InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 51. |
Solve : Findgala hijack removal? |
|
Answer» I am still having the same major problems with blocked access to common websites, removal tools, some downloads and windows updates, whatever findgala did to screw up the DNS resolution is still in there...
|
|
| 52. |
Solve : " Application cannot be executed. File xxxx is infected. "? |
Answer» AVENGER
Script file opened successfully. Script file read successfully. Backups directory opened successfully at c:\avenger *********************** Beginning to process script files Rootkit scan active. No rootkits found! Completed script processing. *********************** Finished! Terminate. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 上午 01:21:37, on 18/3/2011 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\conime.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\PC Tools Security\BDT\FGuard.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Windows\system32\igfxsrvc.exe C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Users\Jessica\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe C:\Users\Jessica\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe O4 - HKCU\..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" -background O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - Startup: Dropbox.lnk = C:\Users\Jessica\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: HP 剪貼本 - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP 智慧型選取 - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} (MeetUploader Control) - http://static1.meetupstatic.com/applet/MeetUploader_200909.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-au.cab O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} (PPLive Lite Class) - http://download.pplive.com/config/pplite/pluginsetup.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (file missing) O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 8353 bytes
Files to delete: C:\Users\Jessica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\78782723-4ec911f7
Error 503 Service Unavailable Service Unavailable Guru Meditation: XID: 1708240621 Varnish cache serverOk. Please try this one. Run the BitDefender Online scanner Agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files. Once Bitdefender completes the scan: Click-on the Detected Problems tab. Then select Click here to export the scan report. When the window comes up to save the report, change the Save as type: box to: Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save. This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later). This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html. If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us. Post the bdscan.txt file as an Attachment. Hi Dave, I retried the link and it worked again. Many thanks! [email protected] as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6425 # api_version=3.0.2 # EOSSerial=8c3e0ea75a51104e9e9f6114226ef181 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-03-15 05:15:38 # local_time=2011-03-15 03:15:38 ) # country="Taiwan" # lang=1033 # osver=6.0.6000 NT # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=5892 16776573 100 95 137694193 137694565 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=14646 # found=0 # cleaned=0 # scan_time=745 [email protected] as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6425 # api_version=3.0.2 # EOSSerial=8c3e0ea75a51104e9e9f6114226ef181 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-03-15 06:25:34 # local_time=2011-03-15 04:25:34 ) # country="Taiwan" # lang=1033 # osver=6.0.6000 NT # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=5892 16776573 100 95 137695050 137695422 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=103131 # found=1 # cleaned=0 # scan_time=4085 C:\Users\Jessica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\78782723-4ec911f7 multiple threats (unable to clean) 00000000000000000000000000000000 I [email protected] as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6425 # api_version=3.0.2 # EOSSerial=8c3e0ea75a51104e9e9f6114226ef181 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-03-21 03:14:11 # local_time=2011-03-21 01:14:11 ) # country="Taiwan" # lang=1033 # osver=6.0.6000 NT # compatibility_mode=512 16777215 100 0 369142 369142 0 0 # compatibility_mode=5892 16776573 100 95 138201866 138202238 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=101569 # found=0 # cleaned=0 # scan_time=4185 Looks good. How's your computer working now?No prob at all. But I don't think I have a antivirus software? Would you recommend one please? Thank you very much for your time and help!!! Quote But I don't think I have a antivirus software? Would you recommend one please?I can't believe that escaped my notice. Trying to juggle too many balls, I guess. Here's a list. I recommend MicroSoft Security Essentials. Before we continue download and install a free antivirus. Remember to only install one antivirus! 1) Avast! Home Edition 2) AVG Free Edition 3) Avira AntiVir Personal 4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download 4-a) Microsoft Security Essentials for Windows XP 5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one) 6) PC Tools AntiVirus Free Edition It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can RESULT in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time. *********************************************** Once you have installed an AV program, we can do some cleanup. To uninstall ComboFix
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ************************************************* Looking over your log it seems you don't have any evidence of a third party firewall. Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors. Remember only install ONE firewall 1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one) 2) Online Armor 3) Agnitum Outpost 4) PC Tools Firewall Plus If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time. *********************************************** Use the Secunia Software INSPECTOR to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you INTERACT with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! |
|
| 53. |
Solve : Application cannot be executed. The file xxx is infected.? |
|
Answer» Good afternoon:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.Thanks much for the reply! Unfortuantely, the machine has MBAM on it, but it won't run... it just gives off the same "infected" error and closes it down. Thanks, ChrisRKill by Grinler Link #1 Link #2 Link #3
Then, please try MBAM again. |
|
| 54. |
Solve : Application cannot be executed. The file (x) is infected.? |
|
Answer» Hello all,
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. |
|
| 55. |
Solve : scan virus fail, file deleted. windows 7 ultimate? |
|
Answer» hi guys im trying to download the new minecraft update on my windows 7 ultimate and everytime I try it it shows "virus scan fail, file deleted..." I always download from minecraftforum.com and I never had this problem its a trusted website and well used by many people. Also, this goes with everything I try to download. please help me!!!!This looks like a post for help that should be directed to the virus/malware SECTION. I'll try to flag down a moderator to move it for you to that section where certified professionals can assist further.Hello and welcome to Computer HOPE Forum. My name is Dave. I will be HELPING you out with your particular problem on your computer. |
|
| 56. |
Solve : wicked infection desktop icons gone? |
|
Answer» Please download MiniToolBox to Desktop and run it.
MiniToolBox by Farbar Version:21-04-2013 Ran by Sherra (administrator) on 12-06-2013 at 15:06:06 Running from "C:\Users\Sherra\Desktop" Windows Vista (TM) Home PREMIUM Service PACK 2 (X86) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : Gwen Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Server: UnKnown Address: 127.0.0.1 Ping request could not find host google.com. Please check the name and try again. Server: UnKnown Address: 127.0.0.1 Ping request could not find host yahoo.com. Please check the name and try again. Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 1 ........................... Software Loopback Interface 1 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 306 ::1/128 On-link 1 306 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Event log errors: =============================== Application errors: ================== Error: (06/12/2013 03:00:43 PM) (Source: Perflib) (User: ) Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4 Error: (06/12/2013 03:00:43 PM) (Source: Perflib) (User: ) Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (06/10/2013 09:45:30 PM) (Source: Perflib) (User: ) Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4 Error: (06/10/2013 09:45:30 PM) (Source: Perflib) (User: ) Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (06/09/2013 11:16:01 PM) (Source: Application Error) (User: ) Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module rvrender.dll, version 10.0.1.64, time stamp 0x4775b667, exception code 0xc0000005, fault offset 0x0000c472, process id 0x%9, application start time 0xExplorer.EXE0. Error: (06/09/2013 09:49:19 PM) (Source: Perflib) (User: ) Description: BITSC:\Windows\system32\bitsperf.dll4 Error: (06/09/2013 09:14:29 PM) (Source: Application Error) (User: ) Description: Faulting application dvdmaker.exe, version 6.0.6002.18005, time stamp 0x49e02385, faulting module mcspmpeg.ax, version 1.0.1.3, time stamp 0x428b56aa, exception code 0xc0000005, fault offset 0x000027d0, process id 0x1278, application start time 0xdvdmaker.exe0. Error: (06/09/2013 08:41:10 PM) (Source: Perflib) (User: ) Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4 Error: (06/09/2013 08:41:09 PM) (Source: Perflib) (User: ) Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (06/09/2013 11:14:07 AM) (Source: EventSystem) (User: ) Description: 80070005EventSystem.EventSubscription{A304A585-4E0E-4796-8F22-4B08496CD985}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} System errors: ============= Microsoft Office Sessions: ========================= Error: (04/11/2009 08:20:39 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 219474 seconds with 3720 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2013-06-09 21:43:51.384 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Webroot\Spy Sweeper\WRSS\i386\SSIDRV.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-09 21:43:49.463 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Webroot\Spy Sweeper\WRSS\i386\SSIDRV.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-09 21:43:47.422 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Webroot\Spy Sweeper\WRSS\i386\SSIDRV.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-09 21:43:45.449 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Webroot\Spy Sweeper\WRSS\i386\SSIDRV.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-09 09:38:41.911 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-09 09:38:40.065 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-09 09:38:38.276 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-09 09:38:36.319 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-09 09:38:34.387 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-09 09:38:32.662 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system. ========================= Memory info: =================================== Percentage of memory in use: 36% Total physical RAM: 2941.76 MB Available physical RAM: 1853.7 MB Total Pagefile: 6092 MB Available Pagefile: 5110.02 MB Total Virtual: 2047.88 MB Available Virtual: 1949.85 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:454.81 GB) (Free:54.36 GB) NTFS 2 Drive d: (RECOVERY) (Fixed) (Total:10.95 GB) (Free:5.2 GB) NTFS 4 Drive f: (HTC Sync Manager) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS 8 Drive j: (BABY_CAN_READ_VOL_1) (CDROM) (Total:1.63 GB) (Free:0 GB) UDF 10 Drive l: (CDROM) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS ========================= Users: ======================================== User accounts for \\GWEN Administrator Guest Sherra **** End of log **** [recovering disk space, attachment deleted by admin]Please download Farbar Service Scanner and run it on the computer with the issue.
Farbar Service Scanner Version: 31-05-2013 01 Ran by Sherra (administrator) on 12-06-2013 at 18:54:00 Running from "C:\Users\Sherra\Desktop" Windows Vista (TM) Home Premium Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. There is no connection to network. Attempt to access Google IP returned error. Attempt to access Google.com returned error: Other errors Attempt to access Yahoo IP returned error. Attempt to access Yahoo.com returned error: Other errors Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log **** [recovering disk space, attachment deleted by admin]A couple of things to try. Make sure, your computer is set to obtain IP address automatically. 1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel) 2. Double click Network Connections (Vista/7 users: Network and Sharing Center) 3. Vista/7 users - From the list of tasks on the left, click Manage network connections. 4. For a wired network connection, right-click Local Area Connection, and then select Properties. For a wireless network connection, right-click Wireless Network Connection, and then select Properties. 5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol (TCP/IP), make sure it is checked, and then click Properties 6. Click Obtain an IP Address Automatically, and then click OK. If that doesn't work... Go Start>Run (Start search in Vista), type in: cmd Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter). In Command Prompt window, type in following commands, and hit Enter after each one: ipconfig /flushdns ipconfig /registerdns ipconfig /release ipconfig /renew net stop "dns client" net start "dns client" Restart computer.Ok. I tried that. Here's the thing, my computer does not SHOW the lan connection. I tried putting in the commands into the command prompt. When I got to ipconfig /release, I got the following message: the operation failed as no adapter is in the state permissible for this operation. I got the same message for the ipconfig /renew.ANOTHER thing to mention, the items under the network adapters in the device manager all have the yellow triangle with the exclamation mark inside. Those items include 6TO4 adapter, Microsoft 6to4 adapters #10, #21, #50, #127, #14, #18, #194, #7, nvidia nforce networking controller, wan miniports (ipv6), (ip), (l2tp), (network monitor), (pppoe), (pptp), and (sstp).Quote the operation failed as no adapter is in the state permissible for this operation.The problem is probably with your network card. You may need to try a new one. Ok. I will get another and get back to you. In the meantime, do you know what I can try for my start menu items and my desktop icons? Again, i do appreciate your help.Hey Dave, I wanted to ask. I was about to start ordering a new network card and upon doing the research on the card I have, I came across some suggestions. It seems that antivirus/anti-malware, etc software can cause issues with the network drivers and registries. What do you think of this? Are you familiar with this? I've seen where some people advise to reinstall the drivers. The yellow exclamation mark comes with error code 31. Which says: "This driver is not working properly because Windows cannot load the drivers required for this device."Quote It seems that antivirus/anti-malware, etc software can cause issues with the network drivers and registries. What do you think of this? Are you familiar with this? I've seen where some people advise to reinstall the drivers. The yellow exclamation mark comes with error code 31. Which says: "This driver is not working properly because Windows cannot load the drivers required for this device."That's true but you usually won't get this warning: (the operation failed as no adapter is in the state permissible for this operation.) In fact, you get no warning at all; just no connection. As for the drivers part, you can try re-loading the drivers before ordering the network card. |
|
| 57. |
Solve : hijacked by toparcadehits? |
|
Answer» I'm STILL having the same issue. Would not boot from DVD. Would not boot from rescue disk.Did you set the BIOS to boot from the disk drive? If you do not know how to set your computer to boot from CD follow the steps hereFinally RESOLVED the boot issue. So we're back to having the original problem of "toparcadehits" opening browser windows WHENEVER it likes to.Quote from: diggerdave on June 05, 2013, 07:43:29 PM Finally resolved the boot issue. So we're back to having the original problem of "toparcadehits" opening browser windows whenever it likes to.What browser are you getting this problem?FirefoxQuote from: diggerdave on June 06, 2013, 07:57:43 PM FirefoxDoes it happen with Internet EXPLORER? If not, why not uninstall and re-install FF? |
|
| 58. |
Solve : BSOD multiple times and sudden shutdown? |
|
Answer» Quote from: kesuki18 on May 26, 2013, 07:14:49 AM Here it is.Sorry, I can't open that file. Please copy and PASTE your REPLIES here in your NEXT post. |
|
| 59. |
Solve : Need help to save my mind? |
|
Answer» Logfile of Trend Micro HijackThis v2.0.4
Please download Malwarebytes Anti-Malware from here. Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. ************************************************* Please download Junkware Removal Tool to your desktop. •Warning! Once the scan is complete JRT will shut down your browser with NO warning. •Shut down your protection software now to avoid potential conflicts. •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator •The tool will open and start scanning your system. •Please be patient as this can take a while to complete depending on your system's specifications. •On completion, a log (JRT.txt) is saved to your desktop and will automatically open. •Copy and Paste the JRT.txt log into your next message. |
|
| 60. |
Solve : PC Slpw/Crashing? |
|
Answer» Please run RogueKiller and see if anything comes up. Should I delete...Yes, uninstall all except RogueKiller.
Quote 11:50:21.0894 5604 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42Save these instructions so you can have access to them while in Safe Mode. Please click here to download AVP Tool by Kaspersky.
•Then click on Scan at the to right hand Corner. •It will automatically Neutralize any objects found. •If some objects are left un-neutralized then click the button that says Neutralize all •If it says it cannot be neutralized then choose the delete option when prompted. •After that is done click on the reports button at the bottom and save it to file name it Kas. •Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those RESULTS in your next reply. Note: This tool will self uninstall when you close it so please save the log before closing it. |
|
| 61. |
Solve : Computer Running Slow - Malware Removal Help? |
|
Answer» Ok, PLEASE try this one. |
|
| 62. |
Solve : MalwareBytes fails detecting virus/malware generating Google Chrome popups and r? |
|
Answer» Quote I am still getting a strange version of browser hijack. It only happens in Chrome. The hijacks are seemingly random.Does this happen with other browsers such as FireFox or IE? Quote It occurred to me to tell you that I used to run Windows update religiously until a few years ago, but when MS kept trying to force their other malware tool on me and IE 8/9 every time I'd do an update I started to get suspicious that MS could easily install their own BIGBROTHER-WARE (R)(TM)(C) 2013 on my computer. Then about 2 years ago when I learned they were discontinuing support for XP, (which they have since extend the death date to 2014) i considered that perhaps MS would "Auto-Update" a poison pill to break my XP and force me to upgrade to a newer OS.It's important that you get your updates. Malware just love programs that are not kept up-to-date. I use XP and I've never experiened any problems. Quote Can you tell me if there is something malicious in my HijackThis log from earlier?Hijack is obsolete and is no longer used by malware experts. Quote I've learned that a malware could be removed from the computer, but may leave incorrect browser settings.It's possible. You should uninstall and re-install Chrome. Quote Should I also update drivers of some sort, or is that overkill??No, that's not necessary. Quote Does this happen with other browsers such as FireFox or IE?Not at all. Quote It's important that you get your updates. Malware just love programs that are not kept up-to-date. I use XP and I've never experiened any problems.I tried updating my system in IE8 and the browser just hangs. Any ideas? I am not able to download the updater even -- the browser hangs and I have to use taskkill to manually kill the process. Is this a sign of "subtle" malware on my machine interfering with a process that could FIND and remove it, or is this a more benign yet still disruptive issue? Or put more succinctly -- what is causing this and how can I resolve it so that I can get my updates? As a reminder, here are my relevant specs: (generated with Belarc Advisor
2013-02-19 19:56:47:343 3272 1350 Misc = Process: C:\WINDOWS\system32\rundll32.exe 2013-02-19 19:56:47:343 3272 1350 Misc = Module: C:\WINDOWS\system32\wuapi.dll 2013-02-19 19:56:47:343 3272 1350 ARP Connected to update session. 2013-02-19 19:56:47:343 3272 1350 ARP User is allowed to install published content. 2013-02-19 19:56:48:234 3272 1350 ARP Managed service NOT found. Quote Hijack is obsolete and is no longer used by malware experts.Thanks for letting me know that. Can you recommend a good one-stop-shop resource that will INFORM me on what the current BEST PRACTICES and TOOLS for malware detection and removal are? Quote You should uninstall and re-install Chrome.Uninstalled, downloaded & Installed Chrome v. 24 -- Worked! Tested and the weird popups issue is now gone. During uninstall I also clicked "delete browsing data", so if anyone if using my steps as an example, that may be a key component to follow. Also, this was the most expedient solution, but I feel like the culprit possibly was a rogue "extension" or "addon" that I downloaded (mostly Firebug add-ons), and in other circumstances I might have investigated that hunch further. I look forward to your next response and appreciate all your help so far. I know I ask a lot of questions and am pretty tenacious about getting high-granularity answers, which can seem annoying to some. But for me, it's just as important (if not more so) to understand the root cause of an issue as it is to know the best fix. Please don't hesitate to let me know if any of my queries are out of the scope of your expertise. Thanks. Quote Does this happen with other browsers such as FireFox or IE?Quote Not at all.Then the problem appears to be with your browser. Go to Microsoft Windows Update and get all critical updates. If you still get an error please try this. •Please download Dial-A-Fix from one of the following mirrors: Primary mirror Secondary mirror •Extract the zip file to your desktop. •Double click Dial-a-Fix.exe to start the program. Dial-A-Fix might give you a lot errors, just ignore them and Click to continue. •Press the green double checkmark box (Looks like this: UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this: •Click on Go •Wait for Dial-A-Fix to finish (All the checks marks will be all gone) •Close Dial-A-Fix Quote Go to Microsoft Windows Update and get all critical updates.Upon navigating to that link a modal window pops up with an option to install "Windows Update". When I click install it fails. However, here's something interesting. I decided to see what would happen if I enabled "Automatic Updates". After about 5-10 minutes AU started downloading. In the end I figured a restart was probably required to make the updates take effect -- I was right! The option "Shutdown After Installing Updates" presented itself when I went to reboot. All told, 82 updates were downloaded. Upon reboot I noticed that Windows Firewall had been disabled, presumably by one of the updates that automatically installed. I tried to install Windows Update and it failed/hung again. Subsequently I ran Dial-A-Fix, as per your instructions. No log was generated that I am aware of, however these errors popped up (to avoid unnecessary repetition I put just the dll name) while during program execution: Code: [Select]Error 127: C:\WINDOWS\system32\iesetup.dll is not registerable or the file is corrupted. Your version of iesetup.dll is 8.00.6001.18702. Please contact [emailprotected] so that an exception can be made for your version of this file. .... is not DLLInstall-able or the file is corrupted ... .... system32\imgutil.dll is not registerable or the file is corrupted. ... .... system32\inseng.dll ... .... mshtml.dll ... .... msrating.dll ... .... occache.dll ... .... pngfilt.dll ... .... webcheck.dll ... I don't understand it. Does this give a clue as to what is happening? Also, I have begun to notice the busy hourglass again, consistent, like some registry process is continually polling my CPU. I have had "Process Explorer" installed for many months, but I'm not sure I know how use it. Do you think that could help track-down the virus/malware? I considered uninstalling IE8 because it was installed after SP3, however I noticed there were a lot (20-30) of items that were dependent on or installed after IE8, so I opted against the uninstall at the point. Again, I appreciate your help so far. Any ideas on why it is locking up, or what to do next? Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program. Click on View > Select Colunms. In addition to already pre-selected options, make sure, the Command Line is selected, and press OK. Go File>Save As, and save the report as Procexp.txt. Attach the file to your next reply.Here is the log from running Process Explorer v. 15.3: Code: [Select]Process PID CPU Private Bytes Working Set Description Company Name Command Line System Idle Process 0 97.69 0 K 28 K Interrupts n/a 1.54 0 K 0 K Hardware Interrupts and DPCs procexp.exe 1868 0.77 13,200 K 20,688 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Documents and Settings\nunya\My Documents\Downloads\ProcessExplorer\procexp.exe" WPFFontCache_v0400.exe 6008 2,012 K 4,548 K wpffontcache_v0400.exe Microsoft Corporation C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe wmiprvse.exe 5028 1,964 K 5,072 K WMI Microsoft Corporation C:\WINDOWS\system32\wbem\wmiprvse.exe winlogon.exe 744 7,292 K 3,056 K Windows NT Logon Application Microsoft Corporation winlogon.exe uphclean.exe 2996 628 K 1,728 K User Profile HIVE Cleanup Service Microsoft Corporation "C:\Program Files\UPHClean\uphclean.exe" TWCApp.exe 2004 105,572 K 131,476 K The Weather Channel App The Weather Channel "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" TrueImageMonitor.exe 2220 19,468 K 9,784 K Acronis True Image Monitor Acronis "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" System 4 0 K 240 K svchost.exe 1128 24,944 K 36,852 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe 1048 2,852 K 5,456 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k rpcss svchost.exe 1976 5,920 K 6,876 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k HPService svchost.exe 2932 5,020 K 8,332 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k imgsvc svchost.exe 1360 5,004 K 7,200 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService svchost.exe 1292 1,372 K 3,732 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k NetworkService svchost.exe 988 3,204 K 5,340 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe 5524 5,448 K 7,440 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe 2432 1,052 K 3,036 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k HPZ12 svchost.exe 4704 1,608 K 3,580 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k HTTPFilter svchost.exe 2520 1,044 K 3,008 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k HPZ12 svchost.exe 664 1,340 K 3,872 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService sqlwriter.exe 2868 960 K 3,588 K SQL Server VSS Writer Microsoft Corporation "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" sqlservr.exe 2316 55,964 K 42,260 K SQL Server Windows NT Microsoft Corporation "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS spoolsv.exe 1748 8,472 K 11,324 K Spooler SubSystem App Microsoft Corporation C:\WINDOWS\system32\spoolsv.exe snmp.exe 2848 1,532 K 3,976 K SNMP Service Microsoft Corporation C:\WINDOWS\System32\snmp.exe smss.exe 644 176 K 444 K Windows NT Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe smax4pnp.exe 2720 2,532 K 4,928 K SMax4PNP Analog Devices, Inc. "C:\Program Files\Analog Devices\Core\smax4pnp.exe" Skype.exe 2620 55,180 K 60,072 K Skype Skype Technologies S.A. "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun services.exe 788 2,012 K 3,864 K Services and Controller app Microsoft Corporation C:\WINDOWS\system32\services.exe schedul2.exe 1168 1,072 K 3,360 K Acronis Scheduler 2 Acronis "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" schedhlp.exe 1144 1,092 K 3,664 K Acronis Scheduler Helper Acronis "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" scardsvr.exe 1792 944 K 2,772 K Smart Card Resource Management Server Microsoft Corporation C:\WINDOWS\System32\SCardSvr.exe ScanToPCActivationApp.exe 1776 2,684 K 8,292 K ScanToPCActivationApp Hewlett-Packard CO. "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN298BWHSY05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1 Radstgms.exe 2676 1,252 K 3,136 K radstgms Hewlett-Packard "C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe" radsched.exe 2580 856 K 2,752 K radsched Hewlett-Packard "C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe" radexecd.exe 2540 572 K 2,080 K radexecd Hewlett-Packard "C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe" PDVD10Serv.exe 2940 1,124 K 4,128 K PowerDVD RC Service CyberLink Corp. "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe" oodtray.exe 2992 1,428 K 5,296 K O&O Defrag TrayIcon (Win32) O&O Software GmbH "C:\WINDOWS\system32\oodtray.exe" oodag.exe 2472 2,732 K 5,824 K O&O Defrag Agent (Win32) O&O Software GmbH C:\WINDOWS\system32\oodag.exe olycamdetect.exe 3172 1,260 K 4,696 K OLYMPUS ib Resident Program OLYMPUS IMAGING CORP. "C:\Program Files\Olympus\ib\olycamdetect.exe" /Startup NASvc.exe 2360 2,156 K 4,900 K NeroUpdate Nero AG "C:\Program Files\Nero\Update\NASvc.exe" msseces.exe 3196 5,724 K 10,532 K Microsoft Security Client User Interface Microsoft Corporation "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey msraLinkMonitor.exe 2248 672 K 2,504 K Quaranti Application "C:\Program Files\Remote tools\msraLinkMonitor.exe" MsMpEng.exe 1092 55,348 K 60,448 K Antimalware Service Executable Microsoft Corporation "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" msdtc.exe 708 1,948 K 5,156 K MS DTC console program Microsoft Corporation C:\WINDOWS\system32\msdtc.exe mqtgsvc.exe 4088 1,428 K 4,028 K Windows NT MSMQ Trigger Service Microsoft Corporation C:\WINDOWS\system32\mqtgsvc.exe mqsvc.exe 3560 2,160 K 6,232 K Message Queuing Service Microsoft Corporation C:\WINDOWS\system32\mqsvc.exe mDNSResponder.exe 1540 984 K 3,124 K Bonjour Service Apple Inc. "C:\Program Files\Bonjour\mDNSResponder.exe" MDM.EXE 2168 1,184 K 3,804 K Machine Debug Manager Microsoft Corporation "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" LWS.exe 3344 8,240 K 13,532 K Camera Software Logitech Inc. "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide LVPrcSrv.exe 2148 1,232 K 2,912 K Logitech LVPrcSrv Module. Logitech Inc. "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe" LSSrvc.exe 2116 684 K 2,620 K Hewlett-Packard Company "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" lsass.exe 800 5,696 K 8,444 K LSA Shell (Export Version) Microsoft Corporation C:\WINDOWS\system32\lsass.exe jqs.exe 2084 2,432 K 1,412 K Java(TM) Quick Starter Service Sun Microsystems, Inc. "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" iviRegMgr.exe 2064 584 K 2,324 K RegMgr Module InterVideo "C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe" iTunesHelper.exe 3376 11,352 K 16,152 K iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe" iPodService.exe 5892 2,448 K 4,160 K iPodService Module (32-bit) Apple Inc. "C:\Program Files\iPod\bin\iPodService.exe" Ida.exe 3424 2,352 K 6,220 K Intelligent Desktop Assistant (IDA) Hewlett-Packard Company "C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE" hpqWmiEx.exe 3096 2,012 K 3,540 K hpqwmiex Module Hewlett-Packard Development Company, L.P. "C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe" HPNetworkCommunicator.exe 4448 4,248 K 6,112 K HPNetworkCommunicator Hewlett-Packard Co. "C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe" GoogleToolbarNotifier.exe 3304 3,404 K 1,748 K GoogleToolbarNotifier Google Inc. "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" googletalk.exe 3472 11,596 K 18,160 K Google Talk Google "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart FolderSizeSvc.exe 1884 2,224 K 4,264 K FolderSize Service Brio "C:\Program Files\FolderSize\FolderSizeSvc.exe" explorer.exe 3912 26,412 K 32,504 K Windows Explorer Microsoft Corporation C:\WINDOWS\Explorer.EXE Everything.exe 3540 9,124 K 11,588 K Everything "C:\Program Files\Everything\Everything.exe" -startup Dropbox.exe 4268 47,124 K 53,532 K Dropbox Dropbox, Inc. "C:\Documents and Settings\nunya\Application Data\Dropbox\bin\Dropbox.exe" /systemstartup ctfmon.exe 3264 948 K 3,912 K CTF Loader Microsoft Corporation "C:\WINDOWS\system32\ctfmon.exe" csrss.exe 712 1,772 K 4,420 K Client Server Runtime Process Microsoft Corporation C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 COEMsgDisplay.exe 456 1,068 K 4,184 K COEMsgDisplay Utility Hewlett Packard "C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe" COCIManager.exe 3792 2,764 K 5,232 K Camera Control Interface Logitech Inc. "C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe" -Embedding CLMLSvc.exe 3696 4,184 K 6,888 K CyberLink MediaLibray Service CyberLink "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" btwdins.exe 1156 1,868 K 2,672 K Bluetooth Support Server Broadcom Corporation. "c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe" BTTray.exe 4168 3,476 K 5,552 K Bluetooth Tray Application Broadcom Corporation. "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" brs.exe 3832 948 K 3,060 K brs cyberlink "C:\Program Files\Cyberlink\Shared files\brs.exe" ati2evxx.exe 1220 944 K 3,496 K ATI External Event Utility EXE Module ATI Technologies Inc. Ati2evxx.exe -Client ati2evxx.exe 956 788 K 3,188 K ATI External Event Utility EXE Module ATI Technologies Inc. C:\WINDOWS\system32\Ati2evxx.exe AppleMobileDeviceService.exe 1300 10,216 K 13,928 K MobileDeviceService Apple Inc. "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" alg.exe 6132 1,188 K 3,688 K Application Layer Gateway Service Microsoft Corporation C:\WINDOWS\System32\alg.exe afcdpsrv.exe 1248 1,600 K 4,712 K File Level CDP Manager Service Acronis "C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe" Sorry, I've been sick the today. I hope that's what you needed. Let me know if you need anything else. Thanks. Oh, almost forgot: Since I discovered that shutting my machine off is the way to install new "Automatic-Updates", I've done that 4 times so far. Each time it says there are 6 updates to install. It never gives me any error, but doesn't it seem like too much of a coincidence that it's the exact same number of updates 3 times in a row?Oops. I just realized you ask for the file to be attached, not cut/pasted, so here it is. Thanks. [recovering disk space, attachment deleted by admin]I can't see anything amiss in the processes. The only thing I can suggest is to use your taskmanager and stop each process except explorer.exe until you find a process that may be causing the hourglass waiting.*** [SOLVED:] *** Strangely the hourglass issue has disappeared and I can't identify anything that might have made that happen, except possibly allowing auto-update to proceed. Thanks for all your help and patience. *** FOR ANYONE ELSE READING THIS *** I don't really know what the exact solution was. What I do know is that it was likely a combination of all the anti-malware tools used and then enabling automatic updates in the end. The malware prevention steps I will be taking are:
NOTE: At the time of this writing, version 6 of Comodo Personal Firewall/Comodo Internet Security was just realeased, and hence there are very little YouTube or web-based instructional DIY tutorials on configuring the new interface, which is significantly different for the first time in half a decade. Therefore, I am installing the 2nd latest version, which is 5.5. Thanks again and Kudos to you SuperDave, without who's help I would have been quite lost!!! :0)> * Kudos Given * * Topic Marked "SOLVED" *Good Job! Let's do some cleanup. To uninstall ComboFix
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
Click Start> Computer> right click the C Drive and choose Properties> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the Confirmation screen. This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive) ********************************************* I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! |
|
| 63. |
Solve : Adwcleaner log? |
|
Answer» i honestly don't know what I'm doing wrong. Is there any way you can tell? Here is a new log where I tried again.
[/list] •Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked. •Now click on Advanced Settings and select the following: •Scan for potentially unwanted applications •Scan for potentially unsafe applications •Enable Anti-Stealth Technology [/list] •Push the Start button. •The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection. •When completed the Online Scan will begin automatically. •Do not touch either the Mouse or keyboard during the scan otherwise it may stall. •When completed select Uninstall application on close if you so wish, make sure you copy the logfile first! •Push •Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt. •Copy and paste that log as a reply to this topic. Note: Do not forget to re-enable your Anti-Virus application after running the above scan!C:\TDSSKiller_Quarantine\01.01.2013_19.13.20\rtkt0000\svc0000\tsk0000.dtaWin32/Sirefef.DA trojan C:\Users\Kelly Nicole\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\47363e7b-1bba5397a variant of Java/JShrink.A application C:\Users\Kelly Nicole\Downloads\ac3filter.exea variant of Win32/InstallIQ application C:\Users\Kelly Nicole\Downloads\cnet_refog_setup_free_kl_643_exe.exea variant of Win32/InstallCore.D application C:\Users\Kelly Nicole\Downloads\CouponPrinter(3).exeprobably a variant of Win32/Adware.Softomate.AD application C:\Users\Kelly Nicole\Downloads\CouponPrinter(4).exeprobably a variant of Win32/Adware.Softomate.AD application C:\Users\Kelly Nicole\Downloads\CouponPrinter(5).exeprobably a variant of Win32/Adware.Softomate.AD application C:\Users\Kelly Nicole\Downloads\FDM_Setup.exeWin32/Toolbar.Zugo application C:\Users\Kelly Nicole\Downloads\GraboidVideoSetup-2.01b-Complete(2).exeWin32/Graboid application C:\Users\Kelly Nicole\Downloads\GraboidVideoSetup-2.01b-Complete(3).exeWin32/Graboid application C:\Users\Kelly Nicole\Downloads\GraboidVideoSetup-2.01b-Complete(4).exeWin32/Graboid application C:\Users\Kelly Nicole\Downloads\GraboidVideoSetup-2.01b-Complete(5).exeWin32/Graboid application C:\Users\Kelly Nicole\Downloads\GraboidVideoSetup-2.01b-Complete.exeWin32/Graboid application C:\Users\Kelly Nicole\Downloads\vv-supersearch-silent.exeWin32/Toolbar.Zugo application Quote from: kellylong2007 on February 01, 2013, 07:49:06 AM C:\TDSSKiller_Quarantine\01.01.2013_19.13.20\rtkt0000\svc0000\tsk0000.dtaWin32/Sirefef.DA trojanWhere did this come from? It doesn't LOOK like an ESET log.I believe from this website.. http://www.eset.com/me/home/products/online-scanner/ Do you have a DIRECT link to the correct one? I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
•Click the button. •Accept any security warnings from your browser.
•Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan COMPLETES, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt I did this a few TIMES.. the first time it found i think 5 things.. then I realized it didn't make a log. So I did it again and the Export to text file option was never there. I'm now TRYING it again and its no longer working. I did fix all the threats it pulled up though. Any other suggestions? Sorry it's been taking me so long to get back with you lately. I'm pregnant now and I'm just tired and sick all the time. Ok. How's your computer running now? Any other issues I should know about? |
|
| 64. |
Solve : Iexplorer showing multiples in task manager and hanging up? |
|
Answer» Quote Question though. Can one have too many anti-spyware programs on a system, or will CERTAIN ones CLASH? I have superantispyware and malwarebytes already.I've never had any PROBLEM with CONFLICTS. SuperAntiSpyware is a BIT outdated. You should use adwCleaner instead. You're welcome. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 65. |
Solve : kanoodle.com redirect (also, possible google redirect)? |
|
Answer» Not sure what happened. Sorry! Let's try that again. Thanks again for your help.Could you please run TDSSKiller again and post the entire log?No problem - I attached the log as a txt file because it's too big to post. Thanks! [year+ old attachment deleted by admin]Quote Still having the same issue - an occasional new tab redirect that only seems to happen when we try to visit the one site. I haven't noticed any other problems.Could you please post the link to that site?Thank you for bearing with me! When we visit (in Firefox): http://www.nbcnews.com/ (or when that site autorefreshes) it USED to be that occasionally (one out of every five? six? times) it would redirect to: http://context3.kanoodle.com/AF7F5454-06AA-11DF-BB59-79A43FF5047F (those numbers at the end seem to be the same every time) Now, what seems to happen is that nbcnews.com opens as planned and kanoodle loads in a new tab.Ok. Let's try this: Go to Tools, Options, Privacy, show cookies and remove the kanoodle.com cookie. You could also try blocking that site in FF. I tried that nbcnews about five times and it came up ok with no re-directs. Does it re-direct when using Internet Explorer?nbcnews.com doesn't seem to redirect in IE (although I will try a few more times just to be sure). It certainly doesn't redirect in Firefox on any other PC I use. I have kanoodle on AdBlock in FF - I'll see what else FF can do to block it. It's the weirdest thing. Thank you!!You're welcome. Let's do some cleanup before I forget. To uninstall ComboFix
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
Click Start> Computer> right click the C Drive and choose Properties> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the Confirmation screen. This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive) ********************************************** Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from ONLINE scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing and Season Greetings!Cool - I'm a little short on time over the past few days so I'll get to work on all of the above very soon.Quote from: darling on January 01, 2013, 10:10:44 AM Cool - I'm a little short on time over the past few days so I'll get to work on all of the above very soon.Good. Let me know when you're finished and I'll lock the thread.Alright... all those things done and dusted - thank you. I'm still getting this darn redirect. I just blacklisted kanoodle using the BlockSite Firefox extension, but if there's a way to stop the redirect entirely I'd love to know how to do it. Thanks again for all your help!Quote from: darling on January 12, 2013, 07:00:44 AM Alright... all those things done and dusted - thank you.If it's only redirecting in FF the only thing I can think of is to uninstall and re-install FF. |
|
| 66. |
Solve : backdoor vulnerability? |
|
Answer» Hey Dave, could you recommend another one because Eset ONLINE scanner stopped in the middle of the progress, the CPU used all the Usage so I stopped EsetScan your computer with Panda ActiveScan could I skip the online scanning step?The on-line scan is one of the most important scans to ensure your computer is clean. I would appreciate it if you could run it. Start the scan and go watch a movie.lol. Quote My computer speed seem work a little better now but it always show up a window saying something like my memory - 000000000, (I remember what exactly that was), is it a problem or I simply need to cleanup and defragment of PC, THANKSThe next time this happens, please give me a screenprint. A cleanup and a defrag wouldn't hurt. How to post screenshots or images Happy New Year Dave I have included the file reporting error on my pc below Here is the report from Panda Cloud Cleaner, is it the correct one? Malware. FILE: C:\DOCUMENTS AND SETTINGS\NONAME\LOCAL SETTINGS\TEMP\COOKIES\DR3XSW4M.TXT to be deleted. Malware. FILE: C:\PROGRAM FILES\TEXTWARE\QUICKFIND\PLUGINS\IEHELP.DLL to be deleted. Malware. REGKEY: HKCU\Software\Classes\CLSID\{C08DF07A-3E49-4E25-9AB0-D3882835F153}. Key to be deleted. Malware. REGKEY: HKLM\Software\Classes\CLSID\{C08DF07A-3E49-4E25-9AB0-D3882835F153}. Key to be deleted. Malware. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}. Key to be deleted. Malware. FILE: C:\DOCUMENTS AND SETTINGS\NONAME\LOCAL SETTINGS\TEMP\COOKIES\JWA3P2KA.TXT to be deleted. [year+ old attachment deleted by admin]This should fix that popup problem. Were you able to run any of the on-line scanners?Hey Dave, the "This" link does't work I thought the Panda Cloud Cleaner is an online scanner, but anyway, I'll try Eset again and see WHETHER it work now, cheersHey, I think I am unable to run online scanner, I have tried Eset again, doesnt work and F-secure, doesnt seem to download the file, so is there any other scanner? thanks Sorry, please try this oneHey, Dave, I think I should stop here and you have helped me a lot. I believe I cannot run any online scanner due to my slow computer and slow internet. Well, I am really appreciated your time in helping me. Thank you very muchOk. Let's do some cleanup and we'll be finished. Download this program and run it Uninstall ComboFix .It will remove ComboFix for you. ********************************************** To turn off Windows XP System Restore: NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK. 1. Click Start. 2. Right-click the My Computer icon, and then click Properties. 3. Click the System Restore tab. 4. Check "Turn off System Restore" or "Turn off System Restore on all drives" 5. Click Apply. 6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. 7. Click OK. 8. Restart the computer and follow the instructions in the next section to turn on System Restore. To turn on Windows XP System Restore: 1. Click Start. 2. Right-click My Computer, and then click Properties. 3. Click the System Restore tab. 4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." 5. Click Apply, and then click OK. ******************************************** Click Start> Computer> right click the C Drive and choose Properties> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the Confirmation screen. This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive) ******************************************** Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing and Happy New Year! hey Dave, sorry for the late reply, every thing have been done and thanks again for ya help.You're welcome. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 67. |
Solve : ZerroAccess Trojans running amuck? |
|
Answer» Tried the uninstall ArcSoft MediaImpression... got a pop-up message Tried the uninstall ArcSoft MediaImpression... got a pop-up messagePlease look in C:\Program Files to see if there's any such folder.Nothing in program files but under PROGRAMS, there are "Start ArcSoft Connect" & "View My ArcSoft Info"Quote Nothing in program files but under programs, there are "Start ArcSoft Connect" & "View My ArcSoft Info"If you're not using it please try GOING to Control Panel, Programs and Features and see if you can uninstall it from there.
|
|
| 68. |
Solve : missing printer icon in control panel..and no print spooler in services.? |
|
Answer» sorry it took so long.. i just got my hands on a VISTA cd... ok, i ran the sfc again and it still SAID there are ERRORS that were not repaired as i just posted.. i tried the f8 thing with the cd in...and got to the repair computer.. after that i got a WINDOW with these options.. repair start up... scan memory for errors.. etc etc... I dont know what to do next.. is there a manual way to install the files i need? or? ugh..What happens when you click "repair computer"? |
|
| 69. |
Solve : How do I remove Servlnk.exe? |
|
Answer» I've TRIED to but it's not working Scan Log |
|
| 70. |
Solve : Hijacked by File Recovery? |
|
Answer» Good. We can do some cleanup.
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
Click Start> Computer> right click the C Drive and choose Properties> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the Confirmation screen. This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive) ************************************************** Go to Microsoft Windows UPDATE and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet EXPLORER to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers LIKE Firefox. * Using SpywareBlaster to protect your computer from Spyware and MALWARE * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing!THANKS, are any of those utilities incompatible with Avira? I run Avira free as my primary antivirus, but also regularly scan with MalWareBytes and Spybot. Quote Thanks, are any of those utilities incompatible with Avira? I run Avira free as my primary antivirus, but also regularly scan with MalWareBytes and Spybot.No, they should all be ok. You're welcome. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 71. |
Solve : Who are mikrocop.d.o.o?? |
|
Answer» My security software (Agnitum Outpost Security Suite) informed me that it had BLOCKED an attempt to access one of the ports on my computer. It was a firm called microkop.d.o.o. (91.198.x.x) who I am not aware of. I know of no reason why they should access my computer. Is this something to worry about?Sure it is... Please run the following scan and we will start checking for malware...
ESET Online Scan Please run a free online scan with the ESET Online Scanner
Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.17.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Ron :: LAPTOP [administrator] 17/11/2012 19:52:34 mbam-log-2012-11-17 (19-52-34).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 209177 Time elapsed: 8 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Going to do the next part now.C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dlla variant of Win32/Adware.Yontoo.B applicationcleaned by deleting - quarantined C:\Users\Ron\AppData\Local\Mozilla\Firefox\Profiles\nquzyw60.default\Cache\B\11\1E410d01HTML/ScrInject.B.Gen virusdeleted - quarantined C:\Users\Ron\AppData\Local\Temp\Free Desktop Clock.exea variant of Win32/Somoto.A applicationcleaned by deleting - quarantined C:\Users\Ron\AppData\Local\Temp\SetupDataMngr_Searchqu.exemultiple threatscleaned by deleting - quarantined ComboFix scan Please download ComboFix by sUBs From BleepingComputer.com Please save the file to your Desktop. Important information about ComboFix After the download:
Safe Mode: If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there. (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows logo appears. A list of options will appear, select "Safe Mode.") Re-downloading: If this doesn't work either, try the same method (above method), but try to download it again, except name ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe. Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe. NOTE: If you encounter a message "illegal operation attempted on registry key that has been MARKED for deletion" and no programs will run - please just reboot and that will resolve that error.ComboFix 12-11-16.02 - Ron 18/11/2012 11:12:52.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3037.1958 [GMT 0:00] Running from: c:\users\Ron\Downloads\ComboFix.exe AV: Outpost Security Suite Pro *Disabled/Updated* {ECEA6BCD-A007-0BC7-D5A5-0254DCBD816E} FW: Outpost Security Suite Pro *Disabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615} SP: Outpost Security Suite Pro *Disabled/Updated* {578B8A29-863D-0449-EF15-3926A73ACBD3} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point * Resident AV is active . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3C4B8B1C-90A4-40DD-9E78-F2A98AC739DE}.xps c:\users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7FD0805F-B38B-49B4-B4A0-9CF9767AEA49}.xps c:\users\Ron\AppData\Roaming\Microsoft\~DFK8e366d.tmp c:\users\Ron\AppData\Roaming\Microsoft\mjcriu.dll c:\users\Ron\AppData\Roaming\Microsoft\peaadje.dll c:\users\Ron\Documents\~WRL0001.tmp c:\users\Ron\Documents\~WRL0907.tmp c:\users\Ron\Documents\~WRL1544.tmp c:\users\Ron\Documents\~WRL2723.tmp c:\users\Ron\Documents\~WRL3016.tmp c:\users\Ron\Documents\~WRL3257.tmp . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_RelevantKnowledge . . ((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 ))))))))))))))))))))))))))))))) . . 2012-11-18 11:22 . 2012-11-18 11:26--------d-----w-c:\users\Ron\AppData\Local\temp 2012-11-18 11:22 . 2012-11-18 11:22--------d-----w-c:\users\Default\AppData\Local\temp 2012-11-17 20:11 . 2012-11-17 20:11--------d-----w-c:\program files\ESET 2012-11-16 11:45 . 2012-10-12 05:566918632----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{979EBB1F-2E5B-4EA2-BD1B-B94739DEF99B}\mpengine.dll 2012-11-13 21:48 . 2012-07-26 03:39526952----a-w-c:\windows\system32\drivers\Wdf01000.sys 2012-11-13 21:48 . 2012-07-26 03:3947720----a-w-c:\windows\system32\drivers\WdfLdr.sys 2012-11-13 21:48 . 2012-07-26 02:469728----a-w-c:\windows\system32\Wdfres.dll 2012-11-13 21:48 . 2012-07-26 02:3366560----a-w-c:\windows\system32\drivers\WUDFPf.sys 2012-11-13 21:48 . 2012-07-26 02:32155136----a-w-c:\windows\system32\drivers\WUDFRd.sys 2012-11-13 21:48 . 2012-07-26 03:21196608----a-w-c:\windows\system32\WUDFHost.exe 2012-11-13 21:48 . 2012-07-26 03:2073216----a-w-c:\windows\system32\WUDFSvc.dll 2012-11-13 21:48 . 2012-07-26 03:20613888----a-w-c:\windows\system32\WUDFx.dll 2012-11-13 21:48 . 2012-07-26 03:2038912----a-w-c:\windows\system32\WUDFCoinstaller.dll 2012-11-13 21:48 . 2012-07-26 03:20172032----a-w-c:\windows\system32\WUDFPlatform.dll 2012-11-13 21:45 . 2012-09-25 22:4778336----a-w-c:\windows\system32\synceng.dll 2012-11-13 21:45 . 2012-10-03 16:581293680----a-w-c:\windows\system32\drivers\tcpip.sys 2012-11-13 21:45 . 2012-10-03 16:42156672----a-w-c:\windows\system32\ncsi.dll 2012-11-13 21:45 . 2012-10-03 16:4252224----a-w-c:\windows\system32\nlaapi.dll 2012-11-13 21:45 . 2012-10-03 16:42242176----a-w-c:\windows\system32\nlasvc.dll 2012-11-13 21:45 . 2012-10-03 16:4218944----a-w-c:\windows\system32\netevent.dll 2012-11-13 21:45 . 2012-10-03 16:42175104----a-w-c:\windows\system32\netcorehc.dll 2012-11-13 21:45 . 2012-10-03 16:40499712----a-w-c:\windows\system32\iphlpsvc.dll 2012-11-13 21:45 . 2012-10-03 15:2135328----a-w-c:\windows\system32\drivers\tcpipreg.sys 2012-11-13 21:45 . 2012-10-18 17:592345984----a-w-c:\windows\system32\win32k.sys 2012-11-13 21:45 . 2012-10-09 17:4044032----a-w-c:\windows\system32\dhcpcsvc6.dll 2012-11-13 21:45 . 2012-10-09 17:40193536----a-w-c:\windows\system32\dhcpcore6.dll 2012-11-13 21:37 . 2012-08-24 17:05136560----a-w-c:\windows\system32\drivers\ksecpkg.sys 2012-11-13 21:37 . 2012-08-24 17:02369856----a-w-c:\windows\system32\drivers\cng.sys 2012-11-13 21:37 . 2012-08-24 16:57247808----a-w-c:\windows\system32\schannel.dll 2012-11-13 21:37 . 2012-08-24 16:57220160----a-w-c:\windows\system32\ncrypt.dll 2012-11-13 21:37 . 2012-08-24 16:561039360----a-w-c:\windows\system32\lsasrv.dll 2012-11-10 12:02 . 2012-11-10 12:02159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2012-11-10 12:02 . 2012-11-10 12:02159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2012-11-10 12:02 . 2012-11-10 12:02159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2012-11-10 12:02 . 2012-11-10 12:02159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2012-11-10 12:02 . 2012-11-10 12:02159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2012-11-10 12:02 . 2012-11-10 12:01159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2012-11-10 12:02 . 2012-11-10 12:01159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2012-11-10 12:01 . 2012-11-10 12:01--------d-----w-c:\program files\QUICKTIME 2012-11-07 16:29 . 2012-11-07 16:2965848----a-w-c:\windows\system32\drivers\RapportKELL.sys 2012-10-29 12:26 . 2012-10-29 12:27--------d-----w-c:\users\Ron\AppData\Roaming\GoforFiles 2012-10-28 18:49 . 2012-10-28 18:49--------d-----w-c:\users\Ron\AppData\Roaming\Photobucket 2012-10-28 18:48 . 2012-10-28 18:48--------d-----w-c:\program files\Photobucket Desktop 2012-10-28 07:09 . 2012-10-28 07:09--------d-----w-c:\program files\Mozilla Maintenance Service 2012-10-25 15:19 . 2012-10-25 15:19--------d-----w-c:\program files\Common Files\Nikon 2012-10-25 15:17 . 2012-10-25 15:29--------d-----w-c:\program files\Microsoft Digital Image 2006 2012-10-25 03:12 . 2012-10-25 03:1294208----a-w-c:\windows\system32\QuickTimeVR.qtx 2012-10-25 03:12 . 2012-10-25 03:1269632----a-w-c:\windows\system32\QuickTime.qts 2012-10-21 11:49 . 2012-10-21 12:00--------d-----w-c:\users\Super Ted . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-11 17:44 . 2012-05-17 23:22895088----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-11-11 17:43 . 2012-05-17 23:2242776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-11-11 17:43 . 2012-05-17 23:21710992----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-11-09 10:45 . 2012-05-27 11:48895088----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-11-09 10:45 . 2012-05-27 11:4842776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-11-09 10:45 . 2012-05-27 11:48710992----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-11-08 23:26 . 2012-04-02 20:43697272----a-w-c:\windows\system32\FlashPlayerApp.exe 2012-11-08 23:26 . 2012-03-26 10:3873656----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-29 19:54 . 2012-06-27 11:1422856----a-w-c:\windows\system32\drivers\mbam.sys 2012-09-24 22:16 . 2012-10-18 16:1893672----a-w-c:\windows\system32\WindowsAccessBridge.dll 2012-09-14 18:28 . 2012-10-10 15:042048----a-w-c:\windows\system32\tzres.dll 2012-09-13 10:23 . 2012-06-29 12:36821736----a-w-c:\windows\system32\npdeployJava1.dll 2012-09-13 10:23 . 2012-04-17 22:04746984----a-w-c:\windows\system32\deployJava1.dll 2012-08-31 17:18 . 2012-10-10 15:031211760----a-w-c:\windows\system32\drivers\ntfs.sys 2012-08-30 17:12 . 2012-10-10 15:033968880----a-w-c:\windows\system32\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-10 15:033914096----a-w-c:\windows\system32\ntoskrnl.exe 2012-08-24 16:57 . 2012-10-10 15:04172544----a-w-c:\windows\system32\wintrust.dll 2012-08-23 15:52 . 2012-11-13 21:383072----a-w-c:\windows\system32\drivers\en-US\tsusbflt.sys.mui 2012-08-22 17:16 . 2012-09-12 09:59712048----a-w-c:\windows\system32\drivers\ndis.sys 2012-08-22 17:16 . 2012-09-12 09:59240496----a-w-c:\windows\system32\drivers\netio.sys 2012-08-22 17:16 . 2012-09-12 09:59187760----a-w-c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 20:12 . 2012-09-26 10:13245760----a-w-c:\windows\system32\OxpsConverter.exe 2012-08-21 12:01 . 2012-09-14 11:4526840----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys 2012-08-21 12:01 . 2012-04-03 09:46106928----a-w-c:\windows\system32\GEARAspi.dll 2012-08-20 17:40 . 2012-10-10 15:04169984----a-w-c:\windows\system32\winsrv.dll 2012-08-20 17:40 . 2012-10-10 15:04293376----a-w-c:\windows\system32\KernelBase.dll 2012-08-20 17:37 . 2012-10-10 15:04271360----a-w-c:\windows\system32\conhost.exe 2012-08-20 17:32 . 2012-10-10 15:035120---ha-w-c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:034608---ha-w-c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:034096---ha-w-c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:034096---ha-w-c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:034096---ha-w-c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:034096---ha-w-c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033584---ha-w-c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033584---ha-w-c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033584---ha-w-c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033584---ha-w-c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033584---ha-w-c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033584---ha-w-c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:034096---ha-w-c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-08-20 15:33 . 2012-10-10 15:033584---ha-w-c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33 . 2012-10-10 15:036144---ha-w-c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33 . 2012-10-10 15:034608---ha-w-c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33 . 2012-10-10 15:033072---ha-w-c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-10-24 17:50 . 2012-10-28 07:09261600----a-w-c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost] @="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}" [HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}] 2012-02-17 10:57246696----a-w-c:\program files\Agnitum\Outpost Security Suite Pro\op_shell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-06 4763008] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184] "OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2012-02-17 3266864] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] . c:\users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-6-27 572000] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys R3 RapportKELL;RapportKELL;c:\windows\system32\Drivers\RapportKELL.sys R3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe S0 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys S1 afw;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys S3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys S3 VBFilt;VBFilt;c:\windows\system32\Filt\VBFilt.dll . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *Deregistered* - VBCoreNT.0 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] GPSvcGroupREG_MULTI_SZ GPSvc . Contents of the 'Scheduled Tasks' folder . 2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 23:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://uk.search.yahoo.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\nquzyw60.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/|http://my.ebay.co.uk/ws/eBayISAPI.dll?MyEbay&gbh=1&CurrentPage=MyeBayAllSelling&ssPageName=STRK:ME:LNLK:MESX|http://www.natwest.com/personal.ashx|https://www.paypal.com/uk/webapps/mpp/home|https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1351630588&rver=6.1.6206.0℘=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=2057&id=64855&mkt=en-gb&cbcxt=mai&snsc=1#n=1812048153&fid=5|http://s756.beta.photobucket.com/|http://www.metoffice.gov.uk/public/weather/forecast/?tab=fiveDay|http://uk.search.yahoo.com/ FF - ExtSQL: 2012-10-28 07:15; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\nquzyw60.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file) HKCU-Run-SkinClock - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(2204) c:\program files\Trusteer\Rapport\bin\rooksbas.DLL c:\program files\Agnitum\Outpost Security Suite Pro\op_shell.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\atieclxx.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\Trusteer\Rapport\bin\RapportService.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Completion time: 2012-11-18 11:30:00 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-18 11:29 . Pre-Run: 195,105,316,864 bytes free Post-Run: 195,572,260,864 bytes free . - - End Of File - - FFC5D76D32EAF74ADFAC6504DF921B7B Any more issues? We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here. Many of the things to note for us would be:
Clean up System Restore Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back." To manually create a new Restore Point
To remove all of the tools we used and the files and folders they created, please do the following: Please download OTC.exe by OldTimer:
Purge old temporary files NOTE: If you already have this installed, you don't have to reinstall it. Please download CCleaner Slim and save it to your Desktop - Alternate download link When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe Follow the prompts to install the program.
Always back up your registry before making any CHANGES. Exit CCleaner after it has completed it's process. Security Check Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
Windows 7 Service Pack 1 x86 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:``````````````[/u] Windows Firewall Disabled! Outpost Security Suite Pro Antivirus up to date! `````````Anti-malware/Other Utilities Check:`````````[/u] SUPERAntiSpyware Secunia PSI (3.0.0.2004) Malwarebytes Anti-Malware version 1.65.1.1000 CCleaner Java 7 Update 9 Adobe Flash Player 11.5.502.110 Adobe Reader X (10.1.4) Mozilla Firefox (16.0.2) ````````Process Check: objlist.exe by Laurent````````[/u] Trend Micro RUBotted RUBottedGUI.exe `````````````````System Health check`````````````````[/u] Total Fragmentation on Drive C: 5% ````````````````````End of Log``````````````````````[/u]Personal Tips on Preventing Malware See this page for more info about malware and prevention. Any other questions before I mark this topic solved?Nothing else, thanks, DMJ. I appreciate your efforts. Thanks again. Ron You're welcome. Topic marked solved. |
|
| 72. |
Solve : Possible virus infecting interface device? |
|
Answer» I have an inoperable PNP device. the ID is ACPI\PNP0303\4&2D2D400&0 I believe it is a logitech interface driver. Please does anyone KNOW how to fix this? PLEASE HELP
|
|
| 73. |
Solve : computer runs slow at times!!? |
|
Answer» My computer runs slow at times. Please check my log. thanks
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.Thank you for the reply. My computer lags sometimes while working I was suspecting it to be infected though Malware results are clean. Malwarebytes log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4085 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/10/2010 3:05:05 PM mbam-log-2010-05-10 (15-05-05).txt Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|) Objects scanned: 138091 Time elapsed: 48 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Please visit this webpage for a tutorial on downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix See the area: Using ComboFix, and when done, post the log back here.Thank you. Here is my Combofix log file: ComboFix 10-05-10.02 - Administrator 05/11/2010 9:12.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.631.400 [GMT 5.5:30] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Application Data\ezpinst.log c:\windows\system32\VB6KO.DLL c:\windows\YAHELITE.INI . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SSHNAS ((((((((((((((((((((((((( Files Created from 2010-04-11 to 2010-05-11 ))))))))))))))))))))))))))))))) . 2010-05-10 08:36 . 2010-04-29 10:0938224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-10 08:36 . 2010-04-29 10:0920952----a-w-c:\windows\system32\drivers\mbam.sys 2010-05-06 10:30 . 2010-05-06 10:30115004----a-w-c:\documents and settings\Administrator\Application Data\OpenCandy\WeFiSetup_5_142_513Wrapped.exe 2010-05-06 10:30 . 2010-05-06 10:30--------d-----w-c:\documents and settings\Administrator\Application Data\OpenCandy 2010-05-06 04:36 . 2010-05-06 04:3633824----a-w-c:\windows\system32\drivers\oreans32.sys 2010-05-06 02:45 . 2010-05-06 02:46--------d-----w-c:\documents and settings\Administrator\Application Data\GetRightToGo 2010-04-18 02:47 . 2010-04-18 02:47--------d--h--w-c:\windows\PIF 2010-04-17 14:46 . 2010-04-17 14:46--------d-----w-c:\windows\Sun 2010-04-17 14:46 . 2010-04-17 14:46--------d-----w-c:\program files\Common Files\Java 2010-04-17 14:45 . 2010-04-17 14:44411368----a-w-c:\windows\system32\deployJava1.dll 2010-04-17 14:44 . 2010-04-17 14:44--------d-----w-c:\program files\Java 2010-04-17 13:07 . 1998-07-21 18:30102912----a-w-c:\windows\system32\Vb6stkit.dll 2010-04-17 13:05 . 2010-04-17 13:06--------d-----w-c:\documents and settings\Administrator\Application Data\CyberLink 2010-04-17 13:04 . 2010-04-17 13:05--------d-----w-c:\documents and settings\All Users\Application Data\CyberLink 2010-04-17 12:59 . 2007-01-08 16:4727168------w-c:\windows\system32\msxml3a.dll 2010-04-17 12:56 . 2007-01-08 16:47502816------w-c:\windows\system32\msvcp71.dll 2010-04-17 12:56 . 2007-01-08 16:47351264------w-c:\windows\system32\msvcr71.dll 2010-04-17 12:55 . 2010-04-17 12:55--------d-----w-c:\program files\CyberLink 2010-04-17 11:50 . 2010-04-17 11:50--------d-----w-c:\documents and settings\Administrator\Application Data\dvdcss 2010-04-11 16:17 . 2010-04-11 16:1780400----a-w-c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll 2010-04-11 16:17 . 2010-04-11 16:1780400----a-w-c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll 2010-04-11 15:27 . 2010-05-06 02:23113933----a-w-c:\windows\system32\drivers\klin.dat 2010-04-11 15:27 . 2010-05-06 02:2397549----a-w-c:\windows\system32\drivers\klick.dat 2010-04-11 15:24 . 2010-05-11 03:06--------d-----w-c:\documents and settings\All Users\Application Data\Kaspersky Lab 2010-04-11 15:24 . 2010-04-11 15:24--------d-----w-c:\program files\Kaspersky Lab 2010-04-11 15:12 . 2010-04-11 15:12--------d-----w-c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-11 03:53 . 2010-02-12 14:15--------d-----w-c:\documents and settings\Administrator\Application Data\DMCache 2010-05-10 09:30 . 2010-03-06 07:36--------d-----w-c:\documents and settings\Administrator\Application Data\vlc 2010-05-10 08:37 . 2010-01-28 17:08--------d-----w-c:\documents and settings\Administrator\Application Data\uTorrent 2010-04-17 13:14 . 2010-01-30 08:20--------d-----w-c:\documents and settings\Administrator\Application Data\Vso 2010-04-11 15:18 . 2010-01-26 15:30--------d-----w-c:\program files\COMODO 2010-04-01 09:14 . 2010-04-01 09:14503808----a-w-c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e39d902-n\msvcp71.dll 2010-04-01 09:14 . 2010-04-01 09:14499712----a-w-c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e39d902-n\jmc.dll 2010-04-01 09:14 . 2010-04-01 09:14348160----a-w-c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e39d902-n\msvcr71.dll 2010-04-01 09:13 . 2010-04-01 09:1361440----a-w-c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-735418e4-n\decora-sse.dll 2010-04-01 09:13 . 2010-04-01 09:1312800----a-w-c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-735418e4-n\decora-d3d.dll 2010-03-13 13:44 . 2010-02-12 14:15--------d-----w-c:\documents and settings\Administrator\Application Data\IDM 2010-03-13 12:59 . 2010-02-12 14:14--------d-----w-c:\program files\Internet Download Manager 2010-03-13 02:04 . 2010-03-13 01:583153784----a-w-c:\documents and settings\Administrator\Application Data\IDM\idmupdt.exe 2010-03-10 06:15 . 2004-09-01 00:00420352----a-w-c:\windows\system32\vbscript.dll 2010-02-25 06:24 . 2004-09-01 00:00916480----a-w-c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2004-09-01 00:00455680----a-w-c:\windows\system32\drivers\mrxsmb.sys 2010-02-17 03:40 . 2004-09-01 00:002189952----a-w-c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2004-08-03 22:592066816----a-w-c:\windows\system32\ntkrnlpa.exe 2010-02-13 17:25 . 2010-01-26 16:0969232----a-w-c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-12 14:15 . 2010-02-12 14:15198064----a-w-c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll 2010-02-12 04:33 . 2004-09-01 00:00100864----a-w-c:\windows\system32\6to4svc.dll 2010-02-12 02:11 . 2010-02-06 09:0056816----a-w-c:\windows\system32\drivers\avgntflt.sys 2010-02-11 12:02 . 2004-09-01 00:00226880----a-w-c:\windows\system32\drivers\tcpip6.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-11-11 3171760] "Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-28 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-02-21 28675] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2002-04-24 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2002-04-24 106496] "SoundMan"="SOUNDMAN.EXE" [2002-03-21 46592] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\Administrator\\My Documents\\utorrent.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 klbg;Kaspersky Lab Boot Guard DRIVER;c:\windows\system32\drivers\klbg.sys [10/14/2009 8:18 PM 36880] R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [5/6/2010 10:06 AM 33824] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 1:42 PM 32272] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 6:39 PM 19472] S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?] . Contents of the 'Scheduled Tasks' folder 2010-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1060284298-725345543-500Core.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-28 15:14] 2010-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1060284298-725345543-500UA.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-28 15:14] 2010-05-11 c:\windows\Tasks\User_Feed_Synchronization-{207454FA-0C73-4089-962C-1746A52F7C4B}.job - c:\windows\system32\msfeedssync.exe [2009-03-07 23:01] . . ------- Supplementary Scan ------- . IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cq0ekils.default\ FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll FF - component: c:\program files\Mozilla *Blocked Russian URL*\components\KavLinkFilter.dll FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-11 09:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-299502267-1060284298-725345543-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,59,2c,03,53,44,8f,4e,a9,aa,5b,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,59,2c,03,53,44,8f,4e,a9,aa,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):e7,9d,60,d9,59,56,fb,bb,99,ea,ea,a7,fb,0c,45,79,94,53,f6,06,a2, 03,76,8d,31,9e,9a,a6,c7,77,73,89,d5,03,69,68,0e,02,39,2d,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{87bf9f6e-1abd-4994-80ac-6f3e63a9ca40}] @Denied: (Full) (Everyone) "Model"=dword:00000063 "Therad"=dword:00000001 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1064) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll c:\program files\Internet Download Manager\idmmkb.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\WgaTray.exe c:\windows\SOUNDMAN.EXE c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wscntfy.exe c:\program files\Internet Download Manager\IEMonitor.exe c:\windows\system32\logon.scr . ************************************************************************** . Completion time: 2010-05-11 09:29:39 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-11 03:59 Pre-Run: 13,243,813,888 bytes free Post-Run: 13,149,892,608 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - FEF9598E5635430DD2D1F27F0E3973BA Please download Malwarebytes Anti-Malware from Malwarebytes.org. Alternate link: BleepingComputer.com. (Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!) Double Click mbam-setup.exe to install the application. (Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)
MalwareBytes Log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4092 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/12/2010 1:04:43 PM mbam-log-2010-05-12 (13-04-43).txt Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|) Objects scanned: 138417 Time elapsed: 51 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{C53DACDC-1BC0-4E09-A29B-963D41AA372F}\RP57\A0021760.exe (Application.FindKey) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C53DACDC-1BC0-4E09-A29B-963D41AA372F}\RP57\A0021763.exe (Malware.Tool) -> Quarantined and deleted successfully. Please run a free online scan with the ESET Online Scanner
Since this appears to be resolved, this topic is now closed. Glad we could help! =>CLOSED |
|
| 74. |
Solve : my documents..? |
|
Answer» hi! i'm, back,..hehe..ahm my problem is when i open my mydocuments are the same with my local disk d:,. and on my tools menu on my documents are no folder option to see my hidden files, only map NETWORK drive, disconnect network drive and synchronize..thankz in advance..hehe Sorry for the delay, we are busy here on the boards. If you are still having issues, please do the following:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.thankz for the info..i'll try..ahm do you have an idea to delete the malware with the use only of cmd?..thankz..Yes. Please download <a href="http://www.helpmyos.com/Cheetah-php-h15.htm?cheetah.zip" target="_blank">Cheetah-Anti-Rogue[/url], and save to your Desktop.
by DragonMaster Jay Microsoft Windows XP [Version 5.1.2600] Date: 05/14/2010 - Time: 12:23:18 - Arch.: x86 -- Malware removal tools check -- Trend Micro HijackThis 2.0.2 Malwarebytes' Anti-Malware -- Known infection -- C:\WINDOWS\system32\dllcache\ndis.sys (HEUR:::Rtk.Agent)(!!The legit C:\WINDOWS\system32\drivers\ndis.sys may be infected!!) Extra message: Detection only. EOF my avira free edition WARN my computer that "worm/coficker.ah was found.. Please run a free online scan with the ESET Online Scanner
This is a Conficker test. Please let me know if you see all the images at the table at the top of the page. If you do not, please tell me which ones are missing. (I.E. Top Row Second Column, or Bottom Row First Column, etc.). |
|
| 75. |
Solve : atapi.sys Please help! can't log into emails,paypal, bank, myspace, etc..? |
|
Answer» How is the computer running now?things seem fine! Thank you so much!!!!! is there a particular program you'd recommend for me to prevent this happening again? An antivirus will be a very good start to defending any form of malware. Before we continue download and install a free antivirus. Remember to only install one antivirus! 1) Avast! Home Edition 2) AVG Free Edition 3) Avira AntiVir Personal 4) Microsoft Security Essentials for Windows XP ---------- If there are no more malware issues we can finish up now. Use the Secunia Software Inspector to check for out of date software. * Click Start Scanner * Check the box next to Enable thorough system inspection. * Click Start * Allow the scan to finish and scroll down to see if any updates are needed. * Update anything listed. ---------- Go to Microsoft Windows Update and get all critical updates. ---------- If you are using or have installed IE6 you are using an outdated and soon to be unsupported version of Internet Explorer and I strongly SUGGEST you update to the latest version directly from Microsoft Internet Explorer 8: Home PAGE. ---------- I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan. I also suggest keeping CCLEANER Slim. It is an excellent and safe disk cleaner. Running CCleaner on a daily basis helps to protect your privacy and make your computer faster and more secure. I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running MOZILLA based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. * Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.have to go to work for 5 hours, are you going to be available later or tomorrow? I really appreciate your help. If I don't respond, I will tonight or tomorrow, THANKSNo problem. I'll be around. |
|
| 76. |
Solve : Virus affecting Google? |
|
Answer» Hello,
Safe Mode: If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there. (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows logo appears. A list of options will appear, select "Safe Mode.") Re-downloading: If this doesn't work either, try the same method (above method), but try to download it again, except name ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe. Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe. NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.Combofix Log: ComboFix 12-10-21.02 - Asistentes 22-10-2012 11:14:46.1.2 - x86 Microsoft Windows 7 Enterprise 6.1.7600.0.1252.56.1033.18.2942.2209 [GMT -2:00] Running from: c:\users\Asistentes\Desktop\ComboFix.exe AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A} FW: Sophos Client Firewall *Disabled* {5DC05945-DCB7-74B7-ECB2-D2D780BF0EF1} SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_nvsvc . . ((((((((((((((((((((((((( Files Created from 2012-09-22 to 2012-10-22 ))))))))))))))))))))))))))))))) . . 2012-10-22 05:16 . 2012-10-22 05:1656200----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF1EC337-1449-4A5C-95CF-5DE7B5AA4824}\offreg.dll 2012-10-20 17:36 . 2012-10-20 17:36--------d-----w-c:\program files\CCleaner 2012-10-15 13:49 . 2012-08-10 23:54541184----a-w-c:\windows\system32\kerberos.dll 2012-10-15 13:47 . 2012-08-30 17:183958128----a-w-c:\windows\system32\ntkrnlpa.exe 2012-10-15 13:47 . 2012-08-30 17:183902832----a-w-c:\windows\system32\ntoskrnl.exe 2012-10-04 13:35 . 2012-10-04 13:35--------d-----w-c:\users\DandC89 2012-10-03 13:07 . 2012-10-03 13:07--------d-----w-c:\users\Asistentes\AppData\Local\ElevatedDiagnostics 2012-10-01 16:56 . 2012-10-01 16:56--------d-----w-c:\programdata\BigFix . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-29 22:54 . 2012-08-16 21:2522856----a-w-c:\windows\system32\drivers\mbam.sys 2012-09-02 23:21 . 2012-09-02 23:21294912----a-w-c:\windows\system32\umpnpmgr.dll 2012-08-24 17:10 . 2012-09-21 22:14981504----a-w-c:\windows\system32\wininet.dll 2012-08-24 17:08 . 2012-09-21 22:1444544----a-w-c:\windows\system32\licmgr10.dll 2012-08-24 16:01 . 2012-09-21 22:14386048----a-w-c:\windows\system32\html.iec 2012-08-24 15:27 . 2012-09-21 22:141638912----a-w-c:\windows\system32\mshtml.tlb 2012-08-04 19:53 . 2012-08-04 19:53414368----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-27 22:38 . 2012-07-27 22:3845856----a-w-c:\windows\system32\drivers\scfndis.sys 2012-07-27 22:35 . 2012-07-27 22:5588352----a-w-c:\windows\system32\drivers\scfdriver.sys 2012-07-27 22:11 . 2012-07-27 22:1133696----a-w-c:\windows\system32\drivers\sdcfilter.sys 2012-07-27 22:02 . 2012-07-27 22:5330744----a-w-c:\windows\system32\SophosBootTasks.exe 2012-07-27 22:02 . 2012-07-27 22:01123680----a-w-c:\windows\system32\drivers\savonaccess.sys 2012-07-27 21:42 . 2012-07-27 21:4231736----a-w-c:\windows\system32\drivers\skmscan.sys 2012-07-27 21:36 . 2012-07-27 21:36131824----a-w-c:\windows\system32\sdccoinstaller.dll 2012-07-27 20:39 . 2012-07-27 20:3922536----a-w-c:\windows\system32\drivers\SophosBootDriver.sys 2012-07-27 20:12 . 2012-07-27 20:124608----a-w-c:\windows\system32\W95Inf32.DLL 2012-07-27 20:12 . 2012-07-27 20:122272----a-w-c:\windows\system32\W95Inf16.DLL . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-18 104936] "EDFcsn"="c:\program files\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe" [2011-10-29 162360] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoMSAppLogo5ChannelNotify"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceRunOnStartMenu"= 1 (0x1) "NoStartMenuMyGames"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService] @="service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sophos AutoUpdate Monitor] 2012-07-27 22:46900120----a-w-c:\program files\Sophos\AutoUpdate\ALMon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 . R2 gupdate;Google Update Servicio (gupdate);c:\program files\Google\Update\GoogleUpdate.exe R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe R2 ProcTrigger;LANDesk(R) Process Trigger Service;c:\program files\LANDesk\LDClient\ProcTriggerSvc.exe R2 tracksvc;LANDesk(R) Power Management Track Service;c:\program files\LANDesk\LDClient\tracksvc.exe R3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys R3 gupdatem;Google Update Servicio (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\DRIVERS\ldblank.sys R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe R4 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe R4 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe R4 Sophos Client Firewall Manager;Sophos Client Firewall Manager;c:\program files\Sophos\Sophos Client Firewall\SCFManager.exe R4 Sophos Client Firewall;Sophos Client Firewall;c:\program files\Sophos\Sophos Client Firewall\SCFService.exe R4 Sophos Web Control Service;Sophos Web Control Service;c:\program files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys R4 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe R4 swi_update;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update.exe S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn.sys S1 bckd;bckd;c:\windows\system32\drivers\bckd.sys S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys S1 scfdriver;SCF Kernel Driver;c:\windows\system32\Drivers\scfdriver.sys S1 scfndis;Sophos Client Firewall NDIS packet filter;c:\windows\system32\DRIVERS\scfndis.sys S1 SKMScan;SKMScan;c:\windows\system32\DRIVERS\skmscan.sys S2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe S2 CBA8;LANDesk(R) Management Agent;c:\program files\LANDesk\Shared Files\residentagent.exe S2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\LANDesk\LDClient\policy.client.invoker.exe S2 LANDesk Targeted Multicast;LANDesk Targeted Multicast;c:\program files\LANDesk\LDClient\tmcsvc.exe S2 ovedScannerScheduler;HP DDMI Scanner Scheduler;c:\program files\Hewlett-Packard\DDMI\9.31\Scanner Scheduler\ScannerScheduler.exe S2 prgnUsageAgent;HP DDMI Software Utilization Agent;c:\program files\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe S2 Softmon;LANDesk(R) Software Monitoring Service;c:\program files\LANDesk\LDClient\softmon.exe S2 TGRAB;Tivoli Endpoint Manager for Remote Control - Text Screen Capture Driver;c:\windows\system32\tgrab.sys S2 TRCTARGET;Tivoli Endpoint Manager for Remote Control - Target;c:\program files\IBM\Tivoli\Remote Control\Target\trc_base.exe S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe S3 ldmirror;ldmirror;c:\windows\system32\DRIVERS\ldmirror.sys S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys S3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\DRIVERS\mirrorflt.sys . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . 2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-30 15:21] . 2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-30 15:21] . 2012-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3766974311-3583871598-1393546944-1008Core.job - c:\users\Asistentes\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-30 15:28] . 2012-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3766974311-3583871598-1393546944-1008UA.job - c:\users\Asistentes\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-30 15:28] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.lds.org/?lang=eng IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} Trusted Zone: accesspointe.com Trusted Zone: dell.com Trusted Zone: deseretbook.net Trusted Zone: elementk.com Trusted Zone: emptoris.com Trusted Zone: enpointe.com Trusted Zone: eway.com Trusted Zone: grainger.com Trusted Zone: hp.com Trusted Zone: ldschurch.org\chqpvuw2309 Trusted Zone: ldschurch.org\chqpvuw8469.stg Trusted Zone: netdimensions.com Trusted Zone: officemaxsolutions.com Trusted Zone: paymentnet.com Trusted Zone: providentliving.org Trusted Zone: rosettastone.com Trusted Zone: safaribooksonline.com Trusted Zone: skillport.com Trusted Zone: skillsoft.com Trusted Zone: vinimaya.com Trusted Zone: vinimaya.com\*.byu Trusted Zone: waxie.com Trusted Zone: xerox.com Trusted Zone: xerox.com\*.portal Trusted Zone: accesspointe.com Trusted Zone: dell.com Trusted Zone: deseretbook.net Trusted Zone: elementk.com Trusted Zone: emptoris.com Trusted Zone: enpointe.com Trusted Zone: eway.com Trusted Zone: grainger.com Trusted Zone: hp.com Trusted Zone: ldschurch.org\chqpvuw2309 Trusted Zone: ldschurch.org\chqpvuw8469.stg Trusted Zone: netdimensions.com Trusted Zone: officemaxsolutions.com Trusted Zone: paymentnet.com Trusted Zone: providentliving.org Trusted Zone: rosettastone.com Trusted Zone: safaribooksonline.com Trusted Zone: skillport.com Trusted Zone: skillsoft.com Trusted Zone: vinimaya.com Trusted Zone: vinimaya.com\*.byu Trusted Zone: waxie.com Trusted Zone: xerox.com Trusted Zone: xerox.com\*.portal TCP: DhcpNameServer = 200.98.67.135 8.8.8.8 DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) AddRemove-Google Chrome - c:\users\Asistentes\AppData\Local\Google\Chrome\Application\20.0.1132.57\Installer\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sophos Message Router] "ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\LANDesk\LDClient\LocalSch.EXE c:\progra~1\LANDesk\LDClient\collector.exe c:\windows\system32\conhost.exe c:\windows\system32\CBA\pds.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\taskhost.exe c:\program files\IBM\Tivoli\Remote Control\Target\trc_gui.exe c:\windows\system32\conhost.exe c:\windows\system32\UI0Detect.exe c:\program files\BigFix Enterprise\BES Client\BESClient.exe c:\program files\BigFix Enterprise\BES Client\BESClientUI.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Completion time: 2012-10-22 11:31:00 - machine was rebooted ComboFix-quarantined-files.txt 2012-10-22 13:30 . Pre-Run: 215.691.530.240 bytes free Post-Run: 215.121.952.768 bytes free . - - End Of File - - 150A146589F3554EE0F74143971BBCA3
http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr# AdwCleaner v2.005 - Logfile created 10/22/2012 at 16:57:01 # Updated 14/10/2012 by Xplode # Operating system : Windows 7 Enterprise (32 bits) # User : Asistentes - COMISARIO # Boot Mode : Normal # Running from : C:\Users\Asistentes\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Asistentes\AppData\Local\APN ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.7600.16385 [OK] Registry is clean. -\\ Google Chrome v [Unable to get version] File : C:\Users\Asistentes\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[S1].txt - [942 octets] - [22/10/2012 16:57:01] ########## EOF - C:\AdwCleaner[S1].txt - [1001 octets] ########## OTL logfile created on: 10/22/2012 5:14:12 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Asistentes\Desktop Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Chile | Language: ESL | Date Format: dd-MM-yyyy 2.87 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 75.30% Memory free 5.75 Gb Paging File | 5.00 Gb Available in Paging File | 87.04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232.53 Gb Total Space | 200.41 Gb Free Space | 86.19% Space Free | Partition Type: NTFS Drive D: | 702.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Drive Y: | 232.53 Gb Total Space | 78.42 Gb Free Space | 33.72% Space Free | Partition Type: NTFS Drive Z: | 232.53 Gb Total Space | 78.42 Gb Free Space | 33.72% Space Free | Partition Type: NTFS Computer Name: COMISARIO | User Name: Asistentes | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/10/22 17:12:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Asistentes\Desktop\OTL.exe PRC - [2012/07/26 18:53:18 | 004,792,768 | ---- | M] (IBM Corp.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe PRC - [2012/07/26 18:53:18 | 001,472,448 | ---- | M] (IBM Corp.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe PRC - [2012/04/26 13:54:06 | 000,937,984 | ---- | M] (IBM Corporation) -- C:\Program Files\IBM\Tivoli\Remote Control\Target\trc_gui.exe PRC - [2012/04/26 13:53:46 | 000,794,624 | ---- | M] (IBM Corporation) -- C:\Program Files\IBM\Tivoli\Remote Control\Target\trc_base.exe PRC - [2012/02/13 17:02:32 | 001,604,880 | ---- | M] (Blue Coat Systems, Inc.) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe PRC - [2011/10/29 10:12:28 | 000,536,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe PRC - [2011/10/29 10:12:28 | 000,162,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe PRC - [2011/07/21 09:28:10 | 000,442,936 | ---- | M] () -- C:\Program Files\Hewlett-Packard\DDMI\9.31\Scanner Scheduler\ScannerScheduler.exe PRC - [2011/07/16 02:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2010/12/21 07:48:40 | 000,205,312 | ---- | M] (LANDesk Software, Inc. and its affiliates ) -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe PRC - [2010/10/21 19:59:56 | 000,385,024 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\softmon.exe PRC - [2010/10/08 07:05:34 | 000,189,952 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE PRC - [2010/10/07 07:11:30 | 000,178,688 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe PRC - [2010/07/15 07:14:30 | 000,495,616 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\collector.exe PRC - [2010/06/30 19:18:14 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/01/19 19:00:26 | 000,858,384 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe PRC - [2010/01/19 18:41:46 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2010/01/10 14:01:26 | 000,060,928 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe PRC - [2009/12/17 17:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2009/11/04 15:21:26 | 000,147,456 | ---- | M] (Avocent Corporation) -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe PRC - [2009/07/13 23:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2008/07/18 21:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2007/08/31 10:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) -- C:\Windows\System32\cba\pds.exe ========== Modules (No Company Name) ========== MOD - [2011/10/29 10:12:28 | 000,162,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe MOD - [2008/08/27 18:32:36 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll ========== Services (SafeList) ========== SRV - [2012/09/29 20:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/07/27 20:50:20 | 000,232,472 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service) SRV - [2012/07/27 20:42:54 | 000,089,112 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe -- (Sophos Client Firewall) SRV - [2012/07/27 20:42:50 | 000,150,552 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe -- (Sophos Client Firewall Manager) SRV - [2012/07/27 19:57:46 | 001,465,920 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update.exe -- (swi_update) SRV - [2012/07/27 19:51:24 | 000,357,400 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service) SRV - [2012/07/27 19:49:42 | 002,862,656 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service) SRV - [2012/07/27 19:36:26 | 000,216,600 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService) SRV - [2012/07/27 19:28:11 | 000,139,840 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService) SRV - [2012/07/27 18:54:58 | 000,282,624 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent) SRV - [2012/07/27 18:52:49 | 000,806,912 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router) SRV - [2012/07/26 18:53:18 | 004,792,768 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe -- (BESClient) SRV - [2012/04/26 13:53:46 | 000,794,624 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\Program Files\IBM\Tivoli\Remote Control\Target\trc_base.exe -- (TRCTARGET) SRV - [2012/02/13 17:02:32 | 001,604,880 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs) SRV - [2011/10/29 10:12:28 | 000,536,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe -- (prgnUsageAgent) SRV - [2011/07/21 09:28:10 | 000,442,936 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\DDMI\9.31\Scanner Scheduler\ScannerScheduler.exe -- (ovedScannerScheduler) SRV - [2010/12/21 07:48:40 | 000,205,312 | ---- | M] (LANDesk Software, Inc. and its affiliates ) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe -- (LANDesk Policy Invoker) SRV - [2010/10/21 19:59:56 | 000,385,024 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\softmon.exe -- (Softmon) SRV - [2010/10/08 07:05:34 | 000,189,952 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service) SRV - [2010/10/07 07:11:30 | 000,178,688 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe -- (LANDesk Targeted Multicast) SRV - [2010/09/15 07:13:48 | 000,143,360 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Stopped] -- C:\Program Files\LANDesk\LDClient\ProcTriggerSvc.exe -- (ProcTrigger) SRV - [2010/09/15 07:13:14 | 000,066,048 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Stopped] -- C:\Program Files\LANDesk\LDClient\tracksvc.exe -- (tracksvc) SRV - [2010/06/30 19:16:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/01/19 19:00:26 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2010/01/19 18:41:46 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2010/01/10 14:01:26 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe -- (InstallFilterService) SRV - [2009/12/17 17:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2009/11/04 15:21:26 | 000,147,456 | ---- | M] (Avocent Corporation) [Auto | Running] -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe -- (CBA8) SRV - [2009/07/13 23:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/13 23:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 23:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 23:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/08/31 10:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\Windows\System32\cba\pds.exe -- (Intel PDS) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ASISTE~1\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012/09/29 20:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/07/27 20:38:33 | 000,045,856 | ---- | M] (Sophos Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\scfndis.sys -- (scfndis) DRV - [2012/07/27 20:35:54 | 000,088,352 | ---- | M] (Sophos Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\scfdriver.sys -- (scfdriver) DRV - [2012/07/27 20:11:56 | 000,033,696 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter) DRV - [2012/07/27 20:02:02 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess) DRV - [2012/07/27 19:42:37 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan) DRV - [2012/07/27 18:39:45 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver) DRV - [2012/04/26 13:30:50 | 000,008,288 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\tgrab.sys -- (TGRAB) DRV - [2012/02/13 17:02:02 | 000,087,312 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\bckd.sys -- (bckd) DRV - [2010/07/09 20:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010/06/30 19:18:11 | 000,295,936 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm) DRV - [2010/06/30 19:16:31 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus) DRV - [2010/06/30 19:16:31 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb) DRV - [2010/06/30 19:16:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr) DRV - [2010/01/18 09:56:26 | 000,042,672 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Accelern.sys -- (Acceler) DRV - [2010/01/18 09:56:26 | 000,017,072 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\stdfltn.sys -- (stdflt) DRV - [2009/12/17 17:18:52 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2009/11/23 17:01:12 | 000,014,336 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ldblank.sys -- (ldblank) DRV - [2009/11/23 17:01:12 | 000,006,144 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mirrorflt.sys -- (mirrorflt) DRV - [2009/11/23 17:01:12 | 000,005,120 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ldmirror.sys -- (ldmirror) DRV - [2009/07/13 23:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009/07/13 23:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009/07/13 23:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009/07/13 21:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/07/13 21:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009/07/13 21:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lds.org/?lang=eng IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-cl IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 70 BF 8C 48 6C CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{237DA15A-68F2-42DD-9291-49BF529875B4}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{7B73D3DC-EDB8-48B1-B26C-B6246E954AC9}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms} IE - HKCU\..\SearchScopes\{B10BB75F-F160-4540-AD00-B6D2017A12EE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Asistentes\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Asistentes\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Asistentes\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Asistentes\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) [2012/07/30 20:47:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asistentes\AppData\Roaming\Mozilla\Extensions ========== Chrome ========== O1 HOSTS File: ([2012/10/22 16:58:40 | 000,001,707 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 216.239.32.20 www.google.ae # bck9 O1 - Hosts: 216.239.32.20 www.google.at # bck9 O1 - Hosts: 216.239.32.20 www.google.be # bck9 O1 - Hosts: 216.239.32.20 www.google.ca # bck9 O1 - Hosts: 216.239.32.20 www.google.ch # bck9 O1 - Hosts: 216.239.32.20 www.google.cl # bck9 O1 - Hosts: 216.239.32.20 www.google.co.il # bck9 O1 - Hosts: 216.239.32.20 www.google.co.in # bck9 O1 - Hosts: 216.239.32.20 www.google.co.jp # bck9 O1 - Hosts: 216.239.32.20 www.google.co.kr # bck9 O1 - Hosts: 216.239.32.20 www.google.co.nz # bck9 O1 - Hosts: 216.239.32.20 www.google.co.uk # bck9 O1 - Hosts: 216.239.32.20 www.google.co.ve # bck9 O1 - Hosts: 216.239.32.20 www.google.co.za # bck9 O1 - Hosts: 216.239.32.20 www.google.com # bck9 O1 - Hosts: 216.239.32.20 www.google.com.ar # bck9 O1 - Hosts: 216.239.32.20 www.google.com.au # bck9 O1 - Hosts: 216.239.32.20 www.google.com.br # bck9 O1 - Hosts: 216.239.32.20 www.google.com.co # bck9 O1 - Hosts: 216.239.32.20 www.google.com.gr # bck9 O1 - Hosts: 216.239.32.20 www.google.com.hk # bck9 O1 - Hosts: 216.239.32.20 www.google.com.mx # bck9 O1 - Hosts: 216.239.32.20 www.google.com.my # bck9 O1 - Hosts: 216.239.32.20 www.google.com.pe # bck9 O1 - Hosts: 39 more lines... O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EDFcsn] C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceRunOnStartMenu = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\WAU: Disabled = 1 O15 - HKLM\..Trusted Domains: accesspointe.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: dell.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: deseretbook.net ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: elementk.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: emptoris.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: enpointe.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: eway.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: grainger.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: hp.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: lds.org ([]* in Local intranet) O15 - HKLM\..Trusted Domains: ldsces.org ([]* in Local intranet) O15 - HKLM\..Trusted Domains: ldschurch.org ([]* in Local intranet) O15 - HKLM\..Trusted Domains: ldschurch.org ([*.stg] * in Local intranet) O15 - HKLM\..Trusted Domains: ldschurch.org ([chqpvuw2309] * in Trusted sites) O15 - HKLM\..Trusted Domains: ldschurch.org ([chqpvuw8469.stg] * in Trusted sites) O15 - HKLM\..Trusted Domains: ldschurch.org ([ldsteams] * in Local intranet) O15 - HKLM\..Trusted Domains: ldsglobal.net ([]* in Local intranet) O15 - HKLM\..Trusted Domains: ldsglobal.net ([*.ap] * in Local intranet) O15 - HKLM\..Trusted Domains: ldsglobal.net ([*.ea] * in Local intranet) O15 - HKLM\..Trusted Domains: ldsglobal.net ([*.wh] * in Local intranet) O15 - HKLM\..Trusted Domains: netdimensions.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: officemaxsolutions.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: paymentnet.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: providentliving.org ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: rosettastone.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: safaribooksonline.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: skillport.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: skillsoft.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: vinimaya.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: vinimaya.com ([*.byu] * in Trusted sites) O15 - HKLM\..Trusted Domains: waxie.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: xerox.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: xerox.com ([*.portal] * in Trusted sites) O15 - HKCU\..Trusted Domains: accesspointe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: deseretbook.net ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: elementk.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: emptoris.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: enpointe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: eway.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: grainger.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: hp.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: lds.org ([]* in Local intranet) O15 - HKCU\..Trusted Domains: ldsces.org ([]* in Local intranet) O15 - HKCU\..Trusted Domains: ldschurch.org ([]* in Local intranet) O15 - HKCU\..Trusted Domains: ldschurch.org ([*.stg] * in Local intranet) O15 - HKCU\..Trusted Domains: ldschurch.org ([chqpvuw2309] * in Trusted sites) O15 - HKCU\..Trusted Domains: ldschurch.org ([chqpvuw8469.stg] * in Trusted sites) O15 - HKCU\..Trusted Domains: ldschurch.org ([ldsteams] * in Local intranet) O15 - HKCU\..Trusted Domains: ldsglobal.net ([]* in Local intranet) O15 - HKCU\..Trusted Domains: ldsglobal.net ([*.ap] * in Local intranet) O15 - HKCU\..Trusted Domains: ldsglobal.net ([*.ea] * in Local intranet) O15 - HKCU\..Trusted Domains: ldsglobal.net ([*.wh] * in Local intranet) O15 - HKCU\..Trusted Domains: netdimensions.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: officemaxsolutions.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: paymentnet.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: providentliving.org ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: rosettastone.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: safaribooksonline.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: skillport.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: skillsoft.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: vinimaya.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: vinimaya.com ([*.byu] * in Trusted sites) O15 - HKCU\..Trusted Domains: waxie.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: xerox.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: xerox.com ([*.portal] * in Trusted sites) O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.98.67.135 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2689B14-969A-40E9-A3BF-1F7238883BB2}: DhcpNameServer = 200.98.67.135 8.8.8.8 O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 19:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007/09/14 13:01:44 | 000,000,030 | ---- | M] () - D:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2012/09/19 17:02:36 | 000,000,000 | ---D | M] - Y:\Autos -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig - StartUpReg: Sophos AutoUpdate Monitor - hkey= - key= - C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited) MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SAVService - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited) SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Adobe Shockwave Director 10.1 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{0BA1C83B-DC26-4959-BF5B-DE5499288868} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/10/22 17:12:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Asistentes\Desktop\OTL.exe [2012/10/22 11:23:21 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012/10/22 11:21:33 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/10/22 11:21:33 | 000,000,000 | ---D | C] -- C:\Users\Asistentes\AppData\Local\temp [2012/10/22 11:13:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/10/22 11:13:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/10/22 11:13:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/10/22 11:13:19 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/10/22 11:13:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/10/22 11:11:36 | 004,986,495 | R--- | C] (Swearware) -- C:\Users\Asistentes\Desktop\ComboFix.exe [2012/10/20 17:14:42 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\Asistentes\Desktop\dds.scr [2012/10/20 15:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/10/15 11:47:42 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012/10/15 11:47:41 | 003,902,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012/10/09 09:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012/10/03 11:07:17 | 000,000,000 | ---D | C] -- C:\Users\Asistentes\AppData\Local\ElevatedDiagnostics [2012/10/01 14:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\BigFix [2012/09/27 13:04:41 | 000,000,000 | ---D | C] -- C:\Users\Asistentes\Documents\Remote Assistance Logs [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/10/22 17:12:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Asistentes\Desktop\OTL.exe [2012/10/22 17:10:36 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/10/22 17:06:04 | 000,663,902 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/10/22 17:06:04 | 000,126,032 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/10/22 17:05:38 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/22 17:05:38 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/22 16:58:40 | 000,001,707 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012/10/22 16:58:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/10/22 16:56:33 | 000,538,941 | ---- | M] () -- C:\Users\Asistentes\Desktop\adwcleaner.exe [2012/10/22 16:50:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3766974311-3583871598-1393546944-1008UA.job [2012/10/22 16:38:21 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/10/22 15:50:00 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3766974311-3583871598-1393546944-1008Core.job [2012/10/22 11:12:15 | 004,986,495 | R--- | M] (Swearware) -- C:\Users\Asistentes\Desktop\ComboFix.exe [2012/10/20 17:14:48 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\Asistentes\Desktop\dds.scr [2012/10/20 15:36:11 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/10/20 13:22:46 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/10/15 19:38:54 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012/10/15 14:35:08 | 000,001,113 | ---- | M] () -- C:\Users\Asistentes\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2012/10/13 14:44:55 | 000,002,461 | ---- | M] () -- C:\Users\Asistentes\Desktop\The Church of Jesus Christ of Latter-day Saints.lnk [2012/09/30 21:59:19 | 032,536,766 | ---- | M] () -- C:\Users\Asistentes\Desktop\_lder_Bednar_en_Inglaterra.avi [2012/09/29 20:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/10/22 16:56:24 | 000,538,941 | ---- | C] () -- C:\Users\Asistentes\Desktop\adwcleaner.exe [2012/10/22 11:13:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/10/22 11:13:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/10/22 11:13:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/10/22 11:13:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/10/22 11:13:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/10/20 15:36:11 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/10/15 14:07:45 | 000,001,113 | ---- | C] () -- C:\Users\Asistentes\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2012/09/30 21:55:34 | 032,536,766 | ---- | C] () -- C:\Users\Asistentes\Desktop\_lder_Bednar_en_Inglaterra.avi [2012/09/15 23:08:15 | 000,000,005 | ---- | C] () -- C:\Users\Asistentes\AppData\Roaming\mbam.context.scan [2012/08/16 19:31:33 | 000,000,017 | ---- | C] () -- C:\Users\Asistentes\AppData\Local\resmon.resmoncfg [2012/08/03 19:11:13 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012/07/28 11:15:31 | 000,000,142 | ---- | C] () -- C:\Windows\ODBC.INI [2012/07/27 18:14:44 | 000,082,432 | ---- | C] () -- C:\Windows\System32\ldcred.dll [2012/07/27 17:46:54 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini [2012/04/26 13:30:50 | 000,008,288 | ---- | C] () -- C:\Windows\System32\tgrab.sys ========== ZeroAccess Check ========== [2009/07/14 02:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 02:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 23:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 23:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== ========== Drive Information ========== Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media Interface type: SCSI Media Type: Fixed hard disk media Model: ST325031 8AS SCSI Disk Device Partitions: 2 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Installable File System Bootable: False BootPartition: False PrimaryPartition: True Size: 233.00GB Starting Offset: 1048576 Hidden sectors: 0 DeviceID: Disk #0, Partition #1 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 300.00MB Starting Offset: 249674334208 Hidden sectors: 0 [2012/07/27 18:37:30 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information [2009/07/14 02:52:30 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc [2009/07/14 05:20:18 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC [2009/07/14 02:52:30 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\Profiles [2009/07/14 05:14:28 | 000,000,000 | RH-D | M] -- C:\Users\Default [2009/07/14 02:52:30 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc [2009/07/14 05:20:18 | 000,000,000 | RH-D | M] -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Tablet PC [2009/07/14 02:52:30 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\Profiles [2012/07/27 18:53:32 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData [2012/07/30 14:49:17 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads [2012/07/27 18:54:01 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~ [2012/07/27 18:54:01 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~ [2012/07/30 14:06:04 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData\Local\Microsoft\Media Player\Art Cache [2012/09/17 10:55:47 | 000,000,000 | RH-D | M] -- C:\Users\Asistentes\AppData\Local\Microsoft\Windows\Burn\Burn [2012/07/30 12:52:56 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData\Roaming\Intel\Wireless\Settings [2012/08/07 20:47:01 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned [2012/07/27 18:53:41 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData\Roaming\Microsoft\Windows\IECompatCache\Low [2012/10/20 15:38:27 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData\Roaming\Microsoft\Windows\IETldCache\Low [2012/10/20 15:38:27 | 000,000,000 | -H-D | M] -- C:\Users\Asistentes\AppData\Roaming\Microsoft\Windows\PrivacIE\Low [2012/10/04 11:35:14 | 000,000,000 | -H-D | M] -- C:\Users\DandC89\AppData [2012/10/04 11:35:34 | 000,000,000 | -H-D | M] -- C:\Users\DandC89\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~ [2012/10/04 11:35:34 | 000,000,000 | -H-D | M] -- C:\Users\DandC89\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~ [2012/10/04 11:35:38 | 000,000,000 | RH-D | M] -- C:\Users\DandC89\AppData\Local\Microsoft\Windows\Burn\Burn [2012/10/04 11:35:19 | 000,000,000 | -H-D | M] -- C:\Users\DandC89\AppData\Roaming\Intel\Wireless\Settings [2012/10/04 11:35:38 | 000,000,000 | -H-D | M] -- C:\Users\DandC89\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned [2012/10/04 11:35:17 | 000,000,000 | -H-D | M] -- C:\Users\DandC89\AppData\Roaming\Microsoft\Windows\IECompatCache\Low [2012/10/04 11:35:17 | 000,000,000 | -H-D | M] -- C:\Users\DandC89\AppData\Roaming\Microsoft\Windows\IETldCache\Low [2012/10/04 11:35:17 | 000,000,000 | -H-D | M] -- C:\Users\DandC89\AppData\Roaming\Microsoft\Windows\PrivacIE\Low [2009/07/14 00:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData [2012/10/20 15:36:11 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop [2009/07/14 00:04:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites [2012/07/30 14:10:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries [2012/07/27 17:58:52 | 000,000,000 | -H-D | M] -- C:\Windows\msdownld.tmp [2012/07/27 18:33:46 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData [2009/07/14 02:34:13 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData < %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 > < %AppData%\Local\ > < %systemroot%\system32\sysprep > < *.xpi /md5 > < %systemroot%\Downloaded Program Files\ > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile > "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging] < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/10/10 08:06:17 | 001,239,064 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/10/10 08:06:17 | 001,239,064 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/10/10 08:06:17 | 001,239,064 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/10/10 08:06:17 | 001,239,064 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 23:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 23:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 23:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/08/24 15:15:32 | 000,672,872 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/08/24 15:15:32 | 000,672,872 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/10/10 08:06:17 | 001,239,064 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/10/10 08:06:17 | 001,239,064 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/10/10 08:06:17 | 001,239,064 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/10/10 08:06:17 | 001,239,064 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 23:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 23:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 23:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/08/24 15:15:32 | 000,672,872 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/08/24 15:15:32 | 000,672,872 | ---- | M] (Microsoft Corporation) < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\drivers\*.sys /90 > [2012/09/29 20:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys [2012/07/27 20:02:02 | 000,123,680 | ---- | M] (Sophos Limited) -- C:\Windows\system32\drivers\savonaccess.sys [2012/07/27 20:35:54 | 000,088,352 | ---- | M] (Sophos Limited) -- C:\Windows\system32\drivers\scfdriver.sys [2012/07/27 20:38:33 | 000,045,856 | ---- | M] (Sophos Limited) -- C:\Windows\system32\drivers\scfndis.sys [2012/07/27 20:11:56 | 000,033,696 | ---- | M] (Sophos Limited) -- C:\Windows\system32\drivers\sdcfilter.sys [2012/07/27 19:42:37 | 000,031,736 | ---- | M] (Sophos Plc) -- C:\Windows\system32\drivers\skmscan.sys [2012/07/27 18:39:45 | 000,022,536 | ---- | M] (Sophos Plc) -- C:\Windows\system32\drivers\SophosBootDriver.sys < %systemroot%\System32\config\*.sav > < %SYSTEMDRIVE%\*.exe /md5 > < "%WinDir%\$NtUninstallKB*$." /30 > < %systemdrive%\Program Files\Common Files\ComObjects\*.* /s > < %systemroot%\*. /mp /s > < %systemroot%\*. /rp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\Installer\ /s > < %systemroot%\system32\Cache\ /s > < %systemroot%\system32\config\systemprofile\Application Data /s > < %PROGRAMFILES%\*. > [2012/09/02 21:23:07 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe [2012/07/30 13:09:31 | 000,000,000 | ---D | M] -- C:\Program Files\BigFix Enterprise [2012/08/31 18:59:49 | 000,000,000 | ---D | M] -- C:\Program Files\Blue Coat K9 Web Protection [2012/10/20 15:36:12 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner [2012/07/27 18:04:53 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco [2012/07/27 17:56:01 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix [2012/10/22 11:17:17 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files [2012/07/27 18:03:31 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink [2012/07/27 18:37:06 | 000,000,000 | ---D | M] -- C:\Program Files\Dell [2012/08/11 17:50:16 | 000,000,000 | ---D | M] -- C:\Program Files\Dicsoft [2012/08/04 17:13:30 | 000,000,000 | ---D | M] -- C:\Program Files\DjVuZone [2009/07/14 05:20:43 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker [2012/07/30 15:06:42 | 000,000,000 | ---D | M] -- C:\Program Files\eSupport.com [2012/10/09 09:34:21 | 000,000,000 | ---D | M] -- C:\Program Files\Google [2012/07/30 13:08:40 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard [2012/09/10 13:41:05 | 000,000,000 | ---D | M] -- C:\Program Files\IBM [2012/07/27 18:37:30 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information [2012/07/27 17:57:18 | 000,000,000 | ---D | M] -- C:\Program Files\Intel [2012/10/01 20:50:22 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer [2012/07/27 18:15:00 | 000,000,000 | ---D | M] -- C:\Program Files\LANDesk [2012/10/20 13:22:46 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/07/27 18:01:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft [2012/07/27 18:12:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Math Add-in for Word 2007 [2012/07/27 18:08:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office [2012/07/30 12:54:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Communicator [2012/07/30 21:24:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight [2012/07/27 18:00:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition [2012/07/27 18:08:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio [2012/07/27 18:06:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8 [2012/07/27 18:10:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works [2012/07/27 18:07:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET [2012/07/27 18:08:17 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild [2012/07/27 20:55:11 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0 [2012/08/04 17:55:53 | 000,000,000 | ---D | M] -- C:\Program Files\Nero [2012/07/27 20:32:23 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation [2012/09/02 21:18:35 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime [2009/07/14 02:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies [2012/07/27 20:54:41 | 000,000,000 | ---D | M] -- C:\Program Files\Sophos [2012/07/27 18:37:30 | 000,000,000 | ---D | M] -- C:\Program Files\STMicroelectronics [2012/07/27 18:39:03 | 000,000,000 | ---D | M] -- C:\Program Files\SUPPORT [2009/07/14 02:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information [2009/07/14 02:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender [2012/07/30 23:22:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal [2012/07/27 18:02:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live [2012/07/27 18:01:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive [2012/07/30 20:16:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail [2012/07/30 20:16:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player [2009/07/14 02:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT [2009/07/14 02:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer [2009/07/14 02:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices [2009/07/14 02:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar [2010/06/30 19:16:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Virtual PC < %appdata%\*.* > [2012/09/15 23:08:15 | 000,000,005 | ---- | M] () -- C:\Users\Asistentes\AppData\Roaming\mbam.context.scan < MD5 for: EXPLORER.EXE > [2009/07/13 23:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2010/06/30 19:18:14 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=22F7FA1FD0223AE08AE4070534B96CF9 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20570_none_521a6a60f42a067d\explorer.exe [2010/06/30 19:18:00 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2010/06/30 19:17:17 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2010/06/30 19:17:17 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2010/06/30 19:18:00 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [2010/06/30 19:18:14 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=C9B74657CF24E4297C94D5F6BE62E915 -- C:\Windows\erdnt\cache\explorer.exe [2010/06/30 19:18:14 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=C9B74657CF24E4297C94D5F6BE62E915 -- C:\Windows\explorer.exe [2010/06/30 19:18:14 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=C9B74657CF24E4297C94D5F6BE62E915 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16457_none_51ad6f73daf5e032\explorer.exe < MD5 for: SERVICES.EXE > [2009/07/13 23:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe [2009/07/13 23:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe [2009/07/13 23:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe < MD5 for: USERINIT.EXE > [2009/07/13 23:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache\userinit.exe [2009/07/13 23:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009/07/13 23:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: VOLSNAP.SYS > [2009/07/13 23:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\drivers\volsnap.sys [2009/07/13 23:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys [2009/07/13 23:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys < End of report > OTL Extras logfile created on: 10/22/2012 5:14:12 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Asistentes\Desktop Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Chile | Language: ESL | Date Format: dd-MM-yyyy 2.87 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 75.30% Memory free 5.75 Gb Paging File | 5.00 Gb Available in Paging File | 87.04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232.53 Gb Total Space | 200.41 Gb Free Space | 86.19% Space Free | Partition Type: NTFS Drive D: | 702.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | ParPlease run OTL
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Asistentes\Desktop Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Chile | Language: ESL | Date Format: dd-MM-yyyy 2.87 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.44% Memory free 5.75 Gb Paging File | 4.82 Gb Available in Paging File | 83.95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232.53 Gb Total Space | 199.68 Gb Free Space | 85.87% Space Free | Partition Type: NTFS Drive D: | 702.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Drive Y: | 232.53 Gb Total Space | 78.42 Gb Free Space | 33.72% Space Free | Partition Type: NTFS Drive Z: | 232.53 Gb Total Space | 78.42 Gb Free Space | 33.72% Space Free | Partition Type: NTFS Computer Name: COMISARIO | User Name: Asistentes | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/10/22 17:12:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Asistentes\Desktop\OTL.exe PRC - [2012/10/10 08:06:17 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2012/07/26 18:53:18 | 004,792,768 | ---- | M] (IBM Corp.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe PRC - [2012/07/26 18:53:18 | 001,472,448 | ---- | M] (IBM Corp.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe PRC - [2012/04/26 13:54:06 | 000,937,984 | ---- | M] (IBM Corporation) -- C:\Program Files\IBM\Tivoli\Remote Control\Target\trc_gui.exe PRC - [2012/04/26 13:53:46 | 000,794,624 | ---- | M] (IBM Corporation) -- C:\Program Files\IBM\Tivoli\Remote Control\Target\trc_base.exe PRC - [2012/02/13 17:02:32 | 001,604,880 | ---- | M] (Blue Coat Systems, Inc.) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe PRC - [2011/10/29 10:12:28 | 000,536,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe PRC - [2011/10/29 10:12:28 | 000,162,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe PRC - [2011/07/21 09:28:10 | 000,442,936 | ---- | M] () -- C:\Program Files\Hewlett-Packard\DDMI\9.31\Scanner Scheduler\ScannerScheduler.exe PRC - [2011/07/16 02:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2010/12/21 07:48:40 | 000,205,312 | ---- | M] (LANDesk Software, Inc. and its affiliates ) -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe PRC - [2010/10/21 19:59:56 | 000,385,024 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\softmon.exe PRC - [2010/10/08 07:05:34 | 000,189,952 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE PRC - [2010/10/07 07:11:30 | 000,178,688 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe PRC - [2010/07/15 07:14:30 | 000,495,616 | ---- | M] (Avocent Corporation ) -- C:\Program Files\LANDesk\LDClient\collector.exe PRC - [2010/06/30 19:18:14 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/01/19 19:00:26 | 000,858,384 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe PRC - [2010/01/19 18:41:46 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2010/01/10 14:01:26 | 000,060,928 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe PRC - [2009/12/17 17:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2009/11/04 15:21:26 | 000,147,456 | ---- | M] (Avocent Corporation) -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe PRC - [2009/07/13 23:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2008/07/18 21:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2007/08/31 10:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) -- C:\Windows\System32\cba\pds.exe ========== Modules (No Company Name) ========== MOD - [2012/10/10 08:06:15 | 000,460,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll MOD - [2012/10/10 08:06:12 | 004,005,912 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll MOD - [2012/10/10 08:04:57 | 000,578,072 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\libglesv2.dll MOD - [2012/10/10 08:04:55 | 000,123,928 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\libegl.dll MOD - [2012/10/10 08:04:44 | 000,156,712 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\avutil-51.dll MOD - [2012/10/10 08:04:43 | 000,275,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\avformat-54.dll MOD - [2012/10/10 08:04:42 | 002,168,360 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll MOD - [2011/10/29 10:12:28 | 000,162,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe MOD - [2008/08/27 18:32:36 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll ========== Services (SafeList) ========== SRV - [2012/09/29 20:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/07/27 20:50:20 | 000,232,472 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service) SRV - [2012/07/27 20:42:54 | 000,089,112 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe -- (Sophos Client Firewall) SRV - [2012/07/27 20:42:50 | 000,150,552 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe -- (Sophos Client Firewall Manager) SRV - [2012/07/27 19:57:46 | 001,465,920 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update.exe -- (swi_update) SRV - [2012/07/27 19:51:24 | 000,357,400 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service) SRV - [2012/07/27 19:49:42 | 002,862,656 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service) SRV - [2012/07/27 19:36:26 | 000,216,600 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService) SRV - [2012/07/27 19:28:11 | 000,139,840 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService) SRV - [2012/07/27 18:54:58 | 000,282,624 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent) SRV - [2012/07/27 18:52:49 | 000,806,912 | ---- | M] (Sophos Limited) [Disabled | Stopped] -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router) SRV - [2012/07/26 18:53:18 | 004,792,768 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe -- (BESClient) SRV - [2012/04/26 13:53:46 | 000,794,624 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\Program Files\IBM\Tivoli\Remote Control\Target\trc_base.exe -- (TRCTARGET) SRV - [2012/02/13 17:02:32 | 001,604,880 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs) SRV - [2011/10/29 10:12:28 | 000,536,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe -- (prgnUsageAgent) SRV - [2011/07/21 09:28:10 | 000,442,936 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\DDMI\9.31\Scanner Scheduler\ScannerScheduler.exe -- (ovedScannerScheduler) SRV - [2010/12/21 07:48:40 | 000,205,312 | ---- | M] (LANDesk Software, Inc. and its affiliates ) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe -- (LANDesk Policy Invoker) SRV - [2010/10/21 19:59:56 | 000,385,024 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\softmon.exe -- (Softmon) SRV - [2010/10/08 07:05:34 | 000,189,952 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service) SRV - [2010/10/07 07:11:30 | 000,178,688 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe -- (LANDesk Targeted Multicast) SRV - [2010/09/15 07:13:48 | 000,143,360 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Stopped] -- C:\Program Files\LANDesk\LDClient\ProcTriggerSvc.exe -- (ProcTrigger) SRV - [2010/09/15 07:13:14 | 000,066,048 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Stopped] -- C:\Program Files\LANDesk\LDClient\tracksvc.exe -- (tracksvc) SRV - [2010/06/30 19:16:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/01/19 19:00:26 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2010/01/19 18:41:46 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2010/01/10 14:01:26 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe -- (InstallFilterService) SRV - [2009/12/17 17:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2009/11/04 15:21:26 | 000,147,456 | ---- | M] (Avocent Corporation) [Auto | Running] -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe -- (CBA8) SRV - [2009/07/13 23:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/13 23:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 23:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 23:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/08/31 10:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\Windows\System32\cba\pds.exe -- (Intel PDS) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ASISTE~1\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012/09/29 20:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/07/27 20:38:33 | 000,045,856 | ---- | M] (Sophos Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\scfndis.sys -- (scfndis) DRV - [2012/07/27 20:35:54 | 000,088,352 | ---- | M] (Sophos Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\scfdriver.sys -- (scfdriver) DRV - [2012/07/27 20:11:56 | 000,033,696 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter) DRV - [2012/07/27 20:02:02 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess) DRV - [2012/07/27 19:42:37 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan) DRV - [2012/07/27 18:39:45 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver) DRV - [2012/04/26 13:30:50 | 000,008,288 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\tgrab.sys -- (TGRAB) DRV - [2012/02/13 17:02:02 | 000,087,312 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\bckd.sys -- (bckd) DRV - [2010/07/09 20:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010/06/30 19:18:11 | 000,295,936 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm) DRV - [2010/06/30 19:16:31 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus) DRV - [2010/06/30 19:16:31 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb) DRV - [2010/06/30 19:16:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr) DRV - [2010/01/18 09:56:26 | 000,042,672 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Accelern.sys -- (Acceler) DRV - [2010/01/18 09:56:26 | 000,017,072 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\stdfltn.sys -- (stdflt) DRV - [2009/12/17 17:18:52 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2009/11/23 17:01:12 | 000,014,336 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ldblank.sys -- (ldblank) DRV - [2009/11/23 17:01:12 | 000,006,144 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mirrorflt.sys -- (mirrorflt) DRV - [2009/11/23 17:01:12 | 000,005,120 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ldmirror.sys -- (ldmirror) DRV - [2009/07/13 23:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009/07/13 23:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009/07/13 23:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009/07/13 21:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/07/13 21:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009/07/13 21:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lds.org/?lang=eng IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-cl IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 70 BF 8C 48 6C CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{237DA15A-68F2-42DD-9291-49BF529875B4}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{7B73D3DC-EDB8-48B1-B26C-B6246E954AC9}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms} IE - HKCU\..\SearchScopes\{B10BB75F-F160-4540-AD00-B6D2017A12EE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Asistentes\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Asistentes\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Asistentes\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Asistentes\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) [2012/07/30 20:47:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asistentes\AppData\Roaming\Mozilla\Extensions ========== Chrome ========== O1 HOSTS File: ([2012/10/22 16:58:40 | 000,001,707 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 216.239.32.20 www.google.ae # bck9 O1 - Hosts: 216.239.32.20 www.google.at # bck9 O1 - Hosts: 216.239.32.20 www.google.be # bck9 O1 - Hosts: 216.239.32.20 www.google.ca # bck9 O1 - Hosts: 216.239.32.20 www.google.ch # bck9 O1 - Hosts: 216.239.32.20 www.google.cl # bck9 O1 - Hosts: 216.239.32.20 www.google.co.il # bck9 O1 - Hosts: 216.239.32.20 www.google.co.in # bck9 O1 - Hosts: 216.239.32.20 www.google.co.jp # bck9 O1 - Hosts: 216.239.32.20 www.google.co.kr # bck9 O1 - Hosts: 216.239.32.20 www.google.co.nz # bck9 O1 - Hosts: 216.239.32.20 www.google.co.uk # bck9 O1 - Hosts: 216.239.32.20 www.google.co.ve # bck9 O1 - Hosts: 216.239.32.20 www.google.co.za # bck9 O1 - Hosts: 216.239.32.20 www.google.com # bck9 O1 - Hosts: 216.239.32.20 www.google.com.ar # bck9 O1 - Hosts: 216.239.32.20 www.google.com.au # bck9 O1 - Hosts: 216.239.32.20 www.google.com.br # bck9 O1 - Hosts: 216.239.32.20 www.google.com.co # bck9 O1 - Hosts: 216.239.32.20 www.google.com.gr # bck9 O1 - Hosts: 216.239.32.20 www.google.com.hk # bck9 O1 - Hosts: 216.239.32.20 www.google.com.mx # bck9 O1 - Hosts: 216.239.32.20 www.google.com.my # bck9 O1 - Hosts: 216.239.32.20 www.google.com.pe # bck9 O1 - Hosts: 39 more lines... O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\21.0.1180.89\npchrome_frame.dll (Google Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EDFcsn] C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceRunOnStartMenu = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\WAU: Disabled = 1 O15 - HKLM\..Trusted Domains: accesspointe.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: dell.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: deseretbook.net ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: elementk.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: emptoris.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: enpointe.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: eway.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: grainger.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: hp.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: lds.org ([]* in Local intranet) O15 - HKLM\..Trusted Domains: ldsces.org ([]* in Local intranet) O15 - HKLM\..Trusted Domains: ldschurch.org ([]* in Local intranet) O15 - HKLM\..Trusted Domains: ldschurch.org ([*.stg] * in Local intranet) O15 - HKLM\..Trusted Domains: ldschurch.org ([chqpvuw2309] * in Trusted sites) O15 - HKLM\..Trusted Domains: ldschurch.org ([chqpvuw8469.stg] * in Trusted sites) O15 - HKLM\..Trusted Domains: ldschurch.org ([ldsteams] * in Local intranet) O15 - HKLM\..Trusted Domains: ldsglobal.net ([]* in Local intranet) O15 - HKLM\..Trusted Domains: ldsglobal.net ([*.ap] * in Local intranet) O15 - HKLM\..Trusted Domains: ldsglobal.net ([*.ea] * in Local intranet) O15 - HKLM\..Trusted Domains: ldsglobal.net ([*.wh] * in Local intranet) O15 - HKLM\..Trusted Domains: netdimensions.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: officemaxsolutions.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: paymentnet.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: providentliving.org ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: rosettastone.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: safaribooksonline.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: skillport.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: skillsoft.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: vinimaya.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: vinimaya.com ([*.byu] * in Trusted sites) O15 - HKLM\..Trusted Domains: waxie.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: xerox.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: xerox.com ([*.portal] * in Trusted sites) O15 - HKCU\..Trusted Domains: accesspointe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: deseretbook.net ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: elementk.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: emptoris.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: enpointe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: eway.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: grainger.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: hp.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: lds.org ([]* in Local intranet) O15 - HKCU\..Trusted Domains: ldsces.org ([]* in Local intranet) O15 - HKCU\..Trusted Domains: ldschurch.org ([]* in Local intranet) O15 - HKCU\..Trusted Domains: ldschurch.org ([*.stg] * in Local intranet) O15 - HKCU\..Trusted Domains: ldschurch.org ([chqpvuw2309] * in Trusted sites) O15 - HKCU\..Trusted Domains: ldschurch.org ([chqpvuw8469.stg] * in Trusted sites) O15 - HKCU\..Trusted Domains: ldschurch.org ([ldsteams] * in Local intranet) O15 - HKCU\..Trusted Domains: ldsglobal.net ([]* in Local intranet) O15 - HKCU\..Trusted Domains: ldsglobal.net ([*.ap] * in Local intranet) O15 - HKCU\..Trusted Domains: ldsglobal.net ([*.ea] * in Local intranet) O15 - HKCU\..Trusted Domains: ldsglobal.net ([*.wh] * in Local intranet) O15 - HKCU\..Trusted Domains: netdimensions.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: officemaxsolutions.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: paymentnet.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: providentliving.org ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: rosettastone.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: safaribooksonline.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: skillport.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: skillsoft.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: vinimaya.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: vinimaya.com ([*.byu] * in Trusted sites) O15 - HKCU\..Trusted Domains: waxie.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: xerox.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: xerox.com ([*.portal] * in Trusted sites) O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.98.67.135 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2689B14-969A-40E9-A3BF-1F7238883BB2}: DhcpNameServer = 200.98.67.135 8.8.8.8 O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\21.0.1180.89\npchrome_frame.dll (Google Inc.) O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 19:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007/09/14 13:01:44 | 000,000,030 | ---- | M] () - D:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2012/09/19 17:02:36 | 000,000,000 | ---D | M] - Y:\Autos -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/10/22 17:12:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Asistentes\Desktop\OTL.exe [2012/10/22 11:23:21 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012/10/22 11:21:33 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/10/22 11:21:33 | 000,000,000 | ---D | C] -- C:\Users\Asistentes\AppData\Local\temp [2012/10/22 11:13:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/10/22 11:13:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/10/22 11:13:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/10/22 11:13:19 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/10/22 11:13:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/10/22 11:11:36 | 004,986,495 | R--- | C] (Swearware) -- C:\Users\Asistentes\Desktop\ComboFix.exe [2012/10/20 17:14:42 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\Asistentes\Desktop\dds.scr [2012/10/20 15:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/10/15 11:47:42 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012/10/15 11:47:41 | 003,902,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012/10/09 09:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012/10/03 11:07:17 | 000,000,000 | ---D | C] -- C:\Users\Asistentes\AppData\Local\ElevatedDiagnostics [2012/10/01 14:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\BigFix [2012/09/27 13:04:41 | 000,000,000 | ---D | C] -- C:\Users\Asistentes\Documents\Remote Assistance Logs [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/10/22 17:50:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3766974311-3583871598-1393546944-1008UA.job [2012/10/22 17:38:05 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/10/22 17:12:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Asistentes\Desktop\OTL.exe [2012/10/22 17:10:36 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/10/22 17:06:04 | 000,663,902 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/10/22 17:06:04 | 000,126,032 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/10/22 17:05:38 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/22 17:05:38 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/22 16:58:40 | 000,001,707 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012/10/22 16:58:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/10/22 16:56:33 | 000,538,941 | ---- | M] () -- C:\Users\Asistentes\Desktop\adwcleaner.exe [2012/10/22 15:50:00 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3766974311-3583871598-1393546944-1008Core.job [2012/10/22 11:12:15 | 004,986,495 | R--- | M] (Swearware) -- C:\Users\Asistentes\Desktop\ComboFix.exe [2012/10/20 17:14:48 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\Asistentes\Desktop\dds.scr [2012/10/20 15:36:11 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/10/20 13:22:46 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/10/15 19:38:54 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012/10/15 14:35:08 | 000,001,113 | ---- | M] () -- C:\Users\Asistentes\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2012/10/13 14:44:55 | 000,002,461 | ---- | M] () -- C:\Users\Asistentes\Desktop\The Church of Jesus Christ of Latter-day Saints.lnk [2012/09/30 21:59:19 | 032,536,766 | ---- | M] () -- C:\Users\Asistentes\Desktop\_lder_Bednar_en_Inglaterra.avi [2012/09/29 20:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/10/22 16:56:24 | 000,538,941 | ---- | C] () -- C:\Users\Asistentes\Desktop\adwcleaner.exe [2012/10/22 11:13:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/10/22 11:13:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/10/22 11:13:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/10/22 11:13:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/10/22 11:13:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/10/20 15:36:11 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/10/15 14:07:45 | 000,001,113 | ---- | C] () -- C:\Users\Asistentes\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2012/09/30 21:55:34 | 032,536,766 | ---- | C] () -- C:\Users\Asistentes\Desktop\_lder_Bednar_en_Inglaterra.avi [2012/09/15 23:08:15 | 000,000,005 | ---- | C] () -- C:\Users\Asistentes\AppData\Roaming\mbam.context.scan [2012/08/16 19:31:33 | 000,000,017 | ---- | C] () -- C:\Users\Asistentes\AppData\Local\resmon.resmoncfg [2012/08/03 19:11:13 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012/07/28 11:15:31 | 000,000,142 | ---- | C] () -- C:\Windows\ODBC.INI [2012/07/27 18:14:44 | 000,082,432 | ---- | C] () -- C:\Windows\System32\ldcred.dll [2012/07/27 17:46:54 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini [2012/04/26 13:30:50 | 000,008,288 | ---- | C] () -- C:\Windows\System32\tgrab.sys ========== ZeroAccess Check ========== [2009/07/14 02:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 02:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 23:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 23:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < :OTL > < O1 - Hosts: 216.239.32.20 www.google.ae # bck9 > < O1 - Hosts: 216.239.32.20 www.google.at # bck9 > < O1 - Hosts: 216.239.32.20 www.google.be # bck9 > < O1 - Hosts: 216.239.32.20 www.google.ca # bck9 > < O1 - Hosts: 216.239.32.20 www.google.ch # bck9 > < O1 - Hosts: 216.239.32.20 www.google.cl # bck9 > < O1 - Hosts: 216.239.32.20 www.google.co.il # bck9 > < O1 - Hosts: 216.239.32.20 www.google.co.in # bck9 > < O1 - Hosts: 216.239.32.20 www.google.co.jp # bck9 > < O1 - Hosts: 216.239.32.20 www.google.co.kr # bck9 > < O1 - Hosts: 216.239.32.20 www.google.co.nz # bck9 > < O1 - Hosts: 216.239.32.20 www.google.co.uk # bck9 > < O1 - Hosts: 216.239.32.20 www.google.co.ve # bck9 > < O1 - Hosts: 216.239.32.20 www.google.co.za # bck9 > < O1 - Hosts: 216.239.32.20 www.google.com # bck9 > < O1 - Hosts: 216.239.32.20 www.google.com.ar # bck9 > < O1 - Hosts: 216.239.32.20 www.google.com.au # bck9 > < O1 - Hosts: 216.239.32.20 www.google.com.br # bck9 > < O1 - Hosts: 216.239.32.20 www.google.com.co # bck9 > < O1 - Hosts: 216.239.32.20 www.google.com.gr # bck9 > < O1 - Hosts: 216.239.32.20 www.google.com.hk # bck9 > < O1 - Hosts: 216.239.32.20 www.google.com.mx # bck9 > < O1 - Hosts: 216.239.32.20 www.google.com.my # bck9 > < O1 - Hosts: 216.239.32.20 www.google.com.pe # bck9 > < O1 - Hosts: 39 more lines... > < O15 - HKLM\..Trusted Domains: accesspointe.com ([]* in Trusted sites) > < O15 - HKLM\..Trusted Domains: dell.com ([]* in Trusted sites) > < O15 - HKLM\..Trusted Domains: deseretbook.net ([]* in Trusted sites) > < O15 - HKLM\..Trusted Domains: elementk.com ([]* in Trusted sites) > < O15 - HKLM\..Trusted Domains: emptoris.com ([]* in Trusted sites) > < O15 - HKLM\..Trusted Domains: enpointe.com ([]* in Trusted sites) > < O15 - HKLM\..Trusted Domains: eway.com ([]* in Trusted sites) > < O15 - HKLM\..Trusted Domains: grainger.com ([]* in Trusted sites) > < O15 - HKLM\..Trusted Domains: hp.com ([]* in Trusted sites) > < O15 - HKLM\..Trusted Domains: lds.org ([]* in Local intranet) > < O15 - HKLM\..Trusted Domains: ldsces.org ([]* in Local intranet) > < O15 - HKLM\..Trusted Domains: ldschurch.org ([]* in Local intranet) > < O15 - HKLM\..Trusted Domains: ldschurch.org ([*.stg] * in Local intranet) > < O15 - HKLM\..Trusted Domains: ldschurch.org ([chqpvuw2309] * in Trusted sites) > < O15 - HKLM\..Trusted Domains: ldschurch.org ([chqpvuw8469.stg] * in Trusted sites) > < O15 - HKLM\..Trusted Domains: ldschurch.org ([ldsteams] * in Local intranet) > < O15 - HKLM\..Trusted Domains: ldsglobal.net ([]* in Local intranet) > < O15 - HKLM\..Trusted Domains: ldsglobal.net ([*.ap] * in Local intranet) > < O15 - HKLM\..Trusted Domains: ldsglobal.net ([*.ea] * in Local intranet) > < O15 - HKLM\..Trusted Domains: ldsglobal.net ([*.wh] * in Local intranet) > < O15 - HKLM\..Trusted Domains: netdimensions.com ([]* in Trusted sites) > < O15 - HKLM\..Trusted Domains: officemaxsolutions.com ([]* in Trusted sites) > < O15 - HKLM\..Trusted Domains: paymentnet.com ([]* in Trusted sites) > < O15 - HKLM\..Trusted Domains: providentliving.org ([]* in Trusted sites) > < O15 - HKLM\..Trusted Domains: rosettastone.com ([]* in Trusted sites) > < O15 - HKLM\..Trusted Domains: safaribooksonline.com ([]* in Trusted sites) > < O15 - HKLM\..Trusted Domains: skillport.com ([]* in Trusted sites) > < O15 - HKLM\..Trusted Domains: skillsoft.com ([]* in Trusted sites) > < O15 - HKLM\..Trusted Domains: vinimaya.com ([]* in Trusted sites) > < O15 - HKLM\..Trusted Domains: vinimaya.com ([*.byu] * in Trusted sites) > < O15 - HKLM\..Trusted Domains: waxie.com ([]* in Trusted sites) > < O15 - HKLM\..Trusted Domains: xerox.com ([]* in Trusted sites) > < O15 - HKLM\..Trusted Domains: xerox.com ([*.portal] * in Trusted sites) > < O15 - HKCU\..Trusted Domains: accesspointe.com ([]* in Trusted sites) > < O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites) > < O15 - HKCU\..Trusted Domains: deseretbook.net ([]* in Trusted sites) > < O15 - HKCU\..Trusted Domains: elementk.com ([]* in Trusted sites) > < O15 - HKCU\..Trusted Domains: emptoris.com ([]* in Trusted sites) > < O15 - HKCU\..Trusted Domains: enpointe.com ([]* in Trusted sites) > < O15 - HKCU\..Trusted Domains: eway.com ([]* in Trusted sites) > < O15 - HKCU\..Trusted Domains: grainger.com ([]* in Trusted sites) > < O15 - HKCU\..Trusted Domains: hp.com ([]* in Trusted sites) > < O15 - HKCU\..Trusted Domains: lds.org ([]* in Local intranet) > < O15 - HKCU\..Trusted Domains: ldsces.org ([]* in Local intranet) > < O15 - HKCU\..Trusted Domains: ldschurch.org ([]* in Local intranet) > < O15 - HKCU\..Trusted Domains: ldschurch.org ([*.stg] * in Local intranet) > < O15 - HKCU\..Trusted Domains: ldschurch.org ([chqpvuw2309] * in Trusted sites) > < O15 - HKCU\..Trusted Domains: ldschurch.org ([chqpvuw8469.stg] * in Trusted sites) > < O15 - HKCU\..Trusted Domains: ldschurch.org ([ldsteams] * in Local intranet) > < O15 - HKCU\..Trusted Domains: ldsglobal.net ([]* in Local intranet) > < O15 - HKCU\..Trusted Domains: ldsglobal.net ([*.ap] * in Local intranet) > < O15 - HKCU\..Trusted Domains: ldsglobal.net ([*.ea] * in Local intranet) > < O15 - HKCU\..Trusted Domains: ldsglobal.net ([*.wh] * in Local intranet) > < O15 - HKCU\..Trusted Domains: netdimensions.com ([]* in Trusted sites) > < O15 - HKCU\..Trusted Domains: officemaxsolutions.com ([]* in Trusted sites) > < O15 - HKCU\..Trusted Domains: paymentnet.com ([]* in Trusted sites) > < O15 - HKCU\..Trusted Domains: providentliving.org ([]* in Trusted sites) > < O15 - HKCU\..Trusted Domains: rosettastone.com ([]* in Trusted sites) > < O15 - HKCU\..Trusted Domains: safaribooksonline.com ([]* in Trusted sites) > < O15 - HKCU\..Trusted Domains: skillport.com ([]* in Trusted sites) > < O15 - HKCU\..Trusted Domains: skillsoft.com ([]* in Trusted sites) > < O15 - HKCU\..Trusted Domains: vinimaya.com ([]* in Trusted sites) > < O15 - HKCU\..Trusted Domains: vinimaya.com ([*.byu] * in Trusted sites) > < O15 - HKCU\..Trusted Domains: waxie.com ([]* in Trusted sites) > < O15 - HKCU\..Trusted Domains: xerox.com ([]* in Trusted sites) > < O15 - HKCU\..Trusted Domains: xerox.com ([*.portal] * in Trusted sites) > < > < :commands > < [emptytemp] > < [reboot] > < End of report > Hi. I politely asked that you press "Run Fix" not "Run Scan". Please go through the instructions again, and make sure to press Run Fix this time. Quote from: DragonMaster Jay on October 22, 2012, 01:53:50 PM Please run OTL |
|
| 77. |
Solve : Re: Virus affecting Google? |
|
Answer» Hello, I am experiencing the same issue, let me add some details so we can get over with it:
Safe Mode: If you still cannot get ComboFix to run, TRY booting into Safe Mode, and run it there. (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows logo appears. A list of options will appear, select "Safe Mode.") Re-downloading: If this doesn't work either, try the same method (above method), but try to download it again, except name ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe. Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe. NOTE: If you encounter a message "ILLEGAL OPERATION attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error. |
|
| 78. |
Solve : Infected with zeroaccess rootkit!!!? |
|
Answer» Quote I was infected with zeroaccess rootkit and attempted to remove it and it appears that it is gone however now my computer is running extremely slow while on the internet.Is is just running slowly while on the internet?
**********************************************************************
RogueKiller V8.1.1 [10/03/2012] by Tigzy mail: tigzyRKgmailcom Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Joshua [Admin rights] Mode : Remove -- Date : 10/07/2012 17:12:26 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 12 ¤¤¤ [RUN][SUSP PATH] HKCU\[...]\Run : DelayShred ("c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5") -> DELETED [TASK][SUSP PATH] {4212613E-348A-418D-8F0A-C92E3EBE61C9} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20070419083726031_driver_20070322.zip\Install.exe -> DELETED [TASK][SUSP PATH] {479D5D0E-11FF-4DD1-BF7A-F5855814D1D3} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED [TASK][SUSP PATH] {5FCA52B1-D9B2-4517-BBFC-217237B7ACBD} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED [TASK][SUSP PATH] {694F481D-DCB3-4F5E-A46D-CFCDD967C649} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED [TASK][SUSP PATH] {92D5CB8F-F8CB-4D5C-B76A-137FFD0D8F02} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED [TASK][SUSP PATH] {F6B8DF11-F137-4A68-803A-A70AB69C4D66} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20071015125552984_driver.zip\Install.exe -> DELETED [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++ --- User --- [MBR] 50048008bcc35aaa2dd6c553ee8fcf83 [BSP] b448955cbca8f9bc1c6ee9029be01294 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SD Card +++++ --- User --- [MBR] 83b42057fb3fd1d945874c9bf1406a5b [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown Partition table: 0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt RogueKiller V8.1.1 [10/03/2012] by Tigzy mail: tigzyRKgmailcom Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Joshua [Admin rights] Mode : Remove -- Date : 10/07/2012 17:12:26 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 12 ¤¤¤ [RUN][SUSP PATH] HKCU\[...]\Run : DelayShred ("c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5") -> DELETED [TASK][SUSP PATH] {4212613E-348A-418D-8F0A-C92E3EBE61C9} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20070419083726031_driver_20070322.zip\Install.exe -> DELETED [TASK][SUSP PATH] {479D5D0E-11FF-4DD1-BF7A-F5855814D1D3} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED [TASK][SUSP PATH] {5FCA52B1-D9B2-4517-BBFC-217237B7ACBD} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED [TASK][SUSP PATH] {694F481D-DCB3-4F5E-A46D-CFCDD967C649} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED [TASK][SUSP PATH] {92D5CB8F-F8CB-4D5C-B76A-137FFD0D8F02} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED [TASK][SUSP PATH] {F6B8DF11-F137-4A68-803A-A70AB69C4D66} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20071015125552984_driver.zip\Install.exe -> DELETED [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++ --- User --- [MBR] 50048008bcc35aaa2dd6c553ee8fcf83 [BSP] b448955cbca8f9bc1c6ee9029be01294 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SD Card +++++ --- User --- [MBR] 83b42057fb3fd1d945874c9bf1406a5b [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown Partition table: 0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt RogueKiller V8.1.1 [10/03/2012] by Tigzy mail: tigzyRKgmailcom Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Joshua [Admin rights] Mode : Remove -- Date : 10/07/2012 17:12:26 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 12 ¤¤¤ [RUN][SUSP PATH] HKCU\[...]\Run : DelayShred ("c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5") -> DELETED [TASK][SUSP PATH] {4212613E-348A-418D-8F0A-C92E3EBE61C9} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20070419083726031_driver_20070322.zip\Install.exe -> DELETED [TASK][SUSP PATH] {479D5D0E-11FF-4DD1-BF7A-F5855814D1D3} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED [TASK][SUSP PATH] {5FCA52B1-D9B2-4517-BBFC-217237B7ACBD} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED [TASK][SUSP PATH] {694F481D-DCB3-4F5E-A46D-CFCDD967C649} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED [TASK][SUSP PATH] {92D5CB8F-F8CB-4D5C-B76A-137FFD0D8F02} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED [TASK][SUSP PATH] {F6B8DF11-F137-4A68-803A-A70AB69C4D66} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20071015125552984_driver.zip\Install.exe -> DELETED [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++ --- User --- [MBR] 50048008bcc35aaa2dd6c553ee8fcf83 [BSP] b448955cbca8f9bc1c6ee9029be01294 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SD Card +++++ --- User --- [MBR] 83b42057fb3fd1d945874c9bf1406a5b [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown Partition table: 0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt RogueKiller V8.1.1 [10/03/2012] by Tigzy mail: tigzyRKgmailcom Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Joshua [Admin rights] Mode : Remove -- Date : 10/07/2012 17:12:26 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 12 ¤¤¤ [RUN][SUSP PATH] HKCU\[...]\Run : DelayShred ("c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5") -> DELETED [TASK][SUSP PATH] {4212613E-348A-418D-8F0A-C92E3EBE61C9} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20070419083726031_driver_20070322.zip\Install.exe -> DELETED [TASK][SUSP PATH] {479D5D0E-11FF-4DD1-BF7A-F5855814D1D3} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED [TASK][SUSP PATH] {5FCA52B1-D9B2-4517-BBFC-217237B7ACBD} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED [TASK][SUSP PATH] {694F481D-DCB3-4F5E-A46D-CFCDD967C649} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED [TASK][SUSP PATH] {92D5CB8F-F8CB-4D5C-B76A-137FFD0D8F02} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED [TASK][SUSP PATH] {F6B8DF11-F137-4A68-803A-A70AB69C4D66} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20071015125552984_driver.zip\Install.exe -> DELETED [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++ --- User --- [MBR] 50048008bcc35aaa2dd6c553ee8fcf83 [BSP] b448955cbca8f9bc1c6ee9029be01294 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SD Card +++++ --- User --- [MBR] 83b42057fb3fd1d945874c9bf1406a5b [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown Partition table: 0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt RogueKiller V8.1.1 [10/03/2012] by Tigzy mail: tigzyRKgmailcom Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Joshua [Admin rights] Mode : Remove -- Date : 10/07/2012 17:12:26 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 12 ¤¤¤ [RUN][SUSP PATH] HKCU\[...]\Run : DelayShred ("c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5") -> DELETED [TASK][SUSP PATH] {4212613E-348A-418D-8F0A-C92E3EBE61C9} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20070419083726031_driver_20070322.zip\Install.exe -> DELETED [TASK][SUSP PATH] {479D5D0E-11FF-4DD1-BF7A-F5855814D1D3} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED [TASK][SUSP PATH] {5FCA52B1-D9B2-4517-BBFC-217237B7ACBD} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED [TASK][SUSP PATH] {694F481D-DCB3-4F5E-A46D-CFCDD967C649} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED [TASK][SUSP PATH] {92D5CB8F-F8CB-4D5C-B76A-137FFD0D8F02} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED [TASK][SUSP PATH] {F6B8DF11-F137-4A68-803A-A70AB69C4D66} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20071015125552984_driver.zip\Install.exe -> DELETED [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++ --- User --- [MBR] 50048008bcc35aaa2dd6c553ee8fcf83 [BSP] b448955cbca8f9bc1c6ee9029be01294 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SD Card +++++ --- User --- [MBR] 83b42057fb3fd1d945874c9bf1406a5b [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown Partition table: 0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt RogueKiller V8.1.1 [10/03/2012] by Tigzy mail: tigzyRKgmailcom Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Joshua [Admin rights] Mode : Remove -- Date : 10/07/2012 17:12:26 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 12 ¤¤¤ [RUN][SUSP PATH] HKCU\[...]\Run : DelayShred ("c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5") -> DELETED [TASK][SUSP PATH] {4212613E-348A-418D-8F0A-C92E3EBE61C9} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20070419083726031_driver_20070322.zip\Install.exe -> DELETED [TASK][SUSP PATH] {479D5D0E-11FF-4DD1-BF7A-F5855814D1D3} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED [TASK][SUSP PATH] {5FCA52B1-D9B2-4517-BBFC-217237B7ACBD} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED [TASK][SUSP PATH] {694F481D-DCB3-4F5E-A46D-CFCDD967C649} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED [TASK][SUSP PATH] {92D5CB8F-F8CB-4D5C-B76A-137FFD0D8F02} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED [TASK][SUSP PATH] {F6B8DF11-F137-4A68-803A-A70AB69C4D66} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20071015125552984_driver.zip\Install.exe -> DELETED [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++ --- User --- [MBR] 50048008bcc35aaa2dd6c553ee8fcf83 [BSP] b448955cbca8f9bc1c6ee9029be01294 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SD Card +++++ --- User --- [MBR] 83b42057fb3fd1d945874c9bf1406a5b [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown Partition table: 0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt 17:46:09.0625 7552 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24 17:46:11.0627 7552 ============================================================ 17:46:11.0627 7552 Current date / time: 2012/10/07 17:46:11.0627 17:46:11.0627 7552 SystemInfo: 17:46:11.0627 7552 17:46:11.0628 7552 OS Version: 6.1.7601 ServicePack: 1.0 17:46:11.0628 7552 Product type: Workstation 17:46:11.0628 7552 ComputerName: JOSHUA-PC 17:46:11.0628 7552 UserName: Joshua 17:46:11.0628 7552 Windows directory: C:\Windows 17:46:11.0628 7552 System windows directory: C:\Windows 17:46:11.0628 7552 Running under WOW64 17:46:11.0628 7552 Processor architecture: Intel X64 17:46:11.0628 7552 Number of processors: 4 17:46:11.0628 7552 Page size: 0x1000 17:46:11.0628 7552 Boot type: Normal boot 17:46:11.0628 7552 ============================================================ 17:46:12.0249 7552 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:46:12.0297 7552 Drive \Device\Harddisk1\DR1 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 17:46:12.0303 7552 ============================================================ 17:46:12.0303 7552 \Device\Harddisk0\DR0: 17:46:12.0304 7552 MBR partitions: 17:46:12.0304 7552 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000 17:46:12.0304 7552 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030 17:46:12.0304 7552 \Device\Harddisk1\DR1: 17:46:12.0305 7552 MBR partitions: 17:46:12.0305 7552 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00 17:46:12.0305 7552 ============================================================ 17:46:12.0337 7552 C: <-> \Device\Harddisk0\DR0\Partition2 17:46:12.0337 7552 ============================================================ 17:46:12.0338 7552 Initialize success 17:46:12.0338 7552 ============================================================ 17:46:52.0104 7660 ============================================================ 17:46:52.0104 7660 Scan started 17:46:52.0104 7660 Mode: Manual; 17:46:52.0104 7660 ============================================================ 17:46:52.0392 7660 ================ Scan system memory ======================== 17:46:52.0392 7660 System memory - ok 17:46:52.0393 7660 ================ Scan services ============================= 17:46:52.0601 7660 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 17:46:52.0664 7660 1394ohci - ok 17:46:52.0745 7660 [ 426E0E8127BAC7D5DDEE8251F104E053 ] AbsoluteNotifier C:\Program Files (x86)\Absolute SOFTWARE\Absolute Notifier\AbsoluteNotifierService.exe 17:46:52.0813 7660 AbsoluteNotifier - ok 17:46:52.0986 7660 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 17:46:53.0041 7660 ACPI - ok 17:46:53.0100 7660 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 17:46:53.0170 7660 AcpiPmi - ok 17:46:53.0330 7660 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 17:46:53.0407 7660 AdobeFlashPlayerUpdateSvc - ok 17:46:53.0462 7660 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 17:46:53.0481 7660 adp94xx - ok 17:46:53.0530 7660 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 17:46:53.0541 7660 adpahci - ok 17:46:53.0562 7660 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 17:46:53.0571 7660 adpu320 - ok 17:46:53.0605 7660 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 17:46:53.0607 7660 AeLookupSvc - ok 17:46:53.0711 7660 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe 17:46:53.0774 7660 AESTFilters - ok 17:46:53.0866 7660 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 17:46:53.0870 7660 AFD - ok 17:46:53.0901 7660 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 17:46:53.0905 7660 agp440 - ok 17:46:53.0932 7660 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 17:46:53.0933 7660 ALG - ok 17:46:53.0956 7660 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 17:46:53.0960 7660 aliide - ok 17:46:53.0983 7660 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 17:46:53.0985 7660 amdide - ok 17:46:54.0019 7660 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 17:46:54.0022 7660 AmdK8 - ok 17:46:54.0054 7660 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 17:46:54.0057 7660 AmdPPM - ok 17:46:54.0118 7660 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 17:46:54.0167 7660 amdsata - ok 17:46:54.0185 7660 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 17:46:54.0191 7660 amdsbs - ok 17:46:54.0220 7660 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 17:46:54.0267 7660 amdxata - ok 17:46:54.0299 7660 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 17:46:54.0343 7660 AppID - ok 17:46:54.0361 7660 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 17:46:54.0365 7660 AppIDSvc - ok 17:46:54.0407 7660 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 17:46:54.0467 7660 Appinfo - ok 17:46:54.0499 7660 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 17:46:54.0502 7660 arc - ok 17:46:54.0518 7660 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 17:46:54.0524 7660 arcsas - ok 17:46:54.0563 7660 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 17:46:54.0573 7660 AsyncMac - ok 17:46:54.0633 7660 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 17:46:54.0634 7660 atapi - ok 17:46:54.0696 7660 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 17:46:54.0766 7660 AudioEndpointBuilder - ok 17:46:54.0793 7660 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 17:46:54.0835 7660 AudioSrv - ok 17:46:54.0902 7660 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 17:46:54.0952 7660 AxInstSV - ok 17:46:54.0982 7660 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 17:46:54.0990 7660 b06bdrv - ok 17:46:55.0008 7660 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 17:46:55.0014 7660 b57nd60a - ok 17:46:55.0067 7660 [ AC4E2D84DE54CD3A013AEFF0CC56095C ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys 17:46:55.0115 7660 BCM42RLY - ok 17:46:55.0754 7660 [ 8B5D16D20774FC3727F44E161BE2C0AC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys 17:46:55.0772 7660 BCM43XX - ok 17:46:55.0927 7660 [ D224B2E6BB543F1D8F1177D57FEC2950 ] BcmVWL C:\Windows\system32\DRIVERS\bcmvwl64.sys 17:46:55.0992 7660 BcmVWL - ok 17:46:56.0035 7660 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 17:46:56.0037 7660 BDESVC - ok 17:46:56.0334 7660 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 17:46:56.0340 7660 Beep - ok 17:46:56.0416 7660 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 17:46:56.0421 7660 BFE - ok 17:46:56.0517 7660 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 17:46:56.0524 7660 BITS - ok 17:46:56.0711 7660 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 17:46:56.0720 7660 blbdrive - ok 17:46:56.0916 7660 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 17:46:56.0918 7660 bowser - ok 17:46:56.0966 7660 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 17:46:56.0975 7660 BrFiltLo - ok 17:46:56.0999 7660 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 17:46:57.0005 7660 BrFiltUp - ok 17:46:57.0053 7660 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 17:46:57.0058 7660 BridgeMP - ok 17:46:57.0126 7660 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 17:46:57.0128 7660 Browser - ok 17:46:57.0249 7660 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 17:46:57.0264 7660 Brserid - ok 17:46:57.0305 7660 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 17:46:57.0310 7660 BrSerWdm - ok 17:46:57.0351 7660 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 17:46:57.0358 7660 BrUsbMdm - ok 17:46:57.0413 7660 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 17:46:57.0417 7660 BrUsbSer - ok 17:46:57.0596 7660 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 17:46:57.0600 7660 BthEnum - ok 17:46:57.0633 7660 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 17:46:57.0635 7660 BTHMODEM - ok 17:46:57.0802 7660 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 17:46:57.0806 7660 BthPan - ok 17:46:58.0137 7660 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 17:46:58.0185 7660 BTHPORT - ok 17:46:58.0216 7660 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 17:46:58.0217 7660 bthserv - ok 17:46:58.0275 7660 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 17:46:58.0319 7660 BTHUSB - ok 17:46:58.0366 7660 [ D3466F77C2C49C6E393BA5FBA963A33E ] btusbflt C:\Windows\system32\drivers\btusbflt.sys 17:46:58.0415 7660 btusbflt - ok 17:46:58.0609 7660 [ AF838D8029AE7C27470862D63FA54D24 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 17:46:58.0680 7660 btwaudio - ok 17:46:58.0729 7660 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys 17:46:58.0779 7660 btwavdt - ok 17:46:58.0838 7660 [ 10FFB5FA51D5713D872B41A59DFC2213 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 17:46:58.0909 7660 btwdins - ok 17:46:58.0928 7660 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys 17:46:58.0973 7660 btwl2cap - ok 17:46:59.0033 7660 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 17:46:59.0101 7660 btwrchid - ok 17:46:59.0116 7660 catchme - ok 17:46:59.0142 7660 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 17:46:59.0147 7660 cdfs - ok 17:46:59.0182 7660 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 17:46:59.0227 7660 cdrom - ok 17:46:59.0269 7660 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 17:46:59.0271 7660 CertPropSvc - ok 17:46:59.0314 7660 [ 274CE03459896006F7A5069266E0469E ] cfwids C:\Windows\system32\drivers\cfwids.sys 17:46:59.0379 7660 cfwids - ok 17:46:59.0408 7660 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 17:46:59.0411 7660 circlass - ok 17:46:59.0481 7660 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 17:46:59.0484 7660 CLFS - ok 17:46:59.0696 7660 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:46:59.0701 7660 clr_optimization_v2.0.50727_32 - ok 17:46:59.0751 7660 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 17:46:59.0761 7660 clr_optimization_v2.0.50727_64 - ok 17:46:59.0834 7660 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:46:59.0894 7660 clr_optimization_v4.0.30319_32 - ok 17:46:59.0970 7660 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 17:47:00.0033 7660 clr_optimization_v4.0.30319_64 - ok 17:47:00.0073 7660 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 17:47:00.0077 7660 CmBatt - ok 17:47:00.0092 7660 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 17:47:00.0095 7660 cmdide - ok 17:47:00.0137 7660 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 17:47:00.0140 7660 CNG - ok 17:47:00.0177 7660 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 17:47:00.0181 7660 Compbatt - ok 17:47:00.0223 7660 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 17:47:00.0276 7660 CompositeBus - ok 17:47:00.0281 7660 COMSysApp - ok 17:47:00.0294 7660 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 17:47:00.0296 7660 crcdisk - ok 17:47:00.0323 7660 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll 17:47:00.0324 7660 CryptSvc - ok 17:47:00.0387 7660 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys 17:47:00.0432 7660 CtClsFlt - ok 17:47:00.0536 7660 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 17:47:00.0547 7660 cvhsvc - ok 17:47:00.0594 7660 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 17:47:00.0659 7660 DcomLaunch - ok 17:47:00.0728 7660 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 17:47:00.0730 7660 defragsvc - ok 17:47:00.0835 7660 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 17:47:00.0838 7660 DfsC - ok 17:47:00.0870 7660 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 17:47:00.0873 7660 Dhcp - ok 17:47:00.0921 7660 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 17:47:00.0922 7660 discache - ok 17:47:00.0935 7660 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 17:47:00.0941 7660 Disk - ok 17:47:00.0976 7660 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 17:47:00.0978 7660 Dnscache - ok 17:47:01.0016 7660 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 17:47:01.0018 7660 dot3svc - ok 17:47:01.0055 7660 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 17:47:01.0057 7660 DPS - ok 17:47:01.0073 7660 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 17:47:01.0078 7660 drmkaud - ok 17:47:01.0134 7660 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 17:47:01.0207 7660 DXGKrnl - ok 17:47:01.0248 7660 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 17:47:01.0252 7660 EapHost - ok 17:47:01.0356 7660 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 17:47:01.0395 7660 ebdrv - ok 17:47:01.0421 7660 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 17:47:01.0470 7660 EFS - ok 17:47:01.0576 7660 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 17:47:01.0638 7660 ehRecvr - ok 17:47:01.0666 7660 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 17:47:01.0667 7660 ehSched - ok 17:47:01.0699 7660 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 17:47:01.0706 7660 elxstor - ok 17:47:01.0738 7660 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 17:47:01.0741 7660 ErrDev - ok 17:47:01.0904 7660 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 17:47:01.0911 7660 EventSystem - ok 17:47:01.0950 7660 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 17:47:01.0960 7660 exfat - ok 17:47:02.0029 7660 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 17:47:02.0032 7660 fastfat - ok 17:47:02.0084 7660 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 17:47:02.0144 7660 Fax - ok 17:47:02.0172 7660 [ D765D19CD8EF61F650C384F62FAC00AB ] FDC C:\Windows\system32\DRIVERS\fdc.sys 17:47:02.0176 7660 fdc - ok 17:47:02.0212 7660 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 17:47:02.0219 7660 fdPHost - ok 17:47:02.0232 7660 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 17:47:02.0234 7660 FDResPub - ok 17:47:02.0310 7660 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 17:47:02.0311 7660 FileInfo - ok 17:47:02.0322 7660 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 17:47:02.0323 7660 Filetrace - ok 17:47:02.0362 7660 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 17:47:02.0369 7660 flpydisk - ok 17:47:02.0414 7660 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 17:47:02.0418 7660 FltMgr - ok 17:47:02.0487 7660 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 17:47:02.0500 7660 FontCache - ok 17:47:02.0574 7660 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 17:47:02.0645 7660 FontCache3.0.0.0 - ok 17:47:02.0669 7660 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 17:47:02.0670 7660 FsDepends - ok 17:47:02.0725 7660 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 17:47:02.0794 7660 fssfltr - ok 17:47:02.0994 7660 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 17:47:03.0065 7660 fsssvc - ok 17:47:03.0124 7660 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 17:47:03.0192 7660 Fs_Rec - ok 17:47:03.0251 7660 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 17:47:03.0255 7660 fvevol - ok 17:47:03.0276 7660 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 17:47:03.0285 7660 gagp30kx - ok 17:47:03.0365 7660 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 17:47:03.0436 7660 GamesAppService - ok 17:47:03.0490 7660 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe 17:47:03.0562 7660 GoToAssist - ok 17:47:03.0622 7660 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 17:47:03.0627 7660 gpsvc - ok 17:47:03.0700 7660 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:47:03.0771 7660 gupdate - ok 17:47:03.0789 7660 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:47:03.0854 7660 gupdatem - ok 17:47:03.0884 7660 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 17:47:03.0886 7660 gusvc - ok 17:47:03.0922 7660 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 17:47:03.0925 7660 hcw85cir - ok 17:47:04.0001 7660 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 17:47:04.0056 7660 HdAudAddService - ok 17:47:04.0081 7660 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 17:47:04.0125 7660 HDAudBus - ok 17:47:04.0243 7660 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 17:47:04.0288 7660 HECIx64 - ok 17:47:04.0334 7660 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 17:47:04.0337 7660 HidBatt - ok 17:47:04.0342 7660 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 17:47:04.0346 7660 HidBth - ok 17:47:04.0350 7660 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 17:47:04.0353 7660 HidIr - ok 17:47:04.0373 7660 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 17:47:04.0374 7660 hidserv - ok 17:47:04.0412 7660 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 17:47:04.0461 7660 HidUsb - ok 17:47:04.0485 7660 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 17:47:04.0487 7660 hkmsvc - ok 17:47:04.0527 7660 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 17:47:04.0587 7660 HomeGroupListener - ok 17:47:04.0622 7660 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 17:47:04.0625 7660 HomeGroupProvider - ok 17:47:04.0660 7660 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 17:47:04.0712 7660 HpSAMD - ok 17:47:04.0775 7660 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 17:47:04.0829 7660 HTTP - ok 17:47:04.0896 7660 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 17:47:04.0932 7660 hwpolicy - ok 17:47:04.0985 7660 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 17:47:04.0997 7660 i8042prt - ok 17:47:05.0043 7660 [ 2064090C9FAAD92C090D77E50E735B2E ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 17:47:05.0049 7660 iaStor - ok 17:47:05.0102 7660 [ A9BE186ABF28B3D3D698CB855EDF457E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 17:47:05.0103 7660 IAStorDataMgrSvc - ok 17:47:05.0167 7660 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 17:47:05.0232 7660 iaStorV - ok 17:47:05.0386 7660 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 17:47:05.0454 7660 idsvc - ok 17:47:05.0772 7660 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 17:47:05.0859 7660 igfx - ok 17:47:05.0939 7660 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 17:47:05.0948 7660 iirsp - ok 17:47:06.0042 7660 [ 54E0F4CCD6CE99A807459AF928DD64AC ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE 17:47:06.0045 7660 IJPLMSVC - ok 17:47:06.0098 7660 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 17:47:06.0106 7660 IKEEXT - ok 17:47:06.0148 7660 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys 17:47:06.0200 7660 Impcd - ok 17:47:06.0249 7660 [ C6C1F19205DA83C801BE7C25F4E2EE07 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 17:47:06.0297 7660 IntcDAud - ok 17:47:06.0318 7660 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 17:47:06.0320 7660 intelide - ok 17:47:06.0431 7660 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 17:47:06.0432 7660 intelppm - ok 17:47:06.0503 7660 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 17:47:06.0505 7660 IPBusEnum - ok 17:47:06.0558 7660 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:47:06.0625 7660 IpFilterDriver - ok 17:47:06.0668 7660 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 17:47:06.0712 7660 iphlpsvc - ok 17:47:06.0761 7660 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 17:47:06.0806 7660 IPMIDRV - ok 17:47:06.0841 7660 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 17:47:06.0846 7660 IPNAT - ok 17:47:06.0863 7660 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 17:47:06.0864 7660 IRENUM - ok 17:47:06.0906 7660 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 17:47:06.0909 7660 isapnp - ok 17:47:06.0951 7660 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 17:47:07.0004 7660 iScsiPrt - ok 17:47:07.0068 7660 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 17:47:07.0075 7660 kbdclass - ok 17:47:07.0121 7660 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 17:47:07.0180 7660 kbdhid - ok 17:47:07.0198 7660 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 17:47:07.0246 7660 KeyIso - ok 17:47:07.0289 7660 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 17:47:07.0292 7660 KSecDD - ok 17:47:07.0331 7660 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 17:47:07.0334 7660 KSecPkg - ok 17:47:07.0376 7660 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 17:47:07.0381 7660 ksthunk - ok 17:47:07.0408 7660 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 17:47:07.0420 7660 KtmRm - ok 17:47:07.0473 7660 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 17:47:07.0515 7660 LanmanServer - ok 17:47:07.0571 7660 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 17:47:07.0613 7660 LanmanWorkstation - ok 17:47:07.0694 7660 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 17:47:07.0703 7660 lltdio - ok 17:47:07.0741 7660 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 17:47:07.0750 7660 lltdsvc - ok 17:47:07.0762 7660 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 17:47:07.0769 7660 lmhosts - ok 17:47:07.0821 7660 [ 23DE5B62B0445A6F874BE633C95B483E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 17:47:07.0905 7660 LMS - ok 17:47:07.0928 7660 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 17:47:07.0932 7660 LSI_FC - ok 17:47:07.0946 7660 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 17:47:07.0949 7660 LSI_SAS - ok 17:47:07.0965 7660 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 17:47:07.0968 7660 LSI_SAS2 - ok 17:47:07.0973 7660 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 17:47:07.0977 7660 LSI_SCSI - ok 17:47:08.0020 7660 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 17:47:08.0021 7660 luafv - ok 17:47:08.0060 7660 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 17:47:08.0106 7660 MBAMProtector - ok 17:47:08.0163 7660 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 17:47:08.0223 7660 MBAMScheduler - ok 17:47:08.0253 7660 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 17:47:08.0318 7660 MBAMService - ok 17:47:08.0461 7660 [ ACB01BF1A905356AB7F978C7FE852209 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 17:47:08.0465 7660 McAfee SiteAdvisor Service - ok 17:47:08.0477 7660 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 17:47:08.0480 7660 McMPFSvc - ok 17:47:08.0513 7660 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 17:47:08.0516 7660 mcmscsvc - ok 17:47:08.0549 7660 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 17:47:08.0552 7660 McNaiAnn - ok 17:47:08.0559 7660 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 17:47:08.0562 7660 McNASvc - ok 17:47:08.0637 7660 [ 44D0DA102FA7A1BE22FD7499E80DCF9B ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe 17:47:08.0706 7660 McODS - ok 17:47:08.0750 7660 [ ACB01BF1A905356AB7F978C7FE852209 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 17:47:08.0752 7660 McOobeSv - ok 17:47:08.0790 7660 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 17:47:08.0792 7660 McProxy - ok 17:47:08.0885 7660 [ E998E3B12101288D716558466CBF6AE1 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 17:47:08.0888 7660 McShield - ok 17:47:08.0923 7660 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 17:47:08.0969 7660 Mcx2Svc - ok 17:47:08.0998 7660 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 17:47:09.0002 7660 megasas - ok 17:47:09.0023 7660 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 17:47:09.0030 7660 MegaSR - ok 17:47:09.0064 7660 [ 01884CB7655C8908B43FF5E364FE6FD2 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys 17:47:09.0113 7660 mfeapfk - ok 17:47:09.0150 7660 [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys 17:47:09.0203 7660 mfeavfk - ok 17:47:09.0229 7660 mfeavfk01 - ok 17:47:09.0299 7660 [ B26782C3D6045B4464017D7926877560 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe 17:47:09.0301 7660 mfefire - ok 17:47:09.0362 7660 [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys 17:47:09.0432 7660 mfefirek - ok 17:47:09.0480 7660 [ 60CF67458DD29CD17E77F2327B1A9A54 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys 17:47:09.0489 7660 mfehidk - ok 17:47:09.0527 7660 [ A8129CFB919347F8533C934B365E9202 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys 17:47:09.0529 7660 mfenlfk - ok 17:47:09.0576 7660 [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet C:\Windows\system32\drivers\mferkdet.sys 17:47:09.0625 7660 mferkdet - ok 17:47:09.0690 7660 [ 723A5EB6CEF7F408C3D0F15A82A6BFF8 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe 17:47:09.0691 7660 mfevtp - ok 17:47:09.0715 7660 [ 919C56DB14A0E1E2AB6DA5D2821DC26E ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys 17:47:09.0717 7660 mfewfpk - ok 17:47:09.0747 7660 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 17:47:09.0749 7660 MMCSS - ok 17:47:09.0782 7660 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 17:47:09.0784 7660 Modem - ok 17:47:09.0931 7660 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 17:47:09.0936 7660 monitor - ok 17:47:09.0953 7660 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys 17:47:09.0957 7660 mouclass - ok 17:47:09.0973 7660 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 17:47:09.0977 7660 mouhid - ok 17:47:10.0007 7660 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 17:47:10.0008 7660 mountmgr - ok 17:47:10.0110 7660 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 17:47:10.0174 7660 MozillaMaintenance - ok 17:47:10.0208 7660 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 17:47:10.0256 7660 mpio - ok 17:47:10.0280 7660 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 17:47:10.0286 7660 mpsdrv - ok 17:47:10.0330 7660 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 17:47:10.0336 7660 MpsSvc - ok 17:47:10.0373 7660 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 17:47:10.0441 7660 MRxDAV - ok 17:47:10.0491 7660 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 17:47:10.0493 7660 mrxsmb - ok 17:47:10.0524 7660 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:47:10.0526 7660 mrxsmb10 - ok 17:47:10.0568 7660 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:47:10.0569Please download MiniToolBox to Desktop and run it. Checkmark the following boxes:
Ran by Joshua (administrator) on 08-10-2012 at 11:24:14 Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ DW1501 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Connected) REALTEK PCIe FE Family Controller = Local Area Connection (Media disconnected) Broadcom Virtual Wireless Adapter = Local Area Connection 2 (Media disconnected) Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.1.72 metric=1 publish=Yes popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : Joshua-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : gateway.2wire.net Wireless LAN adapter Wireless Network Connection 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter Physical Address. . . . . . . . . : C0-CB-38-95-C5-6C DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Local Area Connection 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom Virtual Wireless Adapter Physical Address. . . . . . . . . : C0-CB-38-95-C5-6C DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : gateway.2wire.net Description . . . . . . . . . . . : DW1501 Wireless-N WLAN Half-Mini Card Physical Address. . . . . . . . . : C0-CB-38-95-C5-6C DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::3d3d:c5a:25ec:b91f%12(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.72(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Saturday, October 06, 2012 12:41:46 PM Lease Expires . . . . . . . . . . : Tuesday, October 09, 2012 11:17:03 AM Default Gateway . . . . . . . . . : 192.168.1.254 DHCP Server . . . . . . . . . . . : 192.168.1.254 DHCPv6 IAID . . . . . . . . . . . : 247515960 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-C2-1D-F5-F0-4D-A2-C8-56-6C DNS Servers . . . . . . . . . . . : 192.168.1.254 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek PCIe FE Family Controller Physical Address. . . . . . . . . : F0-4D-A2-C8-56-6C DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.gateway.2wire.net: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : gateway.2wire.net Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1856:282a:b973:6c43(Preferred) Link-local IPv6 Address . . . . . : fe80::1856:282a:b973:6c43%19(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter isatap.{78D026F0-6BF5-439A-BB4F-3D506194B4E6}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{92522764-F5CA-4CE5-A3A1-22D349C2C0C4}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{C39F09A7-04CC-403D-9070-C7E8AADE3F77}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Server: homeportal Address: 192.168.1.254 Name: google.com Addresses: 2607:f8b0:4000:801::1007 74.125.227.0 74.125.227.1 74.125.227.2 74.125.227.3 74.125.227.4 74.125.227.5 74.125.227.6 74.125.227.7 74.125.227.8 74.125.227.9 74.125.227.14 Pinging google.com [74.125.227.66] with 32 bytes of data: Reply from 74.125.227.66: bytes=32 time=90ms TTL=52 Reply from 74.125.227.66: bytes=32 time=120ms TTL=52 Ping statistics for 74.125.227.66: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 90ms, Maximum = 120ms, Average = 105ms Server: homeportal Address: 192.168.1.254 Name: yahoo.com Addresses: 72.30.38.140 98.138.253.109 98.139.183.24 Pinging yahoo.com [72.30.38.140] with 32 bytes of data: Reply from 72.30.38.140: bytes=32 time=966ms TTL=48 Reply from 72.30.38.140: bytes=32 time=1146ms TTL=48 Ping statistics for 72.30.38.140: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 966ms, Maximum = 1146ms, Average = 1056ms Server: homeportal Address: 192.168.1.254 Name: bleepingcomputer.com Address: 208.43.87.2 Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data: Reply from 208.43.87.2: Destination host unreachable. Reply from 208.43.87.2: Destination host unreachable. Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 17...c0 cb 38 95 c5 6c ......Microsoft Virtual WiFi Miniport Adapter 13...c0 cb 38 95 c5 6c ......Broadcom Virtual Wireless Adapter 12...c0 cb 38 95 c5 6c ......DW1501 Wireless-N WLAN Half-Mini Card 10...f0 4d a2 c8 56 6c ......Realtek PCIe FE Family Controller 1...........................Software Loopback Interface 1 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3 22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.72 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 169.254.0.0 255.255.0.0 On-link 192.168.1.72 26 169.254.255.255 255.255.255.255 On-link 192.168.1.72 281 192.168.1.0 255.255.255.0 On-link 192.168.1.72 281 192.168.1.72 255.255.255.255 On-link 192.168.1.72 281 192.168.1.255 255.255.255.255 On-link 192.168.1.72 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.72 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.72 281 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 169.254.0.0 255.255.0.0 192.168.1.72 1 =========================================================================== IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 19 58 ::/0 On-link 1 306 ::1/128 On-link 19 58 2001::/32 On-link 19 306 2001:0:4137:9e76:1856:282a:b973:6c43/128 On-link 12 281 fe80::/64 On-link 19 306 fe80::/64 On-link 19 306 fe80::1856:282a:b973:6c43/128 On-link 12 281 fe80::3d3d:c5a:25ec:b91f/128 On-link 1 306 ff00::/8 On-link 19 306 ff00::/8 On-link 12 281 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Event log errors: =============================== Application errors: ================== Error: (10/05/2012 10:04:41 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/05/2012 10:03:23 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/04/2012 10:06:30 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/04/2012 10:06:30 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/03/2012 10:47:19 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/03/2012 10:44:01 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/03/2012 10:42:51 PM) (Source: Microsoft-Windows-Defrag) (User: ) Description: The volume (H:) was not defragmented because an error was encountered: The disk was disconnected from the system. (0x89000011) Error: (10/03/2012 10:42:38 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/03/2012 07:35:03 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/03/2012 07:34:58 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (10/04/2012 10:46:03 AM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error: (10/04/2012 10:45:33 AM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error: (10/04/2012 08:09:13 AM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error: (10/02/2012 10:09:26 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error: (10/02/2012 10:08:56 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error: (10/02/2012 10:05:28 PM) (Source: DCOM) (User: ) Description: 1084McNaiAnn{DC7EF8E1-824F-4110-AB43-1604DA9B4F40} Error: (10/02/2012 10:02:03 PM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (10/02/2012 10:02:03 PM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (10/02/2012 10:02:03 PM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (10/02/2012 10:02:03 PM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Microsoft Office Sessions: ========================= Error: (10/05/2012 10:04:41 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (10/05/2012 10:03:23 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe Error: (10/04/2012 10:06:30 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe Error: (10/04/2012 10:06:30 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe Error: (10/03/2012 10:47:19 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Joshua\Desktop\esetsmartinstaller_enu.exe Error: (10/03/2012 10:44:01 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (10/03/2012 10:42:51 PM) (Source: Microsoft-Windows-Defrag)(User: ) Description: (H:)The disk was disconnected from the system. (0x89000011) Error: (10/03/2012 10:42:38 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe Error: (10/03/2012 07:35:03 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Joshua\Desktop\esetsmartinstaller_enu.exe Error: (10/03/2012 07:34:58 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Joshua\Desktop\esetsmartinstaller_enu.exe ========================= Memory info: =================================== Percentage of memory in use: 34% Total physical RAM: 3894.68 MB Available physical RAM: 2536.79 MB Total Pagefile: 7787.56 MB Available Pagefile: 5084.63 MB Total Virtual: 4095.88 MB Available Virtual: 3963.11 MB ========================= Partitions: ===================================== 1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:364.94 GB) NTFS 4 Drive h: () (Removable) (Total:3.69 GB) (Free:0.02 GB) FAT32 ========================= Users: ======================================== User accounts for \\JOSHUA-PC Administrator Guest Joshua **** End of log **** The internet speed seems acceptable. I really can't see what would cause the slowness you speak of. Did you try another browser?I tried another browser and it is working alittle better but I seem to be have a problem loading videos.Please try disabling all your add-ons to see if that makes any difference. |
|
| 79. |
Solve : Random BSODs? |
|
Answer» Quote I went to the site. I have a service pack 3 automatic update ready to install on my computer. Should I install it? Do I need the KEY number, because I don't have it?Please install it. You don't need the key.I installed service pack 3.Quote from: simplyred on October 09, 2012, 09:27:13 AM I installed service pack 3.Ok. Where are we now in regards to repairing your computer? Quote from: SuperDave on October 09, 2012, 12:40:02 PM Ok. Where are we now in regards to repairing your computer? The service pack 3 hasn't solved the issue. The site that you told me to go, says I should install something called drivercure to update my drivers. I haven't done that (should i?). I went to device MANAGER on my computer and it said that there were two problem devices: the video controller (vga compatible) and sm bus controller. They both say "The drivers for this device are not installed". I was using my computer today and then it froze after 15 minutes. When I restarted it, it booted but then it started to make a lot of noise (the fan?) and then it gave another bsod STOP 0X00000024 (0X001902FE, 0XF79F6524, 0XF79F6220, 0X8051B6ED) Quote The site that you told me to go, says I should install something called drivercure to update my drivers. I haven't done that (should i?).No, please don't do that. Quote When I restarted it, it booted but then it started to make a lot of noise (the fan?) and then it gave another bsodAre you sure it was a fan and not the harddrive? Can you open the box and determine where the noise is coming from?Sorry, it was the hard drive.Quote Sorry, it was the hard drive.Well, you will need a new harddrive but don't throw the old drive away. You may be able to SLAVE it and retrieve any important documents.Quote from: SuperDave on October 11, 2012, 12:40:30 PM Well, you will need a new harddrive but don't throw the old drive away. You may be able to slave it and retrieve any important documents. That would make it the third hard drive for this computer. There must be an underlying problem somewhere.Quote from: simplyred on October 12, 2012, 06:58:46 AM That would make it the third hard drive for this computer. There must be an underlying problem somewhere.It does SEEM a bit unusual. Perhaps you could start a new thread about this in the hardware forum.Quote from: SuperDave on October 12, 2012, 01:16:30 PM It does seem a bit unusual. Perhaps you could start a new thread about this in the hardware forum. OK, I do that. Thanks for your help.You're welcome. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 80. |
Solve : Computer Running Somewhat Slow? |
|
Answer» My computer has been slow. It got bad today once I tried download the free trial from ESRI arcGIS. Once I deleted it ran better but to be safe I followed the steps and have my logs below. Malwarebytes Anti-Malware 1.62.0.1300 2) MBAM Quote # AdwCleaner v2.000 - Logfile created 09/04/2012 at 22:33:40 3) DDS dds.txt Quote . attach.txt Quote . Hi there. Remove the Adware:
Please download and run TDSSKiller to your desktop as outlined below: Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. For Windows XP, double-click to start. For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. ------------------------- Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK. ------------------------ Click the Start Scan button. ----------------------- If a suspicious object is detected, the default action will be Skip, click on Continue If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose Skip and click on Continue ---------------------- If malicious objects are found, they will show in the Scan results and offer three (3) options. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed. -------------------- A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply. Sometimes these logs can be very large, in that case please attach it or zip it up and attach it. ------------------- Here's a summary of what to do if you would like to print it out: If a suspicious object is detected, the default action will be Skip, click on Continue If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose Skip and click on Continue If malicious objects are found, they will show in the Scan results and offer three (3) options. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.Log from adwcleaner.exe Quote # AdwCleaner v2.000 - Logfile created 09/09/2012 at 23:55:56As far as TDSSKiller.exe 1) It just downloaded the exe file to my desktop 2) I was able to run it on Vista without using "the run as administrator" right click steps.... it ran through 441 items...found 18 files -I could not find the "Cure" option only "Delete" "Skip" "Quarantine" -I selected "Quarantine" -When finished it did not ask to re-boot; nothing was neutralized I re-tried again right-clicking "run as administrator" -Same thing...444 items...18 bad files -No "cure" option so I quarantined, and no re-boot. I did find a report which is pasted below. Please let me know what I need to do. Thanks. Quote 00:26:05.0119 7664 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48Well I haven't heard back and it has been over a week. The PC is running better since I deleted the weather channel app (is this common to slow to down PCs)? I have re-run the initial scans. Please tell me if the PC needs work or is clean. Adw Quote # AdwCleaner v2.000 - Logfile created 09/13/2012 at 11:07:10 MBAM Quote Malwarebytes Anti-Malware 1.65.0.1400DDS.txt Quote . Attach.txt Quote .Sorry for that. I think the new board upgrade caused me to lose an email notification for this... Please let me know how your computer is running and any errors occurring.It is running well but TDSSKiller was (it appears) never run properly. According to my logs, do I need to anything or is it clean? Further, can I delete TDSS from the PC?Appears to be clean, honestly.PC was running slow today. I followed all the steps. 1) CCleaner showed some ACTIVEX. I got rid of it, last week it also showed ACTIVEX so am wondering how my PC keeps getting them. -After doing all 4 of these steps PC is running better. Prior to it was very slow and almost all programs were "Not Responding" (Office/Excel/Browser) 2) Here is AWC: Quote # AdwCleaner v2.004 - Logfile created 10/09/2012 at 22:20:57 3) Here is MABM: Quote Malwarebytes Anti-Malware 1.65.0.1400 4) Here is DDS: Attach Quote . DDS Quote .Hey what's going on? I asked four days ago and no answer? My PC ran well after doing those scans but now is crashing again. Little help?Sorry, bluecountry. DMJ is not receiving his notifications. I'll send him a pm.Please start a new topic, bluecountry. This one is closed. We like one main issue per topic. Also, make sure you're learning this information, as we don't usually like repeat customers. We believe you should be able to learn all of this and move on to be able to fix your computer. That's one reason why we're here. |
|
| 81. |
Solve : Disappearing Programs Problems - Directed Here From Original Thread? |
|
Answer» We need to fix the Master Boot Record using aswMBR now.
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-09-21 09:12:35 ----------------------------- 09:12:35.345 OS Version: Windows x64 6.1.7601 Service Pack 1 09:12:35.345 Number of processors: 4 586 0xA00 09:12:35.345 ComputerName: SCOTT-HP UserName: Scott 09:12:39.432 Initialize success 09:13:41.734 AVAST engine defs: 12092100 09:13:58.754 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f 09:13:58.770 Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 11 09:13:58.801 Disk 0 MBR read successfully 09:13:58.801 Disk 0 MBR scan 09:13:58.801 Disk 0 unknown MBR code 09:13:58.816 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 09:13:58.832 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1419282 MB offset 206848 09:13:58.863 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11415 MB offset 2906896384 09:13:58.926 Disk 0 scanning C:\Windows\system32\drivers 09:14:09.268 Service scanning 09:14:29.720 Modules scanning 09:14:29.736 Disk 0 trace - called modules: 09:14:29.767 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 09:14:29.783 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800778f790] 09:14:29.783 3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> [0xfffffa8007220ac0] 09:14:29.798 5 amd_xata.sys[fffff88000e878b4] -> nt!IofCallDriver -> \Device\0000005f[0xfffffa800721c9c0] 09:14:35.789 AVAST engine scan C:\Windows 09:14:42.575 AVAST engine scan C:\Windows\system32 09:18:19.477 AVAST engine scan C:\Windows\system32\drivers 09:18:34.641 AVAST engine scan C:\Users\Scott 11:10:17.208 AVAST engine scan C:\ProgramData 11:12:20.947 Scan finished successfully 11:34:27.961 Verifying 11:34:38.023 Disk 0 Windows 601 MBR fixed successfully 11:47:31.332 Disk 0 MBR has been saved successfully to "C:\Users\Scott\Desktop\MBR.dat" 11:47:31.348 The log file has been saved successfully to "C:\Users\Scott\Desktop\aswMBR.txt"Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop. Link 1 Link 2 Link 3 •Double-click on MBRCheck.exe to run it. •It will open a black window...please do not fix anything (if it gives you an option). •When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard. •A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop. •Please copy and paste the contents of that log in your next reply. ********************************************************* Please download Rooter and Save it to your desktop.
(c) 2010, AD Command-line: Windows Version:Windows 7 Home Premium Edition Windows Information:Service Pack 1 (build 7601), 64-bit Base Board Manufacturer:FOXCONN BIOS Manufacturer:American Megatrends Inc. System Manufacturer:Hewlett-Packard System Product Name:p7-1020 Logical Drives Mask:0x000101fc Kernel Drivers (total 173): 0x02C63000 \SystemRoot\system32\ntoskrnl.exe 0x02C1A000 \SystemRoot\system32\hal.dll 0x00BBB000 \SystemRoot\system32\kdcom.dll 0x00C7B000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll 0x00C88000 \SystemRoot\system32\PSHED.dll 0x00C9C000 \SystemRoot\system32\CLFS.SYS 0x00CFA000 \SystemRoot\system32\CI.dll 0x00E96000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00F3A000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00F49000 \SystemRoot\system32\drivers\ACPI.sys 0x00FA0000 \SystemRoot\system32\drivers\WMILIB.SYS 0x00FA9000 \SystemRoot\system32\drivers\msisadrv.sys 0x00FB3000 \SystemRoot\system32\drivers\pci.sys 0x00FE6000 \SystemRoot\system32\drivers\vdrvroot.sys 0x00E00000 \SystemRoot\System32\drivers\partmgr.sys 0x00E15000 \SystemRoot\system32\drivers\volmgr.sys 0x00E2A000 \SystemRoot\System32\drivers\volmgrx.sys 0x00DBA000 \SystemRoot\System32\drivers\mountmgr.sys 0x00DD4000 \SystemRoot\system32\drivers\amd_sata.sys 0x00C00000 \SystemRoot\system32\drivers\storport.sys 0x00E86000 \SystemRoot\system32\drivers\amd_xata.sys 0x00FF3000 \SystemRoot\system32\drivers\amdxata.sys 0x01040000 \SystemRoot\system32\drivers\fltmgr.sys 0x0108C000 \SystemRoot\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS 0x010FD000 \SystemRoot\system32\drivers\fileinfo.sys 0x012D0000 \SystemRoot\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS 0x013E8000 \SystemRoot\System32\Drivers\PxHlpa64.sys 0x0142B000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01200000 \SystemRoot\System32\Drivers\msrpc.sys 0x015CE000 \SystemRoot\System32\Drivers\ksecdd.sys 0x0125E000 \SystemRoot\System32\Drivers\cng.sys 0x015E9000 \SystemRoot\System32\drivers\pcw.sys 0x01400000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x016E5000 \SystemRoot\system32\drivers\ndis.sys 0x01600000 \SystemRoot\system32\drivers\NETIO.SYS 0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01800000 \SystemRoot\System32\drivers\tcpip.sys 0x0168A000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x01111000 \SystemRoot\system32\drivers\volsnap.sys 0x016D4000 \SystemRoot\System32\Drivers\spldr.sys 0x0115D000 \SystemRoot\System32\drivers\rdyboost.sys 0x017D7000 \SystemRoot\System32\Drivers\mup.sys 0x017E9000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01197000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x0140A000 \SystemRoot\system32\drivers\disk.sys 0x01000000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x017F2000 \SystemRoot\system32\drivers\AtiPcie64.sys 0x03E32000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x03F7A000 \SystemRoot\system32\drivers\N360x64\0603000.00E\SRTSPX64.SYS 0x03F8F000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 0x03FC7000 \SystemRoot\System32\Drivers\Null.SYS 0x03FD0000 \SystemRoot\System32\Drivers\Beep.SYS 0x03FD7000 \SystemRoot\System32\drivers\vga.sys 0x03E00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x03E5C000 \SystemRoot\System32\drivers\watchdog.sys 0x03E6C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x03E75000 \SystemRoot\system32\drivers\rdpencdd.sys 0x03E7E000 \SystemRoot\system32\drivers\rdprefmp.sys 0x03E87000 \SystemRoot\System32\Drivers\Msfs.SYS 0x03E92000 \SystemRoot\System32\Drivers\Npfs.SYS 0x03EA3000 \SystemRoot\system32\DRIVERS\tdx.sys 0x03EC5000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x03ED2000 \SystemRoot\system32\drivers\afd.sys 0x040B0000 \SystemRoot\System32\DRIVERS\netbt.sys 0x040F5000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x04100000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x04109000 \SystemRoot\system32\DRIVERS\pacer.sys 0x0412F000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x04145000 \SystemRoot\system32\DRIVERS\netbios.sys 0x04154000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x0416F000 \SystemRoot\system32\drivers\termdd.sys 0x04183000 \SystemRoot\System32\Drivers\N360x64\0603000.00E\SYMNETS.SYS 0x04000000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x04051000 \SystemRoot\system32\drivers\nsiproxy.sys 0x0405D000 \SystemRoot\system32\drivers\mssmbios.sys 0x0423E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120906.008\IDSvia64.sys 0x042C0000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 0x0433A000 \SystemRoot\System32\drivers\discache.sys 0x04349000 \SystemRoot\System32\Drivers\dfsc.sys 0x04367000 \SystemRoot\system32\drivers\blbdrive.sys 0x04378000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x0439E000 \SystemRoot\system32\drivers\amdppm.sys 0x043B3000 \SystemRoot\system32\DRIVERS\atikmpag.sys 0x0487D000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x02CA4000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x02D98000 \SystemRoot\System32\drivers\dxgmms1.sys 0x02C00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x04423000 \SystemRoot\system32\DRIVERS\netr28x.sys 0x04528000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x04535000 \SystemRoot\system32\DRIVERS\Rt64win7.sys 0x0459C000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x045A7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x04400000 \SystemRoot\system32\drivers\usbfilter.sys 0x0440D000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x02C24000 \SystemRoot\system32\drivers\wmiacpi.sys 0x02C2D000 \SystemRoot\system32\drivers\CompositeBus.sys 0x02C3D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x02C53000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x02C77000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x04F48000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x02C83000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x02DDE000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x04F77000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x04F91000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x04FA0000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x0441E000 \SystemRoot\system32\drivers\swenum.sys 0x04FAF000 \SystemRoot\system32\drivers\ks.sys 0x04800000 \SystemRoot\system32\DRIVERS\umbus.sys 0x04812000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x04200000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x068AB000 \SystemRoot\system32\drivers\HdAudio.sys 0x06907000 \SystemRoot\system32\drivers\portcls.sys 0x06944000 \SystemRoot\system32\drivers\drmk.sys 0x06966000 \SystemRoot\system32\drivers\ksthunk.sys 0x06A70000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x06CE1000 \SystemRoot\System32\Drivers\crashdmp.sys 0x06CEF000 \SystemRoot\System32\Drivers\dump_diskdump.sys 0x06CF9000 \SystemRoot\System32\Drivers\dump_amd_sata.sys 0x06D0F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x06D22000 \SystemRoot\system32\DRIVERS\usbprint.sys 0x06D2E000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x06D30000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x06D4D000 \SystemRoot\system32\DRIVERS\dc3d.sys 0x06D5F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x06D68000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x06D76000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x06D8F000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x06D9D000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x06DAA000 \SystemRoot\system32\DRIVERS\point64.sys 0x06DBA000 \SystemRoot\system32\DRIVERS\usbscan.sys 0x00070000 \SystemRoot\System32\win32k.sys 0x06DCB000 \SystemRoot\System32\drivers\Dxapi.sys 0x06DD7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x06DF2000 \SystemRoot\system32\DRIVERS\monitor.sys 0x005C0000 \SystemRoot\System32\TSDDD.dll 0x00770000 \SystemRoot\System32\cdd.dll 0x00820000 \SystemRoot\System32\ATMFD.DLL 0x06A00000 \SystemRoot\system32\drivers\luafv.sys 0x06A23000 \??\C:\Windows\system32\drivers\mbam.sys 0x06A2D000 \SystemRoot\system32\DRIVERS\Sftvollh.sys 0x06A38000 \SystemRoot\system32\drivers\WudfPf.sys 0x06A59000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x0696C000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x069BF000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x069D2000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x069EA000 \SystemRoot\system32\DRIVERS\vwifimp.sys 0x03A3C000 \SystemRoot\system32\drivers\HTTP.sys 0x03B05000 \SystemRoot\system32\DRIVERS\bowser.sys 0x03B23000 \SystemRoot\System32\drivers\mpsdrv.sys 0x03B3B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x03B68000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x03BB6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x03BDA000 \SystemRoot\System32\Drivers\adfs.SYS 0x06800000 \SystemRoot\system32\drivers\peauth.sys 0x03BF2000 \SystemRoot\System32\Drivers\secdrv.SYS 0x07004000 \SystemRoot\system32\DRIVERS\Sftfslh.sys 0x070C5000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys 0x07112000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x07143000 \SystemRoot\System32\drivers\tcpipreg.sys 0x07155000 \SystemRoot\System32\DRIVERS\srv2.sys 0x078CF000 \SystemRoot\System32\DRIVERS\srv.sys 0x07967000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys 0x07972000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x079A3000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x07871000 \SystemRoot\system32\DRIVERS\udfs.sys 0x0784A000 \??\C:\Users\Scott\AppData\Local\Temp\aswMBR.sys 0x079AE000 \SystemRoot\System32\Drivers\fastfat.SYS 0x079E4000 \SystemRoot\system32\DRIVERS\WSDScan.sys 0x079F0000 \SystemRoot\system32\DRIVERS\WSDPrint.sys 0x77860000 \Windows\System32\ntdll.dll 0x47FD0000 \Windows\System32\smss.exe 0xFFB80000 \Windows\System32\apisetschema.dll 0xFFD80000 \Windows\System32\autochk.exe Processes (total 70): 0 System Idle Process 4 System 292 C:\Windows\System32\smss.exe 420 csrss.exe 484 C:\Windows\System32\wininit.exe 520 csrss.exe 548 C:\Windows\System32\services.exe 572 C:\Windows\System32\lsass.exe 588 C:\Windows\System32\winlogon.exe 596 C:\Windows\System32\lsm.exe 720 C:\Windows\System32\svchost.exe 800 C:\Windows\System32\svchost.exe 892 C:\Windows\System32\atiesrxx.exe 928 C:\Windows\System32\svchost.exe 964 C:\Windows\System32\svchost.exe 1004 C:\Windows\System32\svchost.exe 536 C:\Windows\System32\svchost.exe 1088 C:\Windows\System32\atieclxx.exe 1156 C:\Windows\System32\svchost.exe 1400 C:\Windows\System32\spoolsv.exe 1428 C:\Windows\System32\svchost.exe 1688 C:\Windows\System32\svchost.exe 1720 C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe 1844 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 1872 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 1904 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 1924 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 1944 C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccsvchst.exe 1976 C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe 348 C:\Program Files (x86)\PDF Complete\pdfsvc.exe 1292 C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe 2252 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 2320 C:\Windows\System32\svchost.exe 2388 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 2452 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 2592 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 2688 C:\Windows\System32\dwm.exe 2312 C:\Windows\System32\taskhost.exe 1236 C:\Windows\explorer.exe 2780 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE 2816 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe 3216 WUDFHost.exe 3292 C:\Windows\System32\svchost.exe 3364 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe 3584 C:\Program Files\Microsoft IntelliPoint\ipoint.exe 3752 C:\Program Files\Windows Sidebar\sidebar.exe 3812 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe 4016 C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe 3644 C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe 3704 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe 4040 C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe 3460 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 2716 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe 3436 C:\Windows\System32\SearchIndexer.exe 3528 C:\Program Files\Windows Media Player\wmpnetwk.exe 812 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 1808 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 3580 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 4456 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe 4712 C:\Program Files (x86)\MOZILLA Firefox\plugin-container.exe 3016 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe 4568 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe 2304 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe 324 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe 1252 C:\Windows\System32\SearchProtocolHost.exe 3020 C:\Windows\System32\SearchFilterHost.exe 3332 C:\Windows\System32\audiodg.exe 1584 C:\Users\Scott\Desktop\MBRCheck.exe 3212 C:\Windows\System32\conhost.exe 4676 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000015a`87700000 (NTFS) \\.\Q: --> error 5 PhysicalDrive0 Model Number: WDCWD15EARS-60MVWB0, Rev: 51.0AB51 Size Device Name MBR Status -------------------------------------------- 1397 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: F37A9776F0E98E38BD78E91425829D97888CEEF C Done!Rooter.exe (v1.0.2) by Eric_71 . The token does not have the SeDebugPrivilege privilege ! (error:1300) Can not acquire SeDebugPrivilege ! Please run the tool as administrator .. . Windows 7 Home Edition (6.1.7601) Service Pack 1 [32_bits] - AMD64 Family 16 Model 10 Stepping 0, AuthenticAMD . Error OpenService (wscsvc) : 6 Error OpenSCManager : 5 Error OpenService (MpsSvc) : 6 Windows Defender -> Enabled User Account Control (UAC) -> Enabled . Internet Explorer 8.0.7601.17514 Mozilla Firefox 15.0 (en-US) . C:\ [Fixed-NTFS] .. ( Total:1386 Go - Free:704 Go ) D:\ [Fixed-NTFS] .. ( Total:11 Go - Free:1 Go ) E:\ [CD_Rom] F:\ [Removable] G:\ [Removable] H:\ [Removable] I:\ [Removable] Q:\ [Fixed-NTFS] .. ( Total:0 Go - Free:0 Go ) . Scan : 22:09.28 Path : C:\Users\Scott\Desktop\Rooter.exe User : Scott ( Administrator -> YES ) . ----------------------\\ Processes . Locked [System Process] (0) Locked System (4) Locked smss.exe (292) Locked csrss.exe (420) Locked wininit.exe (484) Locked csrss.exe (520) Locked services.exe (548) Locked lsass.exe (572) Locked winlogon.exe (588) Locked lsm.exe (596) Locked svchost.exe (720) Locked svchost.exe (800) Locked atiesrxx.exe (892) Locked svchost.exe (928) Locked svchost.exe (964) Locked svchost.exe (1004) Locked svchost.exe (536) Locked atieclxx.exe (1088) Locked svchost.exe (1156) Locked spoolsv.exe (1400) Locked svchost.exe (1428) Locked svchost.exe (1688) Locked HPClientServices.exe (1720) Locked HPDrvMntSvc.exe (1844) Locked LSSrvc.exe (1872) Locked mbamscheduler.exe (1904) Locked mbamservice.exe (1924) Locked ccsvchst.exe (1944) Locked NOBuAgent.exe (1976) Locked pdfsvc.exe (348) Locked RNowSvc.exe (1292) Locked sftvsa.exe (2252) Locked svchost.exe (2320) Locked WLIDSVC.EXE (2388) Locked sftlist.exe (2452) Locked WLIDSVCM.EXE (2592) ______ ? (2688) ______ ? (2312) ______ ? (1236) Locked CVHSVC.EXE (2780) ______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (2816) Locked WUDFHost.exe (3216) Locked svchost.exe (3292) ______ C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (3364) ______ ? (3584) ______ ? (3752) ______ C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (3812) ______ C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (4016) ______ C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (3644) ______ ? (3704) ______ C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (4040) ______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3460) ______ C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (2716) Locked SearchIndexer.exe (3436) Locked wmpnetwk.exe (3528) ______ ? (812) ______ ? (1808) Locked OSPPSVC.EXE (3580) Locked HPSA_Service.exe (4456) ______ C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4712) ______ C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (3016) ______ C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4568) ______ C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (2304) ______ C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (324) Locked audiodg.exe (3332) Locked WmiPrvSE.exe (5056) Locked SearchProtocolHost.exe (2636) Locked SearchFilterHost.exe (1916) ______ C:\Users\Scott\Desktop\Rooter.exe (4656) . ----------------------\\ Device\Harddisk0\ . \Device\Harddisk0 [Sectors : 63 x 512 Bytes] . \Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:104857600) \Device\Harddisk0\Partition2 (Start_Offset:105906176 | Length:1488225042432) \Device\Harddisk0\Partition3 (Start_Offset:1488330948608 | Length:11969495040) . ----------------------\\ Scheduled Tasks . C:\Windows\Tasks\Adobe Flash Player Updater.job C:\Windows\Tasks\HPCeeScheduleForScott.job C:\Windows\Tasks\SA.DAT C:\Windows\Tasks\SCHEDLGU.TXT . ----------------------\\ Registry . . ----------------------\\ Files & Folders . ----------------------\\ Scan completed at 22:10.00 . C:\Rooter$\Rooter_1.txt - (21/09/2012 | 22:10.00) How's your computer running now? I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the FOLLOWING link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
•Click the button. •Accept any security warnings from your browser. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt [emailprotected] as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=ca2b0d6e1229be4f820757e723f09c1c # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-09-23 12:17:42 # local_time=2012-09-22 08:17:42 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=3589 16777213 100 65 0 16126428 0 0 # compatibility_mode=5893 16776574 100 82 0 99884562 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=451471 # found=1 # cleaned=1 # scan_time=18350 C:\Users\Scott\Downloads\cnet2_ashampoo_cover_studio_2_2_2_0_sm_exe.exea variant of Win32/InstallCore.D application (cleaned by deleting - quarantined)00000000000000000000000000000000C Ok. If there are no other issues, we can do some cleanup. To uninstall ComboFix
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
Click Start> Computer> right click the C DRIVE and choose Properties> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the Confirmation screen. This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive) ***************************************************** Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! |
|
| 82. |
Solve : Recent Rogue Attack + some Trojans Popping Up? |
|
Answer» Re-running ComboFix to remove infections:
PLEASE download Rooter and Save it to your desktop.
I ran the ComboFix. However, Rooter crashes everytime I press "scan". I have run it both regularly, as administrator, and deleted it and re-Dled it. The problem persists no matter what. I even SHUT down Windows Security Essentials to make sure that wasn't CONFLICTING with it. What do you think could be causing the crash? Here's the error info: Problem signature: Problem Event Name:APPCRASH Application Name:Rooter.exe Application Version:0.1.1.1 Application Timestamp:4a429fb9 Fault Module Name:ntdll.dll Fault Module Version:6.0.6001.18538 Fault Module Timestamp:4cb733e1 Exception Code:c0000005 Exception Offset:00060337 OS Version:6.0.6001.2.1.0.768.3 Locale ID:1033 Additional Information 1:fd00 Additional Information 2:ea6f5fe8924aaa756324d57f87834160 Additional Information 3:fd00 Additional Information 4:ea6f5fe8924aaa756324d57f87834160 Read our privacy statement: http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409Quote What do you think could be causing the crash?If I could answer that, Bill Gates would be my neighbour.lol How's your computer running now? I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For ALTERNATE browsers only: (Microsoft Internet Explorer users can skip these steps)
•Click the button. •Accept any security warnings from your browser. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan COMPLETES, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt You mean Bill Gates isn't your neighbour? As for my computer: My virus scanners do not seem to be picking anything up. I'll do this next scan in a moment now, too. I haven't had a BSOD yet, so it may have been some infections that could have been causing issues. I also haven't had my keyboard turn on/off repeatedly, either. I'll post the reply after it is done.The online virus scan found no threats and did not provide a log of results. Mind if I uninstall the non-functioning Rooter?That's cool. We can do some cleanup. To uninstall ComboFix
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
Click Start> Computer> right click the C Drive and choose Properties> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the Confirmation screen. This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive) ******************************************************* Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing!Thanks for all the helpful stuff there. So: All clear on the Western front regarding the Malware? Quote Thanks for all the helpful stuff there.I would say so, yes. You're welcome. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 83. |
Solve : TROJAN.RANSOM? |
|
Answer» Quote 1) I cannot unistal combofix. i did what you 've written and it is still there. with the command it starts scanning th pc again , not unistall.Download this program and run it Uninstall ComboFix .It will remove ComboFix for you To set a NEW Restore Point. Click Start button , click Control PANEL, click System and Maintenance, and then clicking System. In the left pane, click System PROTECTION. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode. Click the Start button , click Control Panel, click System and Maintenance, and then click System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK. This will give you a new, clean Restore Point. ************************************************************* Quote what am i KEEPING on my pc from all the programmes now?You can keep MBAM Adwcleaner and SAS, if you have room. Update them and run them on a regular basis. All the rest of those programs can go. Quote note: when i clicked the immunization in spyboot (avira blocked me the entrance in host files and spyboot gave a message that some files maybe blocked from my antivirus and because of that spyboot couldn't immunize the hosts file).That's ok. You can possibly change the settings in your AV to allow those files. Quote thanks again!!!you are number 1You're welcome. That's what my wife says but she holds up her second finger when she says it.lol. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 84. |
Solve : Application cannot be executed. The file...is infected.? |
|
Answer» Please run a free online scan with the ESET Online Scanner
Hi Download OTL to your Desktop. (If you ALREADY have it downloaded, then just follow the instructions below).
%systemroot%\system32\*.dll /lockedfiles %systemroot%\system32\*.exe /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.sys %systemroot%\system32\drivers\*.dll %systemroot%\system32\drivers\*.ini %systemroot%\system32\drivers\*.exe %SYSTEMDRIVE%\*.* %PROGRAMFILES%\*. %appdata%\*.* netsvcs msconfig safebootminimal safebootnetwork activex drivers32 /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys disk.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys mv61xx.sys usbstor.sys /md5stop CREATERESTOREPOINT HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
OTL logfile created on: 5/13/2010 5:44:35 PM - Run 2 OTL by OldTimer - Version 3.2.4.0 Folder = C:\Users\Kelly\Desktop\Virus Removal Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 958.00 Mb Total Physical Memory | 289.00 Mb Available Physical Memory | 30.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 45.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 138.98 Gb Total Space | 45.46 Gb Free Space | 32.71% Space Free | Partition Type: NTFS Drive D: | 10.07 Gb Total Space | 9.99 Gb Free Space | 99.21% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: FRANCESCA Current User Name: Kelly Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/05/02 22:40:01 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Kelly\Desktop\Virus Removal\OTL.exe PRC - [2009/10/23 13:31:44 | 000,401,920 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe PRC - [2009/10/23 13:31:44 | 000,326,144 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe PRC - [2009/08/22 02:32:54 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe PRC - [2009/07/02 19:02:45 | 000,296,208 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciServiceHost.exe PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009/04/11 02:27:58 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/03/28 14:54:23 | 001,529,856 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\ATT-SST\McciTrayApp.exe PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007/07/16 11:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe PRC - [2007/06/06 11:35:02 | 000,270,336 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe ========== Modules (SafeList) ========== MOD - [2010/05/02 22:40:01 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Kelly\Desktop\Virus Removal\OTL.exe MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2009/10/23 13:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent) SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/08/22 02:32:54 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe -- (Norton AntiVirus) SRV - [2009/07/02 19:02:45 | 000,296,208 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost) SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/07/16 11:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2007/01/09 17:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) ========== Driver Services (SafeList) ========== DRV - [2010/05/11 04:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100513.002\NAVEX15.SYS -- (NAVEX15) DRV - [2010/05/11 04:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100513.002\NAVENG.SYS -- (NAVENG) DRV - [2010/02/03 21:02:30 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\ccHPx86.sys -- (ccHP) DRV - [2009/10/28 18:37:22 | 000,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100505.001\IDSvix86.sys -- (IDSVix86) DRV - [2009/08/31 19:38:28 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2009/08/27 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2009/08/27 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009/08/22 02:32:55 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1008000.029\SYMEFA.SYS -- (SymEFA) DRV - [2009/08/22 02:32:55 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\SRTSP.SYS -- (SRTSP) DRV - [2009/08/22 02:32:55 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\BHDrvx86.sys -- (BHDrvx86) DRV - [2009/08/22 02:32:55 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\SYMTDI.SYS -- (SYMTDI) DRV - [2009/08/22 02:32:55 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\SYMFW.SYS -- (SYMFW) DRV - [2009/08/22 02:32:55 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\SYMNDISV.SYS -- (SYMNDISV) DRV - [2009/08/22 02:32:55 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2009/08/22 02:32:45 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM) DRV - [2009/04/11 00:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm) DRV - [2009/01/30 19:23:30 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2009/01/30 19:23:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2008/03/03 11:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2008/01/16 16:01:01 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt) DRV - [2007/10/13 00:50:00 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX) DRV - [2007/10/13 00:50:00 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV) DRV - [2007/09/19 21:05:00 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007/08/08 21:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007/08/01 08:42:32 | 000,164,864 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService) DRV - [2007/07/30 12:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007/07/30 11:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007/07/16 11:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2007/07/10 07:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007/07/07 01:58:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007/06/20 04:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2007/06/20 04:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2007/06/20 04:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2007/03/06 09:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007/02/16 04:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006/11/30 13:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2006/11/22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2006/11/22 11:01:48 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb) DRV - [2006/11/22 11:01:46 | 000,327,168 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp) DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 03:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL) DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006/10/18 22:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm) DRV - [2006/06/28 12:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) DRV - [2003/04/02 19:54:16 | 000,020,648 | ---- | M] (Thomson Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netrcacm.sys -- (netrcacm) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ========== FireFox ========== FF - prefs.js..browser.search.suggest.enable d: false FF - prefs.js..browser.startup.homepage: "http://www.msnbc.msn.com/" FF - prefs.js..extensions.enabledItems: [emailprotected]:1.0.0.07075003 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/09 18:54:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/09 18:55:08 | 000,000,000 | ---D | M] [2008/08/26 12:29:12 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Mozilla\Extensions [2010/05/12 22:05:38 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\awill9li.default\extensions [2009/07/06 10:14:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\awill9li.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008/04/30 22:54:04 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\awill9li.default\extensions\[emailprotected] [2010/05/06 19:47:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2008/08/26 12:29:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[emailprotected] [2007/06/21 18:38:54 | 000,079,432 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll [2007/06/21 18:38:56 | 000,071,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll [2007/06/21 18:39:18 | 000,034,376 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\logging.dll [2007/06/21 18:39:34 | 000,325,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll [2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll [2007/06/21 18:40:02 | 000,030,280 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll O1 HOSTS File: ([2010/05/01 15:27:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Motive Communications, Inc.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: att.com ([ufix] https in Trusted sites) O16 - DPF: {1123EDDF-7B5D-0451-C641-6BBA21AC5BEB} http://performanceoptimizer.com/files/PerformanceOptimizerPre_Installer.cab (Reg Error: Key error.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM WINLOGON: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest Flowers.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest Flowers.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/07/25 08:42:24 | 000,000,074 | -HS- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2008/06/03 13:15:27 | 000,000,000 | ---D | M] NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: SymEFA.sys - C:\Windows\system32\drivers\NAV\1008000.029\SYMEFA.SYS (Symantec Corporation) SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: SymEFA.sys - C:\Windows\system32\drivers\NAV\1008000.029\SYMEFA.SYS (Symantec Corporation) SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address BOOK 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - File not found Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation) Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010/05/06 22:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010/05/06 19:40:04 | 000,000,000 | ---D | C] -- C:\_OTL [2010/05/02 23:41:02 | 000,000,000 | ---D | C] -- C:\Users\Kelly\Desktop\Virus Removal [2010/05/02 18:49:38 | 000,000,000 | ---D | C] -- C:\Users\Kelly\AppData\Roaming\Malwarebytes [2010/05/02 18:49:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/05/02 18:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/05/02 18:49:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/05/02 18:49:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/05/01 15:39:15 | 000,000,000 | ---D | C] -- C:\Users\Kelly\AppData\Local\temp [2010/05/01 15:28:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010/05/01 14:59:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010/05/01 14:59:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010/05/01 14:59:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010/05/01 14:59:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/05/01 14:58:37 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/05/01 14:58:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010/04/14 00:02:00 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010/04/14 00:01:47 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010/04/14 00:01:47 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010/04/14 00:01:20 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm [2010/04/14 00:01:20 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm ========== Files - Modified Within 30 Days ========== [2010/05/13 17:50:00 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{493F427F-30ED-496C-A6F2-D548E8738FE3}.job [2010/05/13 17:44:43 | 003,670,016 | -HS- | M] () -- C:\Users\Kelly\NTUSER.DAT [2010/05/13 17:18:15 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/05/13 17:18:14 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/05/13 17:18:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/05/12 22:16:47 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKelly.job [2010/05/06 22:27:00 | 002,672,312 | ---- | M] () -- C:\Users\Kelly\Desktop\esetsmartinstaller_enu.exe [2010/05/06 20:16:07 | 000,000,237 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2010/05/06 20:15:16 | 000,066,387 | ---- | M] () -- C:\Users\Kelly\AppData\Roaming\nvModes.001 [2010/05/06 20:10:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/05/06 20:10:37 | 1005,473,792 | -HS- | M] () -- C:\hiberfil.sys [2010/05/06 20:10:34 | 207,059,850 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010/05/06 19:42:34 | 000,524,288 | -HS- | M] () -- C:\Users\Kelly\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010/05/06 19:42:34 | 000,065,536 | -HS- | M] () -- C:\Users\Kelly\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010/05/02 23:42:22 | 002,442,553 | -H-- | M] () -- C:\Users\Kelly\AppData\Local\IconCache.db [2010/05/01 15:33:03 | 000,357,908 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/05/01 15:33:03 | 000,325,536 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/05/01 15:33:03 | 000,041,674 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/05/01 15:28:04 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010/05/01 15:27:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010/04/29 20:06:54 | 000,453,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/04/27 21:16:18 | 000,053,148 | ---- | M] () -- C:\Users\Kelly\Desktop\Zonie and Barbie.php [2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe [2010/04/25 12:27:18 | 000,000,336 | ---- | M] () -- C:\Users\Kelly\AppData\Roaming\wklnhst.dat ========== Files Created - No Company Name ========== [2010/05/06 22:26:37 | 002,672,312 | ---- | C] () -- C:\Users\Kelly\Desktop\esetsmartinstaller_enu.exe [2010/05/06 19:52:02 | 000,000,237 | ---- | C] () -- C:\Users\Public\Documents\hpqp.ini [2010/05/01 14:59:59 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010/05/01 14:59:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010/05/01 14:59:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010/05/01 14:59:59 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010/05/01 14:59:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010/04/27 21:15:40 | 000,053,148 | ---- | C] () -- C:\Users\Kelly\Desktop\Zonie and Barbie.php [2009/08/07 19:47:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2008/12/20 15:26:24 | 000,033,280 | ---- | C] () -- C:\Windows\System32\Sp32w.dll [2008/12/20 15:26:19 | 000,162,304 | ---- | C] () -- C:\Windows\System32\DLWBC31.DLL [2008/12/20 15:19:39 | 000,001,025 | ---- | C] () -- C:\Windows\System32\texfsal.dll [2008/12/20 15:19:39 | 000,000,204 | ---- | C] () -- C:\Windows\System32\gb2m0jj.dll [2008/12/20 15:19:37 | 000,001,025 | ---- | C] () -- C:\Windows\System32\grcauth2.dll [2008/12/20 15:19:37 | 000,001,025 | ---- | C] () -- C:\Windows\System32\grcauth1.dll [2008/12/20 15:19:37 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll [2008/12/20 15:19:36 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll [2008/12/20 15:19:36 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll [2008/12/20 15:19:36 | 000,000,072 | ---- | C] () -- C:\Windows\System32\ssprs.dll [2008/12/20 15:19:32 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\z8ttb22.dll [2008/11/05 16:59:37 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI [2008/11/04 13:55:33 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI [2008/10/15 00:08:16 | 000,000,000 | ---- | C] () -- C:\Windows\game.INI [2008/08/22 17:33:11 | 000,000,094 | ---- | C] () -- C:\Windows\MusicRip.ini [2008/01/16 16:01:01 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys [2008/01/04 17:46:48 | 000,044,544 | ---- | C] () -- C:\Windows\System32\gif89.dll [2008/01/04 17:46:19 | 000,000,529 | ---- | C] () -- C:\Windows\SIERRA.INI [2007/10/04 13:34:43 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2007/10/03 22:24:22 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2007/10/03 22:18:59 | 000,000,025 | ---- | C] () -- C:\Windows\EPCX8400.ini [2007/07/16 11:58:10 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2007/02/27 16:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006/12/14 02:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006/12/14 02:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/05/04 11:36:14 | 000,245,760 | R--- | C] () -- C:\Windows\System32\setupsup.dll ========== Custom Scans ========== < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/03/08 07:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009/03/08 07:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.sys > [2006/11/02 03:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS [2009/04/11 02:32:46 | 000,245,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys [2006/11/02 03:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys [2008/01/16 16:01:01 | 000,000,383 | ---- | M] () -- C:\Windows\System32\haspdos.sys [2006/11/02 03:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS [2006/11/02 03:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS [2006/11/02 03:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS [2006/11/02 03:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS [2006/11/02 03:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS [2006/11/02 03:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS [2006/11/02 03:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS [2006/11/02 03:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS [2006/11/02 03:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS [2006/11/02 03:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS [2006/11/02 03:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS [2006/11/02 03:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS [2006/11/02 03:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS [2009/08/14 09:27:17 | 002,036,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys < %systemroot%\system32\drivers\*.dll > < %systemroot%\system32\drivers\*.ini > < %systemroot%\system32\drivers\*.exe > [2007/07/10 07:28:08 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe < %SYSTEMDRIVE%\*.* > [2008/08/22 17:34:09 | 000,000,020 | -HS- | M] () -- C:\ArcDeviceInfo [2007/07/25 08:42:24 | 000,000,074 | -HS- | M] () -- C:\autoexec.bat [2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2010/05/01 15:45:07 | 000,023,929 | ---- | M] () -- C:\ComboFix Log File 05012010.txt [2010/05/01 15:39:13 | 000,023,929 | ---- | M] () -- C:\ComboFix.txt [2006/09/18 17:43:37 | 000,000,010 | -HS- | M] () -- C:\config.sys [2010/05/06 20:10:37 | 1005,473,792 | -HS- | M] () -- C:\hiberfil.sys [2008/07/18 21:02:22 | 000,000,016 | -HS- | M] () -- C:\HPCD.sys [2008/01/04 17:46:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2008/12/06 17:16:45 | 000,000,806 | -H-- | M] () -- C:\IPH.PH [2007/11/18 22:06:28 | 000,053,364 | ---- | M] () -- C:\lma_log.html [2007/12/13 17:25:29 | 000,002,011 | ---- | M] () -- C:\log.html [2008/01/04 17:46:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2007/12/13 17:02:05 | 000,000,826 | ---- | M] () -- C:\net_save.dna [2010/05/06 20:10:34 | 1319,297,024 | -HS- | M] () -- C:\pagefile.sys [2008/07/18 21:02:21 | 000,000,020 | RHS- | M] () -- C:\RCBoot.sys [2008/02/15 00:01:50 | 000,000,086 | ---- | M] () -- C:\setup.log [2008/07/18 20:55:17 | 000,000,043 | ---- | M] () -- C:\Writer.ini < %PROGRAMFILES%\*. > [2008/12/08 14:21:55 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe [2008/12/06 17:05:38 | 000,000,000 | ---D | M] -- C:\Program Files\AIM6 [2009/06/04 08:54:03 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon [2009/01/07 23:14:09 | 000,000,000 | ---D | M] -- C:\Program Files\AOL Games [2007/07/25 07:24:06 | 000,000,000 | ---D | M] -- C:\Program Files\Apoint2K [2009/07/04 17:36:59 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update [2008/08/22 17:25:46 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft [2009/07/15 01:30:42 | 000,000,000 | ---D | M] -- C:\Program Files\ATT-SST [2009/07/04 17:40:17 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour [2007/12/27 18:05:34 | 000,000,000 | ---D | M] -- C:\Program Files\Chief Architect Inc [2008/06/05 16:04:12 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco Systems [2009/07/25 16:57:07 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix [2010/05/01 15:11:29 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files [2008/02/24 23:42:56 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT [2008/01/10 00:16:27 | 000,000,000 | ---D | M] -- C:\Program Files\directx [2008/02/04 01:02:52 | 000,000,000 | ---D | M] -- C:\Program Files\Disney [2008/03/11 14:56:52 | 000,000,000 | ---D | M] -- C:\Program Files\Dreamcatcher [2009/11/23 21:48:39 | 000,000,000 | ---D | M] -- C:\Program Files\EA GAMES [2008/02/22 14:03:58 | 000,000,000 | ---D | M] -- C:\Program Files\EndNote X1 [2007/10/03 22:43:21 | 000,000,000 | ---D | M] -- C:\Program Files\epson [2010/05/06 22:27:33 | 000,000,000 | ---D | M] -- C:\Program Files\ESET [2008/11/05 13:31:52 | 000,000,000 | ---D | M] -- C:\Program Files\Games A Go-Go [2007/12/13 17:31:08 | 000,000,000 | ---D | M] -- C:\Program Files\Google [2009/04/07 01:04:55 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard [2007/12/14 20:01:48 | 000,000,000 | ---D | M] -- C:\Program Files\Hobbyware [2008/10/08 21:13:23 | 000,000,000 | ---D | M] -- C:\Program Files\HP [2007/07/25 08:40:28 | 000,000,000 | ---D | M] -- C:\Program Files\HP Games [2007/07/25 08:48:22 | 000,000,000 | ---D | M] -- C:\Program Files\HPQ [2009/01/06 21:36:21 | 000,000,000 | ---D | M] -- C:\Program Files\Informax Installations [2008/08/22 17:27:10 | 000,000,000 | ---D | M] -- C:\Program Files\INITIO [2009/11/23 21:48:41 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information [2010/05/01 15:20:22 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer [2007/11/01 19:49:47 | 000,000,000 | ---D | M] -- C:\Program Files\Invitrogen [2009/09/12 14:08:32 | 000,000,000 | ---D | M] -- C:\Program Files\iPhone Configuration Utility [2010/03/21 18:13:23 | 000,000,000 | ---D | M] -- C:\Program Files\iPod [2010/03/21 18:14:46 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes [2009/04/07 01:26:18 | 000,000,000 | ---D | M] -- C:\Program Files\Java [2007/12/15 00:19:14 | 000,000,000 | ---D | M] -- C:\Program Files\LightScribeTemplateLabeler [2009/01/27 19:50:37 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire [2010/05/02 18:49:29 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/07/04 21:15:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft [2007/10/04 22:35:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2 [2008/01/02 23:19:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games [2007/11/11 01:20:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office [2009/07/04 21:43:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector [2010/01/22 04:45:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight [2009/07/04 21:08:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition [2009/07/04 21:13:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework [2007/11/11 01:20:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio [2007/11/11 01:09:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8 [2009/10/16 03:28:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works [2007/11/11 01:18:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET [2010/03/12 04:38:09 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker [2010/04/09 18:55:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox [2007/11/11 01:21:13 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild [2009/07/04 21:41:14 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache [2007/10/09 22:23:54 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0 [2007/07/25 08:41:49 | 000,000,000 | ---D | M] -- C:\Program Files\muvee Technologies [2009/11/26 21:40:41 | 000,000,000 | ---D | M] -- C:\Program Files\Nancy Drew [2008/10/23 23:51:59 | 000,000,000 | ---D | M] -- C:\Program Files\NancyDrew [2009/04/02 23:44:58 | 000,000,000 | ---D | M] -- C:\Program Files\Norton AntiVirus [2009/04/02 23:37:13 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller [2007/10/04 01:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services [2010/03/21 18:08:27 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime [2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies [2007/07/25 08:02:12 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio [2008/01/04 18:16:20 | 000,000,000 | ---D | M] -- C:\Program Files\Sierra On-Line [2008/12/20 15:26:11 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaPlot [2008/12/20 15:20:53 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaStat [2008/08/26 11:59:09 | 000,000,000 | ---D | M] -- C:\Program Files\Sun [2007/12/13 17:01:44 | 000,000,000 | ---D | M] -- C:\Program Files\Support.com [2009/08/31 19:38:28 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec [2008/11/17 22:31:19 | 000,000,000 | ---D | M] -- C:\Program Files\The Learning Company [2008/03/11 15:04:17 | 000,000,000 | ---D | M] -- C:\Program Files\TMOTM [2006/11/02 09:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information [2007/10/04 00:13:59 | 000,000,000 | ---D | M] -- C:\Program Files\Vector NTI 10 Distributive [2007/10/05 20:48:40 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint [2007/12/14 15:04:35 | 000,000,000 | ---D | M] -- C:\Program Files\Webshots [2009/10/18 15:25:10 | 000,000,000 | ---D | M] -- C:\Program Files\Westward [2010/01/11 19:40:24 | 000,000,000 | ---D | M] -- C:\Program Files\Westward II Heroes Of The Frontier [2010/02/09 19:35:13 | 000,000,000 | ---D | M] -- C:\Program Files\Westward III Gold Rush [2010/03/28 18:41:46 | 000,000,000 | ---D | M] -- C:\Program Files\Westward IV All Aboard [2009/09/07 01:53:52 | 000,000,000 | ---D | M] -- C:\Program Files\Wild West Quest 2 [2009/09/07 01:28:08 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar [2009/09/07 01:28:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration [2009/09/07 01:28:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender [2009/09/07 01:28:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal [2009/07/04 21:14:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live [2009/07/04 21:04:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive [2010/05/13 03:08:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail [2009/10/29 03:04:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player [2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT [2009/09/07 01:28:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery [2009/11/17 04:29:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices [2009/09/07 01:28:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar < %appdata%\*.* > [2010/05/06 20:15:16 | 000,066,387 | ---- | M] () -- C:\Users\Kelly\AppData\Roaming\nvModes.001 [2010/04/05 19:18:28 | 000,066,387 | ---- | M] () -- C:\Users\Kelly\AppData\Roaming\nvModes.dat [2010/04/25 12:27:18 | 000,000,336 | ---- | M] () -- C:\Users\Kelly\AppData\Roaming\wklnhst.dat < MD5 for: AGP440.SYS > [2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2007/07/25 08:50:38 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys [2007/07/25 08:50:38 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys [2007/07/25 08:50:38 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys [2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys [2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys [2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008/02/14 04:08:42 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008/02/14 04:08:42 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008/02/14 04:08:41 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll [2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: DISK.SYS > [2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys [2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys [2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys [2008/01/19 03:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys [2008/01/19 03:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys [2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys < MD5 for: IASTORV.SYS > [2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll [2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll [2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USBSTOR.SYS > [2007/10/04 21:42:37 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_8416e98e\USBSTOR.SYS [2007/10/04 21:42:37 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.16478_none_465c5f209ade1e53\USBSTOR.SYS [2007/10/04 21:42:37 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7DA1833F2B2500C755AB6C81C5ABFC88 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.20588_none_46db2bffb403da0e\USBSTOR.SYS [2008/01/19 01:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS [2008/01/19 01:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS [2009/04/11 00:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\drivers\USBSTOR.SYS [2009/04/11 00:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_72a6a3e5\USBSTOR.SYS [2009/04/11 00:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS [2006/11/02 04:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-05-13 21:39:34 ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A6CD15C3 < End of report > There wasn't an Extras file that was created that I can find. Your logs are clean. To manually create a new Restore Point
To remove all of the tools we used and the files and folders they created, please do the following: Please download OTC.exe by OldTimer:
== Please download TFC by OldTimer to your desktop
Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
|
|
| 85. |
Solve : Error messages as soon as PC starts; no programs will open? |
|
Answer» Quote My LAST question is about browsers. Some say that IE is the least SECURE browser and I should switch to Firefox or Google Chrome. What do you think?Some people say the FF is more secure but I've been hit using FF as WELL as IE so it all comes down to protection. You're welcome. I will LOCK this thread. If you need it re-opened, please send me a pm. |
|
| 86. |
Solve : Cannot Modify Entries in Start Menu->All Programs? |
|
Answer» Quote Windows cannot find CombomixOk. Just check in your C drive to be sure it's not there. To turn off Windows XP System Restore: NOTE: These instructions assume that you are USING the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK. 1. Click Start. 2. Right-click the My Computer icon, and then click Properties. 3. Click the System Restore tab. 4. Check "Turn off System Restore" or "Turn off System Restore on all drives" 5. Click Apply. 6. When turning off System Restore, the existing restore points will be deleted. Click YES to do this. 7. Click OK. 8. Restart the computer and follow the instructions in the next section to turn on System Restore. To turn on Windows XP System Restore: 1. Click Start. 2. Right-click My Computer, and then click Properties. 3. Click the System Restore tab. 4. UNCHECK "Turn off System Restore" or "Turn off System Restore on all drives." 5. Click Apply, and then click OK.Hi SuperDave, First of all, thanks for your time on my issue. I appreciate your help very much. I've decided to reinstall my Windows and have EVERYTHING up and running again. Quote I've decided to reinstall my Windows and have everything up and running again.It's your option, of course but your computer was cleaned. You're WELCOME. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 87. |
Solve : Generic12 Clicker Advertisement Service Backdoor Trojan? |
|
Answer» * Click START then RUN - Vista users press the Windows Key and the R keys for the Run box. First of all I want to say thank you to the developers of this site for being here, for being available, and for assistance you give to the public. Thanks and your welcome. Quote from: jsranchmn22 on May 07, 2010, 01:42:54 PM
That's a good thing. If there are no more malware issues we can finish up now. Use the Secunia Software Inspector to check for out of date software. * Click Start Scanner * Check the box next to Enable thorough system inspection. * Click Start * Allow the scan to finish and scroll down to see if any updates are needed. * Update anything listed. ---------- Go to Microsoft Windows Update and get all critical updates. ---------- If you are using or have installed IE6 you are using an outdated and soon to be unsupported version of Internet Explorer and I strongly SUGGEST you update to the latest version directly from Microsoft Internet Explorer 8: Home page. ---------- I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan. I also suggest keeping CCleaner Slim. It is an excellent and safe disk cleaner. Running CCleaner on a daily basis helps to protect your privacy and make your computer faster and more secure. I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain COOKIES from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. * Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Well I ran Secunia Software Inspector. It stated to update following programs: Itunes Adobe 9.XXX Adobe Flaplayer 10.X I am concerned because the initial virus messed with my HKEYS, AVG never returned to the tray and it appeared to have jumbled up paths to programs & they would not execute. I attempt to upgrade Adobe Reader. I get the following message: Error 1402 Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalCompnents\MSFS I google for a solution and settle on this: http://kb2.adobe.com/cps/329/329137.html I run regedit and I think the instructions say to put the HKEY line above here as follows: 1. In the Registry Editor dialog box, choose File > Export 2. Type a name for the file and choose the location. (Typed above HKEY here) 3. For Export Range, choose All. 4. Click Save. 5. Close Regedit. Received error: Error: Path does not exist Please verify the correct path exists I give up and just go to HKY_LOCAL_MACHINE and do this: 1.) Verify that the Administrators and SYSTEM is present and that Full Control is selected under the Allow column. 2.) In the Permissions dialog box, click Advanced. 3.) Select both "Allow inheritable permissions from parent to propagate to this object" and "Reset permissions on all child objects and enable propagation of inheritable permissions," (1) and then click Owner (2). Select the Administrators group (1) and "Replace owner on subcontainers and objects" (2). Note: Select the current administrator account if the Administrators group is unavaliable. I DID 4.) Click OK (3) in the Permissions dialog box. Windows will now reset the permissions for each child object to correspond with its parent. Click yes on any prompts. But I receive this error: Registry Editor could not set owner on the key currently selected or some subkeys. The next solution listed was this: * If the error reoccurs with the same key proceed to Solution 4. Which says check for viruses lol Must be be fun for you to a.) work with complications viruses create and more importantly b.) work with people who have no experience with viruses and even worse aren't technically inclined. I was thinking it would just be nice to restore to previrus since it appears to be cleaned up. I believe virus was downloaded 5/4. I appear to have 5/2 date as restore option. I await your response... Continue to use PC. Not considering it disabled. One more question. Just went into system restore and it stated it had been turned after. After the virus it was on and I had a 5/2/10 option to restore. Did one of the many programs I ran turn it off. I am certain I did not do it manually.. Probably no biggie but seems like I would like it on and customizedPlease post a new HijackThis log.Is this the virus my PC caught? http://www.bcs.org/server.php?show=conWebDoc.35478 or this: http://www.zdnet.com/blog/hardware/update-new-attack-bypasses-every-windows-security-product/8268Hijackthis/Sniper Log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:31:38 PM, on 5/11/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17023) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\Program Files\DDNI\DIBS\DDNIService.exe C:\QSTART.SYS\config\DVMExportService.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Documents and Settings\SUSAN TORK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Documents and Settings\SUSAN TORK\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\SUSAN TORK\Desktop\sniper.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://lenovo.live.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\SUSAN TORK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DDNIMSGService - Digital Delivery Networks, Inc. - C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe O23 - Service: DDNIService - Digital Delivery Networks, Inc. - C:\Program Files\DDNI\DIBS\DDNIService.exe O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\QSTART.SYS\config\DVMExportService.exe O23 - Service: Google Update Service (gupdate1ca1a13d4570dfa) (gupdate1ca1a13d4570dfa) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: System Repair Windows Update Monitor (System_Repair_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- End of file - 6980 bytes Download the AVG installer and run it only choose the option to uninstall it. Restart the computer. Then run it again and install it fresh.This is a portable netbook so I turn it on and off alot. Given AVG would not come on when I started my computer I did go ahead and uninstall it, downloaded again and reinstalled. I just didn't uninstall via AVG (Kind of wish I had thought of that) It is starting up with my PC now. As well I downloaded Comodo Firewall and installed. When I put the hijackthis into the self help tool it indicated I didn't have my firewall turned off. I did have Windows FW turned on. I am assuming it would just be better to have it supplemented as recommended by this site. Allswell! Thank you so much for all of your assistance!. I will go back to your last post and make sure I have looked at all your recommendations! YOU ROCK! Quote When I put the hijackthis into the self help tool it indicated I didn't have my firewall turned off. I did have Windows FW turned on. I am assuming it would just be better to have it supplemented as recommended by this site. The online HJT readers have trouble reading the status of firewalls many times so you just have to make sure you know it is running. |
|
| 88. |
Solve : virus trojan? |
|
Answer» Hi, My SON has just managed to acquire a virus trojan and it is doing everything that is bad to his pc, he cannot run any anti-virus as his MOUSE is inactive because of the virus, he has TRIED safe mode F8 but mouse still REFUSES to budge, any ideas please? Hi |
|
| 89. |
Solve : wuauclt.exe is infected... pls help? |
|
Answer» I get a bubble type pop up in the bottom right hand CORNER. "Windows Security Alert - Application cannot be executed. The file wuauclt.exe is infected. Do you want to activate your antivirus software now?" |
|
| 90. |
Solve : Could you check my logs please? |
|
Answer» Per Harry's request.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.I am still having problems but I used the malwarebytes program and scanned my pc. The log is in my above post. So are you saying I need to run a scan again?Go ahead with a new scan. |
|
| 91. |
Solve : Application cannot be executed? |
|
Answer» Seems like most people are having the same problem. Please advise. Thanks. Provide more information, thanks.Sorry for the delay, we are busy here on the boards. If you are still having issues, please do the FOLLOWING:
If MBAM encounters a file that is DIFFICULT to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4086 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/10/2010 12:08:54 PM mbam-log-2010-05-10 (12-08-54).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 238688 Time elapsed: 1 hour(s), 12 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 11 Registry Values Infected: 2 Registry Data Items Infected: 2 Folders Infected: 4 Files Infected: 37 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Program Files\Mozilla Firefox\extensions\{70c5e1a1-98ea-81af-6392-2961d9559a08}\components\fe_Z-00B63.dll (Adware.BHO) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{eca3e63b-2d45-2cad-efb1-65fd6c346935} (Adware.LoudMo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\search TOOLBAR (Adware.Zugo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\flv direct player (Adware.FLVPlayer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a-qlgf_qnkxkni (Adware.LoudMo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8c508522-2c39-bc0a-1c9b-9e5fb0277a1f} (Adware.AdRotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8c508522-2c39-bc0a-1c9b-9e5fb0277a1f} (Adware.AdRotator) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sctdtvvw (Rogue.AntiSpywareSoft) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sctdtvvw (Rogue.AntiSpywareSoft) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://bing.zugo.com/?cfg=2-76-0-UEOP) Good: (http://www.google.com) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.231,93.188.161.72 -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\FLV Direct Player (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\Skin (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\Skin\DirectFLV (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\FLV Direct Player (Adware.FLVPlayer) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\Mozilla Firefox\extensions\{70c5e1a1-98ea-81af-6392-2961d9559a08}\components\fe_Z-00B63.dll (Adware.BHO) -> Delete on reboot. C:\Documents and Settings\DJ\Local Settings\Application Data\epcxflmqw\mgstwgptssd.exe (Rogue.AntiSpywareSoft) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\SearchToolbarUninstall.exe (Adware.Zugo) -> Quarantined and deleted successfully. C:\Documents and Settings\DJ\Desktop\DC stuff\Magic DVD Ripper\Magic DVD Ripper v3.3 Setup.exe (Adware.UCMore) -> Quarantined and deleted successfully. C:\Documents and Settings\DJ\Local Settings\temp\Component Update 126 (Adware.LoudMo) -> Quarantined and deleted successfully. C:\Documents and Settings\DJ\Local Settings\temp\Component Update 157 (Adware.LoudMo) -> Quarantined and deleted successfully. C:\Documents and Settings\DJ\Local Settings\temp\Component Update 407 (Adware.LoudMo) -> Quarantined and deleted successfully. C:\Documents and Settings\DJ\Local Settings\temp\Component Update 563 (Adware.LoudMo) -> Quarantined and deleted successfully. C:\Documents and Settings\DJ\Local Settings\temp\mPDa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\DJ\Local Settings\temp\Qjut.exe (Rogue.AntiSpywareSoft) -> Quarantined and deleted successfully. C:\Documents and Settings\DJ\Local Settings\temp\Ybxl.exe (Rogue.AntiSpywareSoft) -> Quarantined and deleted successfully. C:\Documents and Settings\DJ\Local Settings\Temporary Internet Files\Content.IE5\5D234UN5\n002102318801r0409J0d000601R4631da79W1656a78dXc4654120Y8f86b05bZ03003f360[1] (Rogue.AntiSpywareSoft) -> Quarantined and deleted successfully. C:\Documents and Settings\DJ\Local Settings\Temporary Internet Files\Content.IE5\5D234UN5\n002102801r0409J0d000601R4631da79Xc465412fY8f86b05bZ03003f3630dP000501080[1] (Rogue.AntiSpywareSoft) -> Quarantined and deleted successfully. C:\Documents and Settings\DJ\Local Settings\Temporary Internet Files\Content.IE5\5D234UN5\eHad747fe4V03007f35002Rb49ca91b102Te60e1844Q0000004c901801F0016000aJ0d000601l0409K428a9f513180[1] (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\DJ\My Documents\Downloads\FLVDirect.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Search Toolbar\SearchToolbarUninstall.exe (Adware.Zugo) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\uninstall.exe (Adware.FLVPlayer) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C1FDE112-7F2E-44A7-87E2-2E0265CC1B0B}\RP116\A0030301.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C1FDE112-7F2E-44A7-87E2-2E0265CC1B0B}\RP116\A0030427.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C1FDE112-7F2E-44A7-87E2-2E0265CC1B0B}\RP176\A0045562.dll (Adware.BHO) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C1FDE112-7F2E-44A7-87E2-2E0265CC1B0B}\RP176\A0045582.dll (Adware.BHO) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C1FDE112-7F2E-44A7-87E2-2E0265CC1B0B}\RP177\A0045625.exe (Adware.Zugo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\A-QlgF_qNkXKni.exe (Adware.LoudMo) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\downloading.swf (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\FLVPlayer.exe (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\player.swf (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\preload.swf (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\Skin\DirectFLV\Button.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\Skin\DirectFLV\Logo.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\Skin\DirectFLV\skin.xml (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\Skin\DirectFLV\SysCloseButton.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\Skin\DirectFLV\SysMaxButton.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\Skin\DirectFLV\SysMinButton.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\Skin\DirectFLV\Window.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\FLV Direct Player\FLV Direct Player.lnk (Adware.FLVPlayer) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\FLV Direct Player\Uninstall FLV Direct Player.lnk (Adware.FLVPlayer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\--_7_sR0LH_AiE.dll (Adware.AdRotator) -> Quarantined and deleted successfully. Please visit this webpage for a tutorial on downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix See the area: Using ComboFix, and when done, post the log back here. |
|
| 92. |
Solve : online protecton tool? |
|
Answer» i keep getting this pop-up whenever i open IE saying something like my computer is not safe please DOWNLOAD Online Protection tool which I have not. I keep closing the ad. How do I get rid of this annoying pop up....i loooked in my registery and in task manager and its not there..yet the pop up continues..where is it?Sorry for the delay, we are busy here on the boards. If you are still having issues, please do the following:
If MBAM ENCOUNTERS a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. |
|
| 93. |
Solve : Application cannot be executed. The file **** is infected.? |
|
Answer» Hi there -
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. |
|
| 94. |
Solve : Application cannot be executed.....Please help!? |
|
Answer» Hello everyone,
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. |
|
| 95. |
Solve : Disc space stolen by ...? |
|
Answer» Oho. Now I got a row of problems with system which completely unclear. So after reboot computer show Found new hardware wizard! Devise Manager showing yellow question sign as Unknown devise! Through internet finding is unsuccessful. How can I restore or replace lost devise?Please check your Device Manager to see if there are any yellow warning icons. Right-click My Computer, Hardware and click Device Manager. Do you see any yellow warnings? Quote Thirdly computer used space: 9.50, free space: 8.07, capacity: 17.05 of C:/This doesn't add up. You said in your first post that your HDD was 40Gb. What Windows are your running; XP, Vista or Windows 7?yes I'm seeing yellow question in Device Manager ( Unknown device ). If you don't wanna to see what I am writing you exactly data of my C:/ drive ( as D:/ drive is full ) where space is risen, how must I read your recommendations? Quote from: marsky on August 29, 2012, 10:09:54 AM yes I'm seeing yellow question in Device Manager ( Unknown device ). If you don't wanna to see what I am writing you exactly data of my C:/ drive ( as D:/ drive is full ) where space is risen, how must I read your recommendations? I have XP.I need you to post some screenshots of your computer. First, the harddrive. Click "My Computer, right-click the C drive and take a screen shot of that screen. The instructions are below on how to do this. Next, the Device Manager. Right-click My Computer, Hardware and click Device Manager. How to post screenshots or images Screenshot of disc http://imageshack.us/photo/my-images/59/discad.jpg When I did System Restore of Windows yellow question disappeared from Device Manager. Accordingly screenshot of my computer Device Manager haven't sense but I did screenshot of website where reflected exact location of yellow question in Device Manager http://imageshack.us/photo/my-images/16/devicemanagert.jpg Please you after as infections mostly deleted from machine observe risen disc space and DISBALANCED Windows essentially. ( many programs which were deleted now are giving errors because of System Restore. Let me say I think RogueKiller work completely unsatisfied because of it completely upset Start and Menu settings ) How possibly to tune up this problems?You can go to the same place where you found the information about the free space and click on Disk Cleanup. This will free up more space. Quote Please you after as infections mostly deleted from machine observe risen disc space and disbalanced Windows essentially. ( many programs which were deleted now are giving errors because of System Restore. Let me say I think RogueKiller work completely unsatisfied because of it completely upset Start and Menu settings ) How possibly to tune up this problems?I don't understand what you're try to tell me but I'm sure that your computer is clean.Ok bad files we moreless deleted. But most need to know me what does occupy space of disk? How possibly to reduce those unknown download expansions?Please download: HiJackThis to your Desktop.
µTorrent Adobe Flash Player 11 ActiveX Adobe Reader 9.3.4 Auslogics Registry Cleaner Auslogics Registry Defrag AVG 2012 AVG 2012 AVG 2012 CCleaner C-Major Audio Compatibility Pack for the 2007 Office system Conexant D480 MDC V.92 Modem Dell Wireless WLAN Card ESET Online Scanner v3 Google Earth Plug-in Google Update Helper HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Intel(R) Extreme Graphics 2 Driver Java(TM) 7 Update 5 JavaFX 2.1.1 K-Lite Codec Pack 2.48 Full Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 CLIENT Profile Microsoft .NET Framework 4 Client Profile Microsoft ActiveSync Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Security Client Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mobile Office Opera 11.62 PartyPoker Plus500 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB941569) SUPERAntiSpyware System Checkup 3.3 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) VLC media player 2.0.3 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows Media Player Firefox Plugin WinRAR archiver XML Paper Specification Shared Components Language Pack 1.0 YTD Video Downloader 3.9 You can uninstall these to give you more space on your HDD. µTorrent Auslogics Registry Cleaner Auslogics Registry Defrag ESET Online Scanner v3 HijackThis 2.0.2 OK. Thank you for time. Your last tip have a middle level of URGENCY. Can you sake for successful cooperation leave some tip whether have had an option correctly to reduce Windows Updates? Thank you one more.Quote Can you sake for successful cooperation leave some tip whether have had an option correctly to reduce Windows Updates?I'm sorry but I don't understand what you want to do. |
|
| 96. |
Solve : Rootkit.Win32.TDSS.d on Vista? |
|
Answer» Quote Please consider updating to Windows Vista Service Pack 2 (SP2). I would love to, unfortunately I am unable to do so. That leads me to my next question. When I try to INSTALL Vista SP2 it says "Service Pack installation cannot continue One or more system components that the service pack requires are missing. " According to Microsoft knowledge base: Quote This problem occurs because system components that are required to install Windows Vista SP2 are not PRESENT on your computer. Quote To resolve this problem, use genuine Microsoft software media to reinstall Windows Vista with Service Pack 1 and then install Windows Vista SP2. This is strange because I was able to install SP1 when it came out no problem, but now it gives me this error message. I would really like to avoid reinstalling vista especially after all the work we went through cleaning up my infection. Please let me know if you know any ways around this problem although its not directly related to removing malware. Thanks Not really any ways around it, since you used Windows Vista Extreme Edition as customization. It probably modified uxtheme.dll, and several other important DLLs. Your customization might be messed up, but you can try the System FILE Checker. Command Prompt command: SFC /scannowSFC didn't work BUT... After a little searching on the web I came across: Code: [Select]all you have to do is is START regedit, navigate to this registry value below. HKEY_LOCAL_MACHINE\SOFTWARE\vLite Then delete the entire vLite key from the registry. When you do this it should allow for the service pack to continue to install. Simply deleting this registry key solved my problem of installing SP2 Thanks for all your help. |
|
| 97. |
Solve : In need of help and assistance? |
|
Answer» Hello,
Firstly thank you so much for taking your time I appreciate it so much. I manage to get the logs you asked me too except the second one, Win32kDiag Its last message is: Cannot access: C:/Windows/bthservsdp.dat Anyway this is the log for Profiles HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18 ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19 ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20 ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3336771028-1926161154-522339013-1000 ProfileImagePath REG_EXPAND_SZ C:\Users\Admin HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3336771028-1926161154-522339013-1002 ProfileImagePath REG_EXPAND_SZ C:\Users\Mellowship HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3336771028-1926161154-522339013-1002.bak ProfileImagePath REG_EXPAND_SZ C:\Users\TEMP ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService SystemRoot REG_SZ C:\Windows While this is the log for Cheetah Anti rogue Cheetah-Anti-Rogue v1.4.5 by DragonMaster Jay Microsoft Windows [Version 6.0.6001] Date: 06/05/2010 - Time: 23:57:07 - Arch.: x86 -- Malware removal tools check -- CCleaner And this the Trend Micro HijackThis 2.0.2 Malwarebytes' Anti-Malware SUPERAntiSpyware -- Known infection -- C:\Windows\system32\SysHook.dll (Sus.Trj-Keylogger) Extra message: Detection only. And this is the Win32kDiag Running from: C:\Users\Mellowship\Downloads\Win32kDiag.exe Log file at : C:\Users\Mellowship\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\Windows'... Cannot access: C:\Windows\bthservsdp.dat [1] 2010-05-06 09:22:22 12 C:\Windows\bthservsdp.dat () Thank you so so much for taking your time once more. I really appreciate it. Please download Malwarebytes Anti-Malware from Malwarebytes.org. Alternate link: BleepingComputer.com. (Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!) Double Click mbam-setup.exe to install the application. (Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)
Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 6.0.6001 Service Pack 1 (Safe Mode) Internet Explorer 7.0.6001.18000 6/5/2010 9:38:34 AM mbam-log-2010-05-06 (09-38-34).txt Scan type: Quick scan Objects scanned: 135864 Time elapsed: 4 minute(s), 24 second(s) Memory PROCESSES Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 11 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servises (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gasfkyxpuyeawf (Rootkit.TDSS) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qllhluvi (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\Common Files\TSUninstall (Rogue.TotalSecurity) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\Common Files\TSUninstall\Uninstall.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully. C:\Users\Mellowship\AppData\Local\eulubivka\gxlbyqitssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully. C:\Windows\System32\gasfkydvtwdfli.dat (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Windows\System32\gasfkyxvxqupnn.dat (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\TS\Computer Scan.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\TS\Help.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\TS\Registration.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\TS\Security Center.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\TS\Settings.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\TS\Total Security.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\TS\Update.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully. Thank you so much... By the way, I already have had all 3 logs with me. thanks again. Hi Download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
%systemroot%\system32\*.dll /lockedfiles %systemroot%\system32\*.exe /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.sys %systemroot%\system32\drivers\*.dll %systemroot%\system32\drivers\*.ini %systemroot%\system32\drivers\*.exe %SYSTEMDRIVE%\*.* %PROGRAMFILES%\*. %appdata%\*.* netsvcs msconfig safebootminimal safebootnetwork activex drivers32 /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys disk.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys mv61xx.sys usbstor.sys /md5stop CREATERESTOREPOINT HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
OTL Extras logfile created on: 7/5/2010 10:45:56 AM - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Mellowship\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy 3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free 6.00 Gb Paging File | 4.00 Gb Available in Paging File | 69.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142.80 Gb Total Space | 15.11 Gb Free Space | 10.58% Space Free | Partition Type: NTFS Drive D: | 138.74 Gb Total Space | 129.43 Gb Free Space | 93.29% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MELLOWSHIP-PC Current User Name: Mellowship Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AntiVirusDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallDisableNotify" = 0 "FirewallOverride" = 0 "FirstRunDisabled" = "UpdatesDisableNotify" = 0 "UacDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "FirstRunDisabled" = 0 "UacDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{3705E29C-FA99-468F-A690-AD06E5DBA4E1}" = lport=2869 | protocol=6 | dir=in | app=system | "{3E9D9ABE-53C6-406E-8B53-A78851DCAFB3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{4A2617C7-78A7-401B-96B6-BDE450FE555E}" = lport=6881 | protocol=6 | dir=in | name=bittorrent | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{098D931C-B010-460C-98DB-F122B4639E4A}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{0E910321-1DD2-417B-BF17-04B23637ADE7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{11E3EE87-21B8-4D60-B643-3BF7F0AA3EA0}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "{12F81BF9-81B9-48A4-97FA-6B13E5CC0CE9}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2009\fm.exe | "{151E1593-7856-4901-9436-9C60EBFC3DCE}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{42B86DB2-9880-47A2-82A0-053AD4FF41BE}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{4BE0085D-0ACE-484B-8E27-CD694098D752}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{4F5D04AD-BDF5-4CF6-B700-5E60EADBA647}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{5012EFD3-F21D-43E5-92E0-4A763BEF427D}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe | "{62293924-61BD-47F8-B414-25E198FB693D}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | "{67444F6C-2EE3-4EFB-AE18-E97989666DE4}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{78E9496D-D8B4-46AB-B3D9-835AE0714C84}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | "{8D147F87-423E-48A4-A0C9-AAF46E19364D}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | "{99E82FD8-10F7-4634-A3AE-92BEAC8FAB67}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe | "{9ACD9A55-286E-4EBB-9203-CDFA32281233}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{9DFF9CEA-3846-4233-94B4-C9084556447B}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe | "{A734E842-30A6-4ADE-B191-32C4FA41BD57}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{C1009AD8-A921-4175-B663-A6683F5CCEA4}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe | "{D3D1742C-0B28-4475-9105-96BB069F3E4C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{D55306D3-D18E-411D-A981-D179D6EDC46F}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2009\fm.exe | "{D6437021-D41D-4BC0-83E7-1F2BF31AD91C}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{E48853E8-065C-4BCA-80B1-2C91E0C537BB}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe | "{F4D0CAF8-064D-42A2-8FE0-B4B95CB41AFC}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{FA2087A6-31B1-41E1-A6B5-677769120DFA}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe | "TCP Query User{0C150C51-F374-4B62-ADF3-FA94E6AE57FD}C:\users\mellowship\desktop\pc games\left 4 dead 2\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\mellowship\desktop\pc games\left 4 dead 2\left 4 dead 2\left4dead2.exe | "TCP Query User{1778DCF2-BD9B-4E7D-986A-0013EE281BDC}C:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe | "TCP Query User{1F6C6D7C-6C30-4FB5-BAD5-B8A98D64934D}C:\users\mellowship\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\mellowship\program files\dna\btdna.exe | "TCP Query User{31FF7DD3-3C5B-4F3C-B219-10B6AF5AB825}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "TCP Query User{44FF1808-F549-4876-97BE-10D12D2D105F}C:\users\mellowship\desktop\suhaimi\etc\pc games\left 4 dead 2\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\mellowship\desktop\suhaimi\etc\pc games\left 4 dead 2\left 4 dead 2\left4dead2.exe | "TCP Query User{605E10C4-9151-4816-A1C3-5685739BDD63}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe | "TCP Query User{620F0A26-8083-4DE0-ABC7-FE01195ECF37}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "TCP Query User{8A377B14-7109-482A-BC54-2967ED396602}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe | "TCP Query User{AD60785F-E636-46F4-B4B4-7393CA8580CE}C:\users\mellowship\desktop\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\mellowship\desktop\call of duty 4 - modern warfare\iw3mp.exe | "TCP Query User{B5BABC85-27DB-4D7A-A9FF-7E6BCB8A7F85}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "TCP Query User{C626A417-F6E6-4428-B307-65EA2317CFDB}C:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe | "TCP Query User{CF17B621-69B2-47FF-8A26-D3C41BC88B9E}C:\users\mellowship\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\mellowship\program files\dna\btdna.exe | "UDP Query User{32324215-45E1-4891-B9D9-56E6E2BADB73}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "UDP Query User{3FD626C0-600F-4879-969F-AB816299E4E0}C:\users\mellowship\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\mellowship\program files\dna\btdna.exe | "UDP Query User{55E97850-E964-475A-A3DB-3B6F64F57CBF}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe | "UDP Query User{7FDCB0E8-F415-4422-BDA1-783958D691BF}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe | "UDP Query User{8D070ECF-9040-4EBF-9DE8-D674D14B6BB2}C:\users\mellowship\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\mellowship\program files\dna\btdna.exe | "UDP Query User{9C8502F2-F93C-459C-8177-82394F318727}C:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe | "UDP Query User{A1C75A8A-5B48-46D3-8B37-69F78778DBE7}C:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe | "UDP Query User{A288FC8C-AEA1-48B5-891C-72DFF582B5B8}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "UDP Query User{B5E7C7D3-5A35-4DFE-8E05-1E22613BEAA6}C:\users\mellowship\desktop\suhaimi\etc\pc games\left 4 dead 2\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\mellowship\desktop\suhaimi\etc\pc games\left 4 dead 2\left 4 dead 2\left4dead2.exe | "UDP Query User{C8ED10A7-F1F1-451C-BBA9-475E22383B4A}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "UDP Query User{E150D705-D409-4988-BDDB-37400E5CF160}C:\users\mellowship\desktop\pc games\left 4 dead 2\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\mellowship\desktop\pc games\left 4 dead 2\left 4 dead 2\left4dead2.exe | "UDP Query User{FAEBC535-93AC-4D97-B477-7A80D18FA1F9}C:\users\mellowship\desktop\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\mellowship\desktop\call of duty 4 - modern warfare\iw3mp.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3 "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6400 "{06B594A0-2D2B-4376-94E4-13A0BD4A88F8}" = Symantec Endpoint Protection "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{11964613-805F-432D-A12B-169554B793E7}" = Nokia Connectivity Cable Driver "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{15C768E2-AB61-4DE3-952F-6B237A834951}" = Adobe Setup "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{4DC49A9A-6DD0-40D2-A851-527764DA8379}" = Adobe Setup "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion "{60B28ECA-78BC-4D18-AB63-4A9A93BF881D}" = Adobe Creative Suite 3 Master Collection "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3 "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007 "{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{E1C33B03-3FE9-45BF-91E4-0266F38618C6}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) "{90120000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2007 "{90120000-0017-0409-0000-0000000FF1CE}_SharePointDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{9301B73E-9182-4972-80D9-AF53B96BEF2F}" = HeuCampus "{9428A68A-9B43-473D-9771-FDA1D15B4C0D}" = Acer Bio Protection "{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}" = Dealio Toolbar v4.0.1 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal EYE Webcam 3.0.7.2 "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1 "{ADC0CEFF-2F7F-4827-A0E7-7B6976EEF5F1}" = ATInstall "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3 "{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3 "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3 "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3 "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E16110F7-1C85-4675-99F4-7938F832C825}" = Adobe Fireworks CS3 "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler "{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "0C5EDC3653FED5B121F464339EAC12534D253B2 5" = Windows Driver Package - Nokia Modem (02/15/2007 3.1) "4077F884D1BB007055BDB83B621D87220A73F30 F" = Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) "4EFD6E835D0DD6220DB8126E6447DF7E798781B E" = Windows Driver Package - ENE (enecir) HIDClass (11/19/2008 2.7.0.2) "A116366AAFA3AC9BADFB63E62719FE8B05837EE C" = Windows Driver Package - AuthenTec, Inc. (ATSWPDRV) Biometric (10/30/2008 7.11.0.23) "ACDLabs in C__Program_Files_ACDFREE12_" = ACD/Labs Software in C:\Program Files\ACDFREE12\ "Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_915239ded2552e78978d0dbab7657a5" = Add or Remove Adobe Creative Suite 3 Master Collection "Adobe_bbef028176efa5abf0233d3e1747be8" = Adobe Fireworks CS3 "Ask Toolbar_is1" = Ask Toolbar "B726756F5B5A5AA9D798B399386FC6205A45F19 E" = Windows Driver Package - Nokia Modem (02/15/2007 3.1) "CCleaner" = CCleaner "CD8424B9400BFF7D34AA18F816C71322AC4BDAA 7" = Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1) "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "Counter-Strike 1.6" = Counter-Strike 1.6 "ENTERPRISE" = Microsoft Office Enterprise 2007 "Football Manager 2009" = Football Manager 2009 "Garena" = Garena 2010 "Google Chrome" = Google Chrome "GridVista" = Acer GridVista "Guitar Pro 5_is1" = Guitar Pro 5.2 "HijackThis" = HijackThis 2.0.2 "Hitman 2 Silent Assassin" = Hitman 2 Silent Assassin "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{9428A68A-9B43-473D-9771-FDA1D15B4C0D}" = Acer Bio Protection "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation) "LManager" = Launch Manager "Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "McAfee Security Scan" = McAfee Security Scan "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Essentials" = Microsoft Security Essentials "Mobile Partner" = Mobile Partner "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "Nokia PC Suite" = Nokia PC Suite "NVIDIA Drivers" = NVIDIA Drivers "RealPlayer 12.0" = RealPlayer "Samsung CLP-310 Series" = Samsung CLP-310 Series "SharePointDesigner" = Microsoft Office SharePoint Designer 2007 "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinAVIVideoConverter_is1" = WinAVIVideoConverter "Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3b "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "Youda Sushi Chef1.3.0.0" = Youda Sushi Chef ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent" = BitTorrent "BitTorrent DNA" = DNA ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 21/3/2010 5:27:06 AM | Computer Name = Mellowship-PC | Source = Application Error | ID = 1000 Description = Faulting application left4dead2.exe, version 0.0.0.0, time stamp 0x492b325a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000, process id 0x13bc, application start time 0x01cac8d8787d2900. Error - 21/3/2010 6:00:44 AM | Computer Name = Mellowship-PC | Source = Windows Search Service | ID = 3013 Description = Error - 21/3/2010 6:05:41 AM | Computer Name = Mellowship-PC | Source = Windows Search Service | ID = 3013 Description = Error - 22/3/2010 5:44:41 AM | Computer Name = Mellowship-PC | Source = WinMgmt | ID = 10 Description = Error - 22/3/2010 9:42:37 AM | Computer Name = Mellowship-PC | Source = VSS | ID = 8193 Description = Error - 22/3/2010 1:56:55 PM | Computer Name = Mellowship-PC | Source = VSS | ID = 8193 Description = Error - 22/3/2010 8:20:08 PM | Computer Name = Mellowship-PC | Source = WinMgmt | ID = 10 Description = Error - 23/3/2010 11:01:14 AM | Computer Name = Mellowship-PC | Source = WinMgmt | ID = 10 Description = Error - 24/3/2010 2:42:27 AM | Computer Name = Mellowship-PC | Source = WinMgmt | ID = 10 Description = Error - 24/3/2010 12:16:03 PM | Computer Name = Mellowship-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 5/5/2010 9:40:27 PM | Computer Name = Mellowship-PC | Source = DCOM | ID = 10005 Description = Error - 5/5/2010 9:40:37 PM | Computer Name = Mellowship-PC | Source = DCOM | ID = 10005 Description = Error - 5/5/2010 9:40:43 PM | Computer Name = Mellowship-PC | Source = DCOM | ID = 10005 Description = Error - 5/5/2010 9:40:48 PM | Computer Name = Mellowship-PC | Source = Service Control Manager | ID = 7001 Description = Error - 5/5/2010 9:40:48 PM | Computer Name = Mellowship-PC | Source = Service Control Manager | ID = 7026 Description = Error - 5/5/2010 9:42:00 PM | Computer Name = Mellowship-PC | Source = DCOM | ID = 10005 Description = Error - 5/5/2010 9:45:44 PM | Computer Name = Mellowship-PC | Source = ACPI | ID = 327693 Description = : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. Error - 5/5/2010 9:46:09 PM | Computer Name = Mellowship-PC | Source = HTTP | ID = 15016 Description = Error - 5/5/2010 9:47:29 PM | Computer Name = Mellowship-PC | Source = Service Control Manager | ID = 7000 Description = Error - 6/5/2010 8:20:09 AM | Computer Name = Mellowship-PC | Source = Microsoft Antimalware | ID = 1008 Description = %%861 has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.gen!U&threatid=2147627119 User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Alureon.gen!U ID: 2147627119 Severity: Severe Category: Trojan Path: Action: %%808 Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.81.1047.0, AS: 1.81.1047.0 Engine Version: 1.1.5703.0 < End of report > Im sorry but the OTL.Txt is too big. It exceeds the maximum allowed length of 50000 characters. What do I do now? Please post it in two or three separate replies.ooh Alright. OTL part 1 OTL logfile created on: 7/5/2010 10:45:56 AM - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Mellowship\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy 3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free 6.00 Gb Paging File | 4.00 Gb Available in Paging File | 69.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142.80 Gb Total Space | 15.11 Gb Free Space | 10.58% Space Free | Partition Type: NTFS Drive D: | 138.74 Gb Total Space | 129.43 Gb Free Space | 93.29% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MELLOWSHIP-PC Current User Name: Mellowship Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/05/07 10:44:55 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Mellowship\Downloads\OTL.exe PRC - [2010/05/06 09:48:31 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\MELLOW~1\AppData\Local\Temp\RtkBtMnt.exe PRC - [2010/04/27 17:27:04 | 002,020,592 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2010/04/06 03:40:21 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe PRC - [2009/10/07 11:25:42 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Mellowship\Program Files\DNA\btdna.exe PRC - [2009/07/29 15:52:10 | 001,024,512 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Dealio Toolbar\SearchSettings.exe PRC - [2009/07/28 08:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe PRC - [2009/06/25 12:10:00 | 000,525,640 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe PRC - [2009/02/01 23:37:00 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe PRC - [2009/02/01 22:25:44 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe PRC - [2009/02/01 22:25:42 | 001,799,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe PRC - [2009/01/21 03:20:00 | 006,711,840 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2009/01/12 17:17:36 | 003,611,648 | ---- | M] () -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe PRC - [2009/01/12 17:17:34 | 003,679,744 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe PRC - [2009/01/12 17:17:32 | 003,845,120 | ---- | M] () -- C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe PRC - [2009/01/12 17:17:26 | 003,519,488 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe PRC - [2008/12/18 16:47:22 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe PRC - [2008/12/18 16:46:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2008/11/25 18:24:48 | 000,875,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe PRC - [2008/10/29 14:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/10/18 06:54:38 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2008/10/09 13:49:20 | 000,167,936 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe PRC - [2008/10/09 13:49:12 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2008/10/04 20:09:02 | 000,069,632 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2008/10/02 03:43:56 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe PRC - [2008/09/12 14:46:38 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe PRC - [2008/08/02 01:51:42 | 000,405,504 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008/07/30 11:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2008/04/26 13:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe PRC - [2008/04/26 13:36:20 | 000,028,672 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe PRC - [2008/04/26 13:36:02 | 000,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe PRC - [2008/04/24 03:22:38 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008/03/17 09:26:37 | 000,524,288 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe PRC - [2008/03/04 05:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe PRC - [2007/12/07 08:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe PRC - [2007/06/18 15:10:32 | 000,271,360 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe PRC - [2007/06/15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe ========== Modules (SafeList) ========== MOD - [2010/05/07 10:44:55 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Mellowship\Downloads\OTL.exe MOD - [2008/01/21 10:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2008/01/21 10:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV - [2009/05/04 16:06:42 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/02/01 23:37:00 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2009/02/01 22:25:42 | 001,799,496 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService) SRV - [2009/02/01 21:43:02 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC) SRV - [2009/01/12 17:17:36 | 003,611,648 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC) SRV - [2008/12/18 16:46:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2008/12/18 16:46:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2008/12/10 15:46:58 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate) SRV - [2008/10/04 20:09:02 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008/10/02 03:43:56 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008/04/26 13:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc) SRV - [2008/04/26 13:36:02 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc) SRV - [2008/03/04 05:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc) SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/12/07 08:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2007/06/15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) ========== Driver Services (SafeList) ========== DRV - [2010/04/27 17:30:10 | 000,061,440 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2010/02/03 17:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100505.048\NAVEX15.SYS -- (NAVEX15) DRV - [2010/02/03 17:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100505.048\NAVENG.SYS -- (NAVENG) DRV - [2010/01/12 17:57:06 | 000,162,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WpsHelper.sys -- (WpsHelper) DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter) DRV - [2009/12/02 15:23:40 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2009/09/17 16:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2009/08/26 16:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009/06/22 19:38:24 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009/06/22 19:26:06 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009/03/11 18:09:28 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2009/02/01 22:29:02 | 000,091,976 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant) DRV - [2009/02/01 22:27:00 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS) DRV - [2009/01/20 14:10:00 | 002,317,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009/01/12 17:15:16 | 000,042,608 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\AlfaFF.sys -- (AlfaFF) DRV - [2009/01/02 01:25:00 | 007,542,720 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008/12/19 15:08:12 | 000,319,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2008/12/19 15:08:12 | 000,280,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2008/12/19 15:08:12 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2008/11/24 11:49:38 | 000,048,128 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E) DRV - [2008/11/19 17:33:50 | 000,057,856 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2008/11/18 18:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon) DRV - [2008/11/05 06:21:54 | 000,146,688 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) DRV - [2008/11/03 18:31:40 | 000,107,360 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008/10/14 11:24:18 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2) DRV - [2008/10/02 02:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008/09/24 16:09:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008/09/09 14:54:42 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2008/08/29 14:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008/08/21 11:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI) DRV - [2008/08/21 11:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV) DRV - [2008/05/27 03:54:28 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD) DRV - [2008/03/26 21:41:30 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2008/03/26 21:39:20 | 000,207,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2008/03/26 21:38:32 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2008/02/22 11:50:48 | 000,198,064 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2008/02/15 00:17:10 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio) DRV - [2008/01/30 17:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2008/01/30 17:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper) DRV - [2008/01/21 10:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008/01/21 10:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008/01/21 10:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008/01/21 10:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008/01/21 10:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008/01/21 10:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008/01/21 10:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008/01/21 10:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008/01/21 10:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008/01/21 10:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008/01/21 10:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008/01/21 10:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008/01/21 10:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008/01/21 10:23:23 | 000,115,816 | ---- | M] (PROMISE Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008/01/21 10:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008/01/21 10:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008/01/21 10:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008/01/21 10:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008/01/21 10:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL) DRV - [2008/01/21 10:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008/01/21 10:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008/01/21 10:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008/01/21 10:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008/01/21 10:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008/01/21 10:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008/01/21 10:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007/10/19 21:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007/08/13 10:48:45 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2007/08/13 10:48:43 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2007/07/16 23:20:26 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid) DRV - [2007/07/16 23:20:24 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt) DRV - [2007/02/22 11:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (nmwcd) DRV - [2007/02/22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (nmwcdcm) DRV - [2007/02/22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (nmwcdcj) DRV - [2007/02/22 11:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (nmwcdc) DRV - [2006/11/02 21:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr) DRV - [2006/11/02 21:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2006/11/02 17:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 17:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 17:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 17:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 17:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 17:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 17:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 17:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 17:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 17:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 17:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 16:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 16:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 16:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 16:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 16:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 16:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 15:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=4809&s=2&o=vp32&d=0209&m=aspire_4937 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=4809&s=2&o=vp32&d=0209&m=aspire_4937 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=4809&s=2&o=vp32&d=0209&m=aspire_4937 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com?pr=oovoo2_0 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginen ame: "Ask" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=966134" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://prognosticate-doubts.blogspot.com/" FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1 FF - prefs.js..extensions.enabledItems: [emailprotected]:1.5.2 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3 FF - prefs.js..extensions.enabledItems: {2458abc0-f443-11dd-87af-0800200c9a66}:3.6.3.1.03.04.10 FF - prefs.js..extensions.enabledItems: {d122ad80-ff45-11dd-87af-0800200c9a66}:3.6.29.01.10 FF - prefs.js..extensions.enabledItems: {5b35cb30-16b4-11de-8c30-0800200c9a66}:3.6.19.02.10 FF - prefs.js..keyword.URL: "http://sg.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p=" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/06 03:42:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/06 03:42:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/06 03:42:31 | 000,000,000 | ---D | M] [2009/04/24 22:34:52 | 000,000,000 | ---D | M] -- C:\Users\Mellowship\AppData\Roaming\mozilla\Extensions [2010/05/07 00:03:42 | 000,000,000 | ---D | M] -- C:\Users\Mellowship\AppData\Roaming\mozilla\Firefox\Profiles\lrd5cyq2.default\extensions [2009/07/17 12:41:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mellowship\AppData\Roaming\mozilla\Firefox\Profiles\lrd5cyq2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/04/09 08:31:09 | 000,000,000 | ---D | M] (Bloody Red) -- C:\Users\Mellowship\AppData\Roaming\mozilla\Firefox\Profiles\lrd5cyq2.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66} [2010/04/09 08:31:09 | 000,000,000 | ---D | M] (Orange Fox) -- C:\Users\Mellowship\AppData\Roaming\mozilla\Firefox\Profiles\lrd5cyq2.default\extensions\{5b35cb30-16b4-11de-8c30-0800200c9a66} [2010/01/31 14:01:28 | 000,000,000 | ---D | M] (Green Fox) -- C:\Users\Mellowship\AppData\Roaming\mozilla\Firefox\Profiles\lrd5cyq2.default\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66} [2010/04/09 08:31:12 | 000,000,000 | ---D | M] -- C:\Users\Mellowship\AppData\Roaming\mozilla\Firefox\Profiles\lrd5cyq2.default\extensions\[emailprotected] [2009/05/16 21:53:14 | 000,000,682 | ---- | M] () -- C:\Users\Mellowship\AppData\Roaming\Mozilla\FireFox\Profiles\lrd5cyq2.default\searchplugins\ask.xml [2009/10/28 22:54:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/10/28 22:54:51 | 000,000,000 | ---D | M] (Dealio Toolbar Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} [2009/10/28 22:54:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[emailprotected] [2008/09/04 08:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll [2010/03/14 16:51:30 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/03/14 16:51:31 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/03/14 16:51:31 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/03/14 16:51:31 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml OTL part 2 O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found. O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Mellowship\Program Files\DNA\btdna.exe (BitTorrent, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1241847509984&h=67cd85e4cf858fffa3adcc9f1028e3a4/&filename=jinstall-6u13-windows-i586-jc.cab (Java Plug-in 1.6.0_13) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper FLAGS Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 218.186.1.58 202.156.1.48 218.186.1.88 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Users\Mellowship\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Mellowship\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{081b01b0-3e98-11de-8167-00242ce81f88}\Shell - "" = AutoRun O33 - MountPoints2\{081b01b0-3e98-11de-8167-00242ce81f88}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{0b623bef-5b39-11de-8273-00235a5e1a04}\Shell - "" = AutoRun O33 - MountPoints2\{0b623bef-5b39-11de-8273-00235a5e1a04}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{0e1a502b-7a5a-11de-8b16-00235a5e1a04}\Shell\AutoRun\command - "" = F:\winlog.exe -- File not found O33 - MountPoints2\{0e1a502b-7a5a-11de-8b16-00235a5e1a04}\Shell\open\command - "" = F:\winlog.exe -- File not found O33 - MountPoints2\{0e1a503f-7a5a-11de-8b16-00235a5e1a04}\Shell\AutoRun\command - "" = F:\new2.exe -- File not found O33 - MountPoints2\{1f165066-a1c3-11de-83b9-00235a5e1a04}\Shell - "" = AutoRun O33 - MountPoints2\{1f165066-a1c3-11de-83b9-00235a5e1a04}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found O33 - MountPoints2\{1f16506d-a1c3-11de-83b9-00235a5e1a04}\Shell - "" = AutoRun O33 - MountPoints2\{1f16506d-a1c3-11de-83b9-00235a5e1a04}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found O33 - MountPoints2\{41fdc470-3eb2-11de-8c14-00235a5e1a04}\Shell\Auto\command - "" = backupuser.exe O33 - MountPoints2\{7071c687-63aa-11de-99e7-00235a5e1a04}\Shell\AutoRun\command - "" = F:\winlog.exe -- File not found O33 - MountPoints2\{7071c687-63aa-11de-99e7-00235a5e1a04}\Shell\open\command - "" = F:\winlog.exe -- File not found O33 - MountPoints2\{8d7ec3ea-44e5-11de-88f0-00235a5e1a04}\Shell\AutoRun\command - "" = winlog.exe O33 - MountPoints2\{8d7ec3ea-44e5-11de-88f0-00235a5e1a04}\Shell\open\command - "" = winlog.exe O33 - MountPoints2\{8d7ec3ef-44e5-11de-88f0-00235a5e1a04}\Shell - "" = AutoRun O33 - MountPoints2\{8d7ec3ef-44e5-11de-88f0-00235a5e1a04}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{b2f46548-eab3-11de-8e34-00235a5e1a04}\Shell - "" = AutoRun O33 - MountPoints2\{b2f46548-eab3-11de-8e34-00235a5e1a04}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{b2f46555-eab3-11de-8e34-00235a5e1a04}\Shell - "" = AutoRun O33 - MountPoints2\{b2f46555-eab3-11de-8e34-00235a5e1a04}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{bab7ea6a-3ec5-11de-94fe-00235a5e1a04}\Shell\AutoRun\command - "" = H:\winlog.exe -- File not found O33 - MountPoints2\{bab7ea6a-3ec5-11de-94fe-00235a5e1a04}\Shell\open\command - "" = H:\winlog.exe -- File not found O33 - MountPoints2\{bab7ea6f-3ec5-11de-94fe-00235a5e1a04}\Shell - "" = AutoRun O33 - MountPoints2\{bab7ea6f-3ec5-11de-94fe-00235a5e1a04}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{bd5976b0-758e-11de-a5b1-00235a5e1a04}\Shell - "" = AutoRun O33 - MountPoints2\{bd5976b0-758e-11de-a5b1-00235a5e1a04}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{c6ccc479-7bfd-11de-86aa-00235a5e1a04}\Shell\AutoRun\command - "" = F:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe -- File not found O33 - MountPoints2\{c6ccc479-7bfd-11de-86aa-00235a5e1a04}\Shell\open\command - "" = F:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe -- File not found O33 - MountPoints2\{de044a68-6d00-11de-b51a-00235a5e1a04}\Shell - "" = AutoRun O33 - MountPoints2\{de044a68-6d00-11de-b51a-00235a5e1a04}\Shell\AutoRun\command - "" = F:\launcher.exe -- File not found O33 - MountPoints2\{e55f2b4a-9d2a-11de-8f79-00235a5e1a04}\Shell\AutoRun\command - "" = .\EncryptionTool\MaxtorEncryption.exe O33 - MountPoints2\{e65c2c66-49c3-11de-abdf-00235a5e1a04}\Shell\AutoRun\command - "" = G:\winlog.exe -- File not found O33 - MountPoints2\{e65c2c66-49c3-11de-abdf-00235a5e1a04}\Shell\open\command - "" = G:\winlog.exe -- File not found O33 - MountPoints2\{e65c2c6b-49c3-11de-abdf-00235a5e1a04}\Shell - "" = AutoRun O33 - MountPoints2\{e65c2c6b-49c3-11de-abdf-00235a5e1a04}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{ea70b22b-57e9-11de-94bc-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ea70b22b-57e9-11de-94bc-806e6f6e6963}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{f382b406-49db-11de-a418-00235a5e1a04}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{f382b406-49db-11de-a418-00235a5e1a04}\Shell\open\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 10:34:27 | 000,000,000 | ---D | M] NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) SafeBootMin: Symantec Antvirus - Service SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SafeBootNet: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: SmcService - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation) SafeBootNet: Streams Drivers - Driver Group SafeBootNet: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) SafeBootNet: Symantec Antvirus - Service SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010/05/06 09:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010/05/06 09:50:19 | 000,000,000 | ---D | C] -- C:\Users\Mellowship\AppData\Roaming\SUPERAntiSpyware.com [2010/05/06 09:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2010/05/06 09:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010/05/06 06:26:12 | 000,000,000 | ---D | C] -- C:\Users\Mellowship\AppData\Roaming\Malwarebytes [2010/05/06 06:26:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/05/06 06:26:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/05/06 06:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/05/06 06:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/05/06 06:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation WIZARD [2010/05/06 06:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010/05/06 06:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials [2010/05/06 04:38:05 | 000,000,000 | ---D | C] -- C:\Users\Mellowship\AppData\Local\eulubivka [2010/04/14 13:17:56 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010/04/14 13:17:55 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010/04/14 13:17:22 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010/04/14 13:16:56 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2009/01/09 11:10:14 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/05/07 10:48:51 | 005,767,168 | -HS- | M] () -- C:\Users\Mellowship\NTUSER.DAT [2010/05/07 10:29:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/05/07 09:46:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/05/07 09:46:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/05/06 20:32:05 | 000,008,268 | ---- | M] () -- C:\Users\Mellowship\AppData\Local\d3d9caps.dat [2010/05/06 17:25:03 | 000,146,602 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010/05/06 14:29:03 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/05/06 09:50:38 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010/05/06 09:47:24 | 000,146,602 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010/05/06 09:46:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/05/06 09:45:59 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2010/05/06 09:45:56 | 3219,107,840 | -HS- | M] () -- C:\hiberfil.sys [2010/05/06 09:44:59 | 000,524,288 | -HS- | M] () -- C:\Users\Mellowship\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2010/05/06 09:44:59 | 000,065,536 | -HS- | M] () -- C:\Users\Mellowship\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010/05/06 09:43:41 | 000,000,958 | ---- | M] () -- C:\Users\Mellowship\Desktop\sniper.exe - Shortcut.lnk [2010/05/06 09:41:58 | 000,001,878 | ---- | M] () -- C:\Users\Mellowship\Desktop\HijackThis.lnk [2010/05/06 09:35:41 | 000,058,880 | ---- | M] () -- C:\Users\Mellowship\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/05/06 09:22:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010/05/06 06:26:08 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/05/06 06:17:59 | 000,001,674 | ---- | M] () -- C:\Users\Mellowship\Desktop\CCleaner.lnk [2010/05/06 06:10:12 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010/04/29 21:34:01 | 001,725,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/04/20 07:22:28 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/04/20 07:22:28 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/04/20 07:22:28 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/04/16 18:13:12 | 000,100,533 | ---- | M] () -- C:\Users\Mellowship\AppData\Roaming\NMM-MetaData.db [2010/04/14 18:32:24 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010/04/08 03:30:19 | 000,001,116 | ---- | M] () -- C:\Users\Mellowship\Desktop\Left 4 Dead 2 [blaze69].lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/05/06 09:50:38 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010/05/06 09:45:56 | 3219,107,840 | -HS- | C] () -- C:\hiberfil.sys [2010/05/06 09:43:41 | 000,000,958 | ---- | C] () -- C:\Users\Mellowship\Desktop\sniper.exe - Shortcut.lnk [2010/05/06 09:41:58 | 000,001,878 | ---- | C] () -- C:\Users\Mellowship\Desktop\HijackThis.lnk [2010/05/06 06:26:08 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/05/06 06:17:59 | 000,001,674 | ---- | C] () -- C:\Users\Mellowship\Desktop\CCleaner.lnk [2010/05/06 06:10:12 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010/04/14 18:32:24 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2009/05/16 21:39:34 | 000,000,127 | ---- | C] () -- C:\Windows\wininit.ini [2009/05/04 16:21:27 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2009/04/25 16:50:43 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll [2009/04/07 05:32:10 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl31cl3.dll [2009/02/25 16:39:18 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2009/02/25 16:39:18 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2009/01/12 17:15:12 | 000,097,792 | ---- | C] () -- C:\Windows\System32\INT15_64.dll [2009/01/12 17:15:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\INT15.dll [2009/01/12 17:14:22 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll [2009/01/09 13:35:37 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2009/01/09 13:35:37 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2009/01/09 11:08:29 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll [2006/11/02 20:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001/12/27 08:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001/11/15 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001/09/04 15:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001/07/31 08:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001/07/24 14:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dllOTL part 3 ========== Custom Scans ========== < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008/01/21 10:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2008/01/21 10:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2009/02/01 22:26:00 | 000,049,480 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\FwsVpn.dll [2008/01/21 10:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2008/01/21 10:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll [2009/02/01 22:26:42 | 000,107,848 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\SymVPN.dll [2009/02/01 22:26:42 | 000,357,704 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\sysfer.dll < %systemroot%\system32\*.exe /lockedfiles > [2010/02/18 22:49:31 | 003,598,216 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ntkrnlpa.exe < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > [2009/02/01 22:29:02 | 000,091,976 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\SysPlant.sys [2008/10/14 11:24:18 | 000,049,536 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\Teefer2.sys [2009/02/01 22:27:00 | 000,042,312 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\WPSDRVnt.sys [2010/01/12 17:57:06 | 000,162,048 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\WpsHelper.sys < %systemroot%\System32\config\*.sav > [2008/01/21 11:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008/01/21 11:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008/01/21 11:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 18:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 18:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.sys > [2006/11/02 15:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS [2008/01/21 10:23:54 | 000,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys [2006/11/02 15:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys [2006/11/02 15:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS [2006/11/02 15:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS [2006/11/02 15:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS [2006/11/02 15:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS [2006/11/02 15:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS [2006/11/02 15:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS [2006/11/02 15:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS [2006/11/02 15:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS [2006/11/02 15:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS [2006/11/02 15:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS [2006/11/02 15:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS [2006/11/02 15:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS [2006/11/02 15:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS [2009/08/14 21:53:16 | 002,035,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys < %systemroot%\system32\drivers\*.dll > < %systemroot%\system32\drivers\*.ini > < %systemroot%\system32\drivers\*.exe > [2007/10/19 21:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe < %SYSTEMDRIVE%\*.* > [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2008/01/21 10:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr [2009/01/09 11:10:53 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006/09/19 05:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2009/06/11 15:50:44 | 000,007,057 | ---- | M] () -- C:\debug.log [2010/05/06 09:45:56 | 3219,107,840 | -HS- | M] () -- C:\hiberfil.sys [2009/08/27 16:57:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009/02/25 16:40:42 | 000,100,158 | ---- | M] () -- C:\log.txt [2009/02/25 16:48:06 | 000,000,020 | ---- | M] () -- C:\Medion.ini [2009/08/27 16:57:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010/05/06 09:45:54 | 3532,693,504 | -HS- | M] () -- C:\pagefile.sys [2009/02/25 16:42:22 | 000,000,060 | ---- | M] () -- C:\Partition.txt [2009/02/25 16:29:07 | 000,001,668 | ---- | M] () -- C:\RHDSetup.log [2009/07/12 10:41:08 | 000,000,000 | ---- | M] () -- C:\t1c4.2 [2009/10/09 11:48:32 | 000,000,000 | ---- | M] () -- C:\t1cs.2 [2010/03/31 13:33:57 | 000,000,000 | ---- | M] () -- C:\t1dc.2 [2010/03/22 17:44:29 | 000,000,000 | ---- | M] () -- C:\t1i0.2 [2010/02/14 09:37:22 | 000,000,000 | ---- | M] () -- C:\t1is.2 < %PROGRAMFILES%\*. > [2010/01/10 15:55:04 | 000,000,000 | ---D | M] -- C:\Program Files\ACDFREE12 [2009/03/03 10:21:14 | 000,000,000 | ---D | M] -- C:\Program Files\Acer [2009/02/25 16:51:42 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Arcade Deluxe [2009/01/09 13:33:42 | 000,000,000 | ---D | M] -- C:\Program Files\Acer GameZone [2009/02/25 16:40:59 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Inc [2009/02/25 16:53:34 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Incorporated [2009/05/26 23:17:23 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe [2009/12/06 15:32:48 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update [2009/05/16 21:39:09 | 000,000,000 | ---D | M] -- C:\Program Files\AskBarDis [2009/01/09 13:33:34 | 000,000,000 | ---D | M] -- C:\Program Files\Big Kahuna Reef [2009/05/16 21:39:28 | 000,000,000 | ---D | M] -- C:\Program Files\BitTorrent [2009/05/04 16:13:09 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour [2010/05/06 06:17:59 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner [2010/05/06 06:23:06 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files [2009/01/09 12:51:10 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT [2009/01/09 13:38:26 | 000,000,000 | ---D | M] -- C:\Program Files\Convesoft [2010/03/24 00:22:38 | 000,000,000 | ---D | M] -- C:\Program Files\Counter-Strike 1.6 [2009/01/09 13:44:22 | 000,000,000 | ---D | M] -- C:\Program Files\Cyberlink [2009/10/28 22:54:52 | 000,000,000 | ---D | M] -- C:\Program Files\Dealio Toolbar [2009/01/09 12:41:31 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX [2009/05/16 21:39:22 | 000,000,000 | ---D | M] -- C:\Program Files\DNA [2009/11/16 17:26:38 | 000,000,000 | ---D | M] -- C:\Program Files\EA Sports [2010/02/28 20:01:48 | 000,000,000 | ---D | M] -- C:\Program Files\Eidos Interactive [2009/01/09 13:44:46 | 000,000,000 | ---D | M] -- C:\Program Files\eSobi [2009/06/11 15:51:56 | 000,000,000 | ---D | M] -- C:\Program Files\Essentials Codec Pack [2009/02/25 16:39:51 | 000,000,000 | ---D | M] -- C:\Program Files\Fingerprint Sensor [2010/03/31 05:56:03 | 000,000,000 | ---D | M] -- C:\Program Files\Garena [2010/04/14 18:31:30 | 000,000,000 | ---D | M] -- C:\Program Files\Google [2009/05/17 14:04:36 | 000,000,000 | ---D | M] -- C:\Program Files\Guitar Pro 5 [2009/03/10 15:49:49 | 000,000,000 | ---D | M] -- C:\Program Files\Heulab [2009/09/23 10:22:23 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information [2009/01/09 12:38:13 | 000,000,000 | ---D | M] -- C:\Program Files\Intel [2010/04/01 05:45:44 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer [2009/05/09 13:37:50 | 000,000,000 | ---D | M] -- C:\Program Files\Java [2009/02/25 16:29:35 | 000,000,000 | ---D | M] -- C:\Program Files\Launch Manager [2009/05/26 23:13:06 | 000,000,000 | ---D | M] -- C:\Program Files\MagicISO [2010/05/06 06:26:08 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/01/17 17:16:46 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan [2009/11/04 21:41:31 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger Plus! Live [2009/10/05 15:11:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft [2006/11/02 20:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games [2009/03/09 17:11:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office [2010/05/06 06:10:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Essentials [2010/01/23 10:14:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight [2009/01/09 13:21:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition [2009/03/09 17:11:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio [2010/01/15 20:33:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8 [2009/11/18 15:45:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works [2009/03/09 17:11:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET [2009/12/17 10:38:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mobile Partner [2010/03/11 21:24:46 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker [2010/04/03 08:45:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox [2006/11/02 20:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild [2009/01/09 12:21:57 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0 [2009/01/09 13:35:42 | 000,000,000 | ---D | M] -- C:\Program Files\NewTech Infosystems [2009/06/10 20:30:11 | 000,000,000 | ---D | M] -- C:\Program Files\Nokia [2009/06/10 20:28:57 | 000,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution [2009/12/06 15:37:31 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime [2010/04/06 03:41:35 | 000,000,000 | ---D | M] -- C:\Program Files\Real [2009/01/09 12:42:17 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek [2006/11/02 20:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies [2010/01/10 10:37:59 | 000,000,000 | ---D | M] -- C:\Program Files\Runes of Magic [2009/04/25 16:50:31 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung [2009/08/27 17:26:44 | 000,000,000 | ---D | M] -- C:\Program Files\Sports Interactive [2010/05/06 09:50:28 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware [2009/03/11 18:09:29 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec [2009/03/19 10:12:07 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics [2009/02/25 16:29:07 | 000,000,000 | -H-D | M] -- C:\Program Files\Temp [2010/05/06 09:41:58 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro [2009/09/22 01:46:16 | 000,000,000 | ---D | M] -- C:\Program Files\TS [2006/11/02 21:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information [2009/07/16 02:16:03 | 000,000,000 | ---D | M] -- C:\Program Files\Utherverse Digital Inc [2009/09/15 14:49:14 | 000,000,000 | ---D | M] -- C:\Program Files\Vodafone [2009/02/25 16:36:58 | 000,000,000 | ---D | M] -- C:\Program Files\WIDCOMM [2009/06/10 23:18:54 | 000,000,000 | ---D | M] -- C:\Program Files\WinAVIVideoConverter [2008/01/21 10:35:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar [2008/01/21 10:35:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration [2008/01/21 10:35:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender [2008/01/21 10:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal [2009/10/05 15:14:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live [2009/05/26 22:34:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center [2009/01/09 13:20:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive [2010/04/15 07:32:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail [2009/10/29 14:29:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player [2006/11/02 20:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT [2008/01/21 10:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery [2008/01/21 10:35:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar [2009/08/27 17:10:06 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR [2009/08/27 17:01:52 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip [2009/09/26 00:25:17 | 000,000,000 | ---D | M] -- C:\Program Files\Youda Sushi Chef [2009/04/24 22:49:36 | 000,000,000 | ---D | M] -- C:\Program Files\YouTube Downloader [2009/08/27 17:26:44 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry < %appdata%\*.* > [2009/09/15 14:49:30 | 000,000,006 | -HS- | M] () -- C:\Users\Mellowship\AppData\Roaming\desktop.ini [2009/12/17 11:03:39 | 000,000,000 | ---- | M] () -- C:\Users\Mellowship\AppData\Roaming\monFDE.log [2010/04/16 18:13:12 | 000,100,533 | ---- | M] () -- C:\Users\Mellowship\AppData\Roaming\NMM-MetaData.db < MD5 for: AGP440.SYS > [2008/01/21 10:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008/01/21 10:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008/01/21 10:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008/01/21 10:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006/11/02 17:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008/03/12 14:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008/03/12 14:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009/04/11 14:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008/01/21 10:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008/01/21 10:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 17:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008/03/12 14:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys [2008/06/03 11:29:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\drivers\atapi.sys [2008/06/03 11:29:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys [2008/06/03 11:29:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys [2008/06/03 11:27:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys [2008/06/03 11:27:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 17:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006/11/02 17:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: DISK.SYS > [2009/04/11 14:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys [2008/01/21 10:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\drivers\disk.sys [2008/01/21 10:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys [2008/01/21 10:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys [2006/11/02 17:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys < MD5 for: EVENTLOG.DLL > [2007/01/13 14:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\Cyberlink\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2008/01/21 10:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008/01/21 10:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008/01/21 10:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006/11/02 17:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/04/11 14:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008/01/21 10:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008/01/21 10:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006/11/02 17:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008/01/21 10:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008/01/21 10:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008/01/21 10:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/21 10:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008/01/21 10:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009/04/11 14:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USBSTOR.SYS > [2008/01/21 10:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\drivers\USBSTOR.SYS [2008/01/21 10:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS [2008/01/21 10:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS [2009/04/11 12:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS [2006/11/02 16:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-05-04 09:50:08 ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:C95B63DA @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:517B507A @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:FEBEC560 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:131C0EE9 @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:3E7393FC < End of report > Hi Optional Programs BitTorrent I see you are running BitTorrent, a P2P application. I suggest to read the following, and then decided whether you want to keep it or not: http://www.helpmyos.com/learn-security-f40/p2p-programs-t1102.htm Ask Toolbar I recommend the removal of Ask Toolbar. If you choose to do so, please follow the instructions below:
2. From the "Start" menu in Windows, select "Control Panel" 3. Select "Add or Remove Programs" 4. Select "AskBarDis" 5. Click "Change/Remove" Update Software Please download the newest version of Java from Java.com. Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable. Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7). Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them. Once old versions are gone, please install the newest version. OTL Fix Please run OTL
Download and Run FlashDisinfector
mobile phone. Please do so and allow the utility to clean up those drives as well.
ComboFix Please download ComboFix from BleepingComputer.com Alternate link: GeeksToGo.com Alternate link: Forospyware.com (Click the green button on the page to download it). Rename ComboFix.exe to combo-fix.exe before you save it to your Desktop
Please post:
OTL fix log All processes killed ========== OTL ========== HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e1a502b-7a5a-11de-8b16-00235a5e1a04}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e1a502b-7a5a-11de-8b16-00235a5e1a04}\ not found. File F:\winlog.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e1a502b-7a5a-11de-8b16-00235a5e1a04}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e1a502b-7a5a-11de-8b16-00235a5e1a04}\ not found. File F:\winlog.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e1a503f-7a5a-11de-8b16-00235a5e1a04}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e1a503f-7a5a-11de-8b16-00235a5e1a04}\ not found. File F:\new2.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f165066-a1c3-11de-83b9-00235a5e1a04}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f165066-a1c3-11de-83b9-00235a5e1a04}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f165066-a1c3-11de-83b9-00235a5e1a04}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f165066-a1c3-11de-83b9-00235a5e1a04}\ not found. File F:\StartVMCLite.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f16506d-a1c3-11de-83b9-00235a5e1a04}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f16506d-a1c3-11de-83b9-00235a5e1a04}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f16506d-a1c3-11de-83b9-00235a5e1a04}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f16506d-a1c3-11de-83b9-00235a5e1a04}\ not found. File F:\StartVMCLite.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41fdc470-3eb2-11de-8c14-00235a5e1a04}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41fdc470-3eb2-11de-8c14-00235a5e1a04}\ not found. File backupuser.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7071c687-63aa-11de-99e7-00235a5e1a04}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7071c687-63aa-11de-99e7-00235a5e1a04}\ not found. File F:\winlog.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7071c687-63aa-11de-99e7-00235a5e1a04}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7071c687-63aa-11de-99e7-00235a5e1a04}\ not found. File F:\winlog.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d7ec3ea-44e5-11de-88f0-00235a5e1a04}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d7ec3ea-44e5-11de-88f0-00235a5e1a04}\ not found. File winlog.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d7ec3ea-44e5-11de-88f0-00235a5e1a04}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d7ec3ea-44e5-11de-88f0-00235a5e1a04}\ not found. File winlog.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2f46555-eab3-11de-8e34-00235a5e1a04}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2f46555-eab3-11de-8e34-00235a5e1a04}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bab7ea6a-3ec5-11de-94fe-00235a5e1a04}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bab7ea6a-3ec5-11de-94fe-00235a5e1a04}\ not found. File H:\winlog.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bab7ea6a-3ec5-11de-94fe-00235a5e1a04}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bab7ea6a-3ec5-11de-94fe-00235a5e1a04}\ not found. File H:\winlog.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2f46548-eab3-11de-8e34-00235a5e1a04}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2f46548-eab3-11de-8e34-00235a5e1a04}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f382b406-49db-11de-a418-00235a5e1a04}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f382b406-49db-11de-a418-00235a5e1a04}\ not found. File C:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f382b406-49db-11de-a418-00235a5e1a04}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f382b406-49db-11de-a418-00235a5e1a04}\ not found. File C:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e65c2c66-49c3-11de-abdf-00235a5e1a04}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e65c2c66-49c3-11de-abdf-00235a5e1a04}\ not found. File G:\winlog.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e65c2c66-49c3-11de-abdf-00235a5e1a04}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e65c2c66-49c3-11de-abdf-00235a5e1a04}\ not found. File G:\winlog.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de044a68-6d00-11de-b51a-00235a5e1a04}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de044a68-6d00-11de-b51a-00235a5e1a04}\ not found. File F:\launcher.exe not found. ADS C:\ProgramData\Temp:C95B63DA deleted successfully. ADS C:\ProgramData\Temp:517B507A deleted successfully. ADS C:\ProgramData\Temp:FEBEC560 deleted successfully. ADS C:\ProgramData\Temp:131C0EE9 deleted successfully. ADS C:\ProgramData\Temp:3E7393FC deleted successfully. ========== COMMANDS ========== [EMPTYFLASH] User: Admin ->Flash cache emptied: 503 bytes User: All Users User: Default User: Default User User: Mellowship ->Flash cache emptied: 1885617 bytes User: Public User: TEMP Total Flash Files Cleaned = 2.00 mb [EMPTYTEMP] User: Admin ->Temp folder emptied: 317672 bytes ->Temporary Internet Files folder emptied: 322492 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Mellowship ->Temp folder emptied: 45861465 bytes ->Temporary Internet Files folder emptied: 2412145 bytes ->Java cache emptied: 65703571 bytes ->FireFox cache emptied: 63708748 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: TEMP ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2915816 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 2066 bytes Total Files Cleaned = 173.00 mb OTL by OldTimer - Version 3.2.4.1 log created on 05082010_074324 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
| 98. |
Solve : Serious Malware Infection - BSOD, Cannot Load Windows? |
|
Answer» I am experiencing a similar situation as this thread that I found. I was downloading a file from megaupload on my WINDOWS XP laptop, and I GOT a popup which I closed. A while later, I started getting fake malware alerts, and then I could not open task manager or execute any programs. When I rebooted, all I get is a quick BSOD for normal boot, SAFE mode, and last known good config. It doesn't stay long enough for me to get the error message. |
|
| 99. |
Solve : Trojan? |
|
Answer» SO, I tried to DOWNLOAD the programs (Super AntiSpyware, Malware bytes, etc.), but once they were supposedly downloaded, I could not open them. Further, when I went to the folder where they were supposedly downloaded, there was no sign of them. I've got a Lenovo Thinkpad T400s w/ Symantec Antivirus. This lap top is school ISSUED, but it's finals week, and I really don't want to give up my lap top for any length time. Symantec said it found two files, a nodqq.exe on the C:\ and vgyn6ewc.exe on one of my flash drives, and they are both categorized as "Trojan.Gen." Also, when I open "My Computer" and try to click on "C:\", a window pops up asking me what program I want to us to open it with. I can access the folders by typing "C:\" into the address bar, though. Once there, all the folders appear. Yet, some folders that are supposed to have files in them appear empty. When I tried to run a virus scan specifically on a folder with the missing files, Symantec showed the list of files. An automatic scan picked them up, and both were put into quarantine, but for another, Symantec said it couldn't do anything (delete, remove, or quarantine). Am I screwed?? Please advise!Plug in any flash or external drives, then do this:
by DragonMaster Jay Microsoft Windows XP [Version 5.1.2600] Date: 04/30/2010 - Time: 17:35:15 - Arch.: x86 -- Malware removal tools check -- CCleaner -- Known infection -- Extra message: Detection only. EOF We need to do some diagnostics. 1. Please download Profiles by noahdfear.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList DefaultUserProfile REG_SZ Default User AllUsersProfile REG_SZ All Users HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18 ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19 ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20 ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3762359387-1121093760-3251406087-1008 ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\test image HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3762359387-1121093760-3251406087-1009 ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\student HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3762359387-1121093760-3251406087-1010 ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\SHOP HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3762359387-1121093760-3251406087-1011 ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\ADAGIAU HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3762359387-1121093760-3251406087-500 ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator SystemRoot REG_SZ C:\WINDOWS And Win32KDiag Log: Running from: C:\Documents and Settings\ADAGIAU\Desktop\Win32kDiag.exe Log file at : C:\Documents and Settings\ADAGIAU\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Cannot access: C:\WINDOWS\system32\novell\nici\Administrator\XMGRCFG.KS2 [1] 2009-10-30 15:36:21 3948 C:\WINDOWS\system32\novell\nici\ADAGIAU\XMGRCFG.KS2 () [1] 2009-06-29 09:44:21 3948 C:\WINDOWS\system32\novell\nici\Administrator\XMGRCFG.KS2 () [1] 2009-06-29 08:35:47 3948 C:\WINDOWS\system32\novell\nici\student\XMGRCFG.KS2 () [1] 2009-06-29 11:04:03 3948 C:\WINDOWS\system32\novell\nici\SYSTEM\XMGRCFG.KS2 () [1] 2009-06-25 13:16:18 3948 C:\WINDOWS\system32\novell\nici\test image\XMGRCFG.KS2 () Cannot access: C:\WINDOWS\system32\novell\nici\Administrator\XMGRCFG.KS3 [1] 2009-10-30 16:44:02 268 C:\WINDOWS\system32\novell\nici\ADAGIAU\XMGRCFG.KS3 () [1] 2009-06-29 10:02:27 267 C:\WINDOWS\system32\novell\nici\Administrator\XMGRCFG.KS3 () [1] 2009-07-15 12:05:48 268 C:\WINDOWS\system32\novell\nici\student\XMGRCFG.KS3 () [1] 2010-02-05 14:01:31 268 C:\WINDOWS\system32\novell\nici\SYSTEM\XMGRCFG.KS3 () [1] 2009-06-26 09:49:49 268 C:\WINDOWS\system32\novell\nici\test image\XMGRCFG.KS3 () Cannot access: C:\WINDOWS\system32\novell\nici\student\XMGRCFG.KS2 [1] 2009-10-30 15:36:21 3948 C:\WINDOWS\system32\novell\nici\ADAGIAU\XMGRCFG.KS2 () [1] 2009-06-29 09:44:21 3948 C:\WINDOWS\system32\novell\nici\Administrator\XMGRCFG.KS2 () [1] 2009-06-29 08:35:47 3948 C:\WINDOWS\system32\novell\nici\student\XMGRCFG.KS2 () [1] 2009-06-29 11:04:03 3948 C:\WINDOWS\system32\novell\nici\SYSTEM\XMGRCFG.KS2 () [1] 2009-06-25 13:16:18 3948 C:\WINDOWS\system32\novell\nici\test image\XMGRCFG.KS2 () Cannot access: C:\WINDOWS\system32\novell\nici\student\XMGRCFG.KS3 [1] 2009-10-30 16:44:02 268 C:\WINDOWS\system32\novell\nici\ADAGIAU\XMGRCFG.KS3 () [1] 2009-06-29 10:02:27 267 C:\WINDOWS\system32\novell\nici\Administrator\XMGRCFG.KS3 () [1] 2009-07-15 12:05:48 268 C:\WINDOWS\system32\novell\nici\student\XMGRCFG.KS3 () [1] 2010-02-05 14:01:31 268 C:\WINDOWS\system32\novell\nici\SYSTEM\XMGRCFG.KS3 () [1] 2009-06-26 09:49:49 268 C:\WINDOWS\system32\novell\nici\test image\XMGRCFG.KS3 () Cannot access: C:\WINDOWS\system32\novell\nici\SYSTEM\XMGRCFG.KS2 [1] 2009-10-30 15:36:21 3948 C:\WINDOWS\system32\novell\nici\ADAGIAU\XMGRCFG.KS2 () [1] 2009-06-29 09:44:21 3948 C:\WINDOWS\system32\novell\nici\Administrator\XMGRCFG.KS2 () [1] 2009-06-29 08:35:47 3948 C:\WINDOWS\system32\novell\nici\student\XMGRCFG.KS2 () [1] 2009-06-29 11:04:03 3948 C:\WINDOWS\system32\novell\nici\SYSTEM\XMGRCFG.KS2 () [1] 2009-06-25 13:16:18 3948 C:\WINDOWS\system32\novell\nici\test image\XMGRCFG.KS2 () Cannot access: C:\WINDOWS\system32\novell\nici\SYSTEM\XMGRCFG.KS3 [1] 2009-10-30 16:44:02 268 C:\WINDOWS\system32\novell\nici\ADAGIAU\XMGRCFG.KS3 () [1] 2009-06-29 10:02:27 267 C:\WINDOWS\system32\novell\nici\Administrator\XMGRCFG.KS3 () [1] 2009-07-15 12:05:48 268 C:\WINDOWS\system32\novell\nici\student\XMGRCFG.KS3 () [1] 2010-02-05 14:01:31 268 C:\WINDOWS\system32\novell\nici\SYSTEM\XMGRCFG.KS3 () [1] 2009-06-26 09:49:49 268 C:\WINDOWS\system32\novell\nici\test image\XMGRCFG.KS3 () Cannot access: C:\WINDOWS\system32\novell\nici\test image\XMGRCFG.KS2 [1] 2009-10-30 15:36:21 3948 C:\WINDOWS\system32\novell\nici\ADAGIAU\XMGRCFG.KS2 () [1] 2009-06-29 09:44:21 3948 C:\WINDOWS\system32\novell\nici\Administrator\XMGRCFG.KS2 () [1] 2009-06-29 08:35:47 3948 C:\WINDOWS\system32\novell\nici\student\XMGRCFG.KS2 () [1] 2009-06-29 11:04:03 3948 C:\WINDOWS\system32\novell\nici\SYSTEM\XMGRCFG.KS2 () [1] 2009-06-25 13:16:18 3948 C:\WINDOWS\system32\novell\nici\test image\XMGRCFG.KS2 () Cannot access: C:\WINDOWS\system32\novell\nici\test image\XMGRCFG.KS3 [1] 2009-10-30 16:44:02 268 C:\WINDOWS\system32\novell\nici\ADAGIAU\XMGRCFG.KS3 () [1] 2009-06-29 10:02:27 267 C:\WINDOWS\system32\novell\nici\Administrator\XMGRCFG.KS3 () [1] 2009-07-15 12:05:48 268 C:\WINDOWS\system32\novell\nici\student\XMGRCFG.KS3 () [1] 2010-02-05 14:01:31 268 C:\WINDOWS\system32\novell\nici\SYSTEM\XMGRCFG.KS3 () [1] 2009-06-26 09:49:49 268 C:\WINDOWS\system32\novell\nici\test image\XMGRCFG.KS3 () Finished! Also, I think I might be able to download Superantispy, MBAM, and Hijack if needed. No, DragonMaster Jay, thank you!! Is this a company or school computer? Please download Malwarebytes Anti-Malware from Malwarebytes.org. Alternate link: BleepingComputer.com. (Note: if you ALREADY have the program installed, just follow the directions. No need to re-download or re-install!) Double Click mbam-setup.exe to install the application. (Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)
Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4058 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 5/1/2010 11:23:26 PM mbam-log-2010-05-01 (23-23-26).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 267381 Time elapsed: 53 minute(s), 35 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)Please run a free online scan with the ESET Online Scanner
[emailprotected] as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=a6ed1b25d80db840ac71523b09da46d3 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-05-02 09:39:17 # local_time=2010-05-02 05:39:17 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1024 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=117406 # found=10 # cleaned=10 # scan_time=4113 C:\Qoobox\Quarantine\C\autorun.inf.virWin32/PSW.OnLineGames.OUM trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP103\A0028494.infWin32/PSW.OnLineGames.OUM trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP104\A0028507.infWin32/PSW.OnLineGames.OUM trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP104\A0028521.infWin32/PSW.OnLineGames.OUM trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP104\A0028557.infWin32/PSW.OnLineGames.OUM trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP104\A0028600.infWin32/PSW.OnLineGames.OUM trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP105\A0028619.infWin32/PSW.OnLineGames.OUM trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP106\A0028767.infWin32/PSW.OnLineGames.OUM trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP107\A0028773.infWin32/PSW.OnLineGames.OUM trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP109\A0029208.infWin32/PSW.OnLineGames.OUM trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C Thank you!! Am I good...?Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
Please download OTC.exe by OldTimer:
== Please download TFC by OldTimer to your desktop
Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
Results of screen317's Security Check version 0.99.4 Windows XP Service Pack 3 Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Symantec AntiVirus Symantec Antivirus Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java DB 10.5.3.0 Java(TM) 6 Update 20 Java(TM) SE Development Kit 6 Update 20 Adobe Flash Player 10.0.45.2 ```````````````````````````````` Process Check: objlist.exe by Laurent Symantec AntiVirus DefWatch.exe Symantec AntiVirus Rtvscan.exe Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe ```````````````````````````````` DNS Vulnerability Check: Unknown. This method cannot test your vulnerability to DNS cache poisoning. ``````````End of Log```````````` I would recommend to update your system via Windows Update: http://update.microsoft.com. Other than that, looks clean. Have any more questions? |
|
| 100. |
Solve : possible virus?? |
|
Answer» Hi, I am new to these threads and I believe I have a virus on my computer. My computer takes forever to start up, when i click on an icon it takes forever to load up, when i click on a webpage it sometimes doesn't load, and the most annoying is that when i click on a link in Google, it will redirect me to another site.
www.malwarebytes.org Database version: 4052 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 5/2/2010 4:40:22 PM mbam-log-2010-05-02 (16-40-22).txt Scan type: Full scan (C:\|) Objects scanned: 173882 Time elapsed: 50 MINUTE(s), 0 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 36 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009711.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009713.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009716.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009720.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009721.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009723.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009724.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009727.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009728.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009729.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009730.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009731.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009732.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009733.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009734.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009735.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009736.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009737.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009738.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009739.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009740.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009741.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009742.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009743.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0010536.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0010537.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0010538.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0010539.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0010555.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP85\A0012350.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP85\A0012351.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP85\A0012352.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP85\A0012353.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP85\A0012354.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP85\A0012355.dll (Trojan.Tracur) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP85\A0012360.dll (Trojan.Tracur) -> Quarantined and deleted successfully. Please run a free online scan with the ESET Online Scanner
all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=5ff682590ab9504aa58875785e7a1499 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-05-03 09:46:11 # local_time=2010-05-03 05:46:11 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=3584 16777175 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=55980 # found=15 # cleaned=15 # scan_time=6405 C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP53\A0006542.RBFWin32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP53\A0006543.RBFWin32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009714.DLLWin32/Adware.FunWeb application (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009715.DLLWin32/Adware.FunWeb application (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009717.DLLWin32/Adware.FunWeb application (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009718.DLLWin32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009719.DLLWin32/Adware.FunWeb application (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009722.DLLWin32/Adware.FunWeb application (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009725.DLLWin32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009726.DLLWin32/FunWeb application (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP88\A0012435.dllWin32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP92\A0013634.exeWin32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP92\A0013635.dllWin32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettings.exe.virWin32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettingsRes409.dll.virWin32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)00000000000000000000000000000000C [emailprotected] as downloader log: all okNow to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
Please download OTC.exe by OldTimer:
== Please download TFC by OldTimer to your desktop
Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
Windows XP Service Pack 2 Out of date service pack!! Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Online Scanner v3 Norton Internet Security Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java(TM) 6 Update 15 Out of date Java installed! Adobe Flash Player 10.0.42.34 Adobe Reader 9.2 Out of date Adobe Reader installed! Mozilla Firefox (3.6.3) ```````````````````````````````` Process Check: objlist.exe by Laurent Norton ccSvcHst.exe ```````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) ``````````End of Log```````````` Please download the newest version of Adobe Acrobat Reader from Adobe.com Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable. Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7). Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them. Once old versions are gone, please install the newest version. == Please download the newest version of Java from Java.com. Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable. Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7). Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them. Once old versions are gone, please install the newest version. ==== Please upgrade to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update. More info about SP3: http://www.geekpolice.net/operating-systems-f20/windows-xp-service-pack-3-information-t16956.htm =========== See this page for more info about malware and prevention. Do you have any more questions?Nope, thank you! You're welcome. |
|
