15
Slash4848
Posted 24 June 2012 - 11:44 AM

Slash4848

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service Messenger stopped successfully!
Service Messenger deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-2179227837-3419367426-1334409123-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\Users\Bantas\Desktop\~WRL0584.tmp deleted successfully.
C:\Users\Bantas\Desktop\~WRL1318.tmp deleted successfully.
C:\Users\Bantas\Desktop\~WRL2876.tmp deleted successfully.
C:\Users\Bantas\Desktop\~WRL3026.tmp deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Users\Bantas\Desktop\cmd.bat deleted successfully.
C:\Users\Bantas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bantas
->Temp folder emptied: 267564 bytes
->Temporary Internet Files folder emptied: 301736064 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 176661818 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 6783 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->Flash cache emptied: 492 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49523 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 457.00 mb


OTL by OldTimer - Version 3.2.52.0 log created on 06242012_100423

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP