1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved BugCheck 3B caused by virus?

Discussion in 'Malware and Virus Removal Archive' started by TRiBaL, 2011/03/27.

  1. 2011/03/27
    TRiBaL

    TRiBaL Inactive Thread Starter

    Joined:
    2011/03/26
    Messages:
    14
    Likes Received:
    0
    [Resolved] BugCheck 3B caused by virus?

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: Service Pack 1 (build 7601), 64-bit
    Base Board Manufacturer: ASUSTeK Computer INC.
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: System manufacturer
    System Product Name: System Product Name
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 180):
    0x02867000 \SystemRoot\system32\ntoskrnl.exe
    0x0281E000 \SystemRoot\system32\hal.dll
    0x00BD0000 \SystemRoot\system32\kdcom.dll
    0x00CC5000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00D14000 \SystemRoot\system32\PSHED.dll
    0x00D28000 \SystemRoot\system32\CLFS.SYS
    0x00C00000 \SystemRoot\system32\CI.dll
    0x00E67000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F0B000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00F1A000 \SystemRoot\system32\drivers\ACPI.sys
    0x00F71000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x00F7A000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00F84000 \SystemRoot\system32\drivers\pci.sys
    0x00FB7000 \SystemRoot\system32\drivers\vdrvroot.sys
    0x00FC4000 \SystemRoot\System32\drivers\partmgr.sys
    0x00FD9000 \SystemRoot\system32\drivers\volmgr.sys
    0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00D86000 \SystemRoot\System32\drivers\mountmgr.sys
    0x01042000 \SystemRoot\system32\drivers\iaStorV.sys
    0x012AC000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x01200000 \SystemRoot\system32\drivers\amdxata.sys
    0x0120B000 \SystemRoot\system32\drivers\fltmgr.sys
    0x01257000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01413000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01160000 \SystemRoot\System32\Drivers\msrpc.sys
    0x015B6000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x0160F000 \SystemRoot\System32\Drivers\cng.sys
    0x01681000 \SystemRoot\System32\drivers\pcw.sys
    0x01692000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x0169C000 \SystemRoot\system32\drivers\ndis.sys
    0x0178F000 \SystemRoot\system32\drivers\NETIO.SYS
    0x015D1000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x018DD000 \SystemRoot\System32\drivers\tcpip.sys
    0x01AE1000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01B2B000 \SystemRoot\system32\drivers\volsnap.sys
    0x01B77000 \SystemRoot\System32\Drivers\spldr.sys
    0x01B7F000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01BB9000 \SystemRoot\System32\Drivers\mup.sys
    0x01BCB000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01800000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x0183A000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01850000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x03E00000 \SystemRoot\system32\drivers\cdrom.sys
    0x02E44000 \SystemRoot\System32\Drivers\aswSnx.SYS
    0x02EC4000 \SystemRoot\System32\Drivers\Null.SYS
    0x02ECD000 \SystemRoot\System32\Drivers\Beep.SYS
    0x02ED4000 \SystemRoot\System32\drivers\vga.sys
    0x02EE2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x02F07000 \SystemRoot\System32\drivers\watchdog.sys
    0x02F17000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x02F20000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x02F29000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x02F32000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x02F3D000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x02F4E000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x02F70000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x02F7D000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x0443F000 \SystemRoot\system32\drivers\afd.sys
    0x044C8000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x044D2000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x04517000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x04520000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x04546000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x04555000 \SystemRoot\system32\DRIVERS\serial.sys
    0x04572000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x0458D000 \SystemRoot\system32\drivers\termdd.sys
    0x045A1000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x045F2000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x04400000 \SystemRoot\system32\drivers\mssmbios.sys
    0x0440B000 \SystemRoot\System32\drivers\discache.sys
    0x0441A000 \SystemRoot\System32\Drivers\dfsc.sys
    0x02F8D000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x02F9E000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x02E00000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x02E26000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x0F26E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x0FEC9000 \SystemRoot\System32\Drivers\nvBridge.kmd
    0x0FECB000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x0F200000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x0F246000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x00DA0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x0F253000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x0FFBF000 \SystemRoot\system32\drivers\HDAudBus.sys
    0x03E2A000 \SystemRoot\system32\drivers\1394ohci.sys
    0x04AA5000 \SystemRoot\system32\DRIVERS\ASACPI.sys
    0x04AAD000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x04AD7000 \SystemRoot\system32\drivers\kbdclass.sys
    0x04AE6000 \SystemRoot\system32\drivers\CompositeBus.sys
    0x04AF6000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x04B0C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x04B30000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x04B3C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x04B6B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x04B86000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x04BA7000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x04BC1000 \SystemRoot\system32\drivers\mouclass.sys
    0x04BD0000 \SystemRoot\system32\drivers\swenum.sys
    0x0188E000 \SystemRoot\system32\drivers\ks.sys
    0x04BD2000 \SystemRoot\system32\drivers\umbus.sys
    0x04ED8000 \SystemRoot\system32\drivers\usbhub.sys
    0x04F32000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x04F47000 \SystemRoot\system32\drivers\ADIHdAud.sys
    0x04FC0000 \SystemRoot\system32\drivers\portcls.sys
    0x04E00000 \SystemRoot\system32\drivers\drmk.sys
    0x04E22000 \SystemRoot\system32\drivers\ksthunk.sys
    0x04E28000 \SystemRoot\system32\drivers\usbccgp.sys
    0x04E45000 \SystemRoot\system32\drivers\USBD.SYS
    0x04E47000 \SystemRoot\system32\drivers\hidusb.sys
    0x04E55000 \SystemRoot\system32\drivers\HIDCLASS.SYS
    0x04E6E000 \SystemRoot\system32\drivers\HIDPARSE.SYS
    0x04E77000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x00000000 \SystemRoot\System32\win32k.sys
    0x04E84000 \SystemRoot\System32\drivers\Dxapi.sys
    0x04E90000 \SystemRoot\system32\drivers\kbdhid.sys
    0x04E9E000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x04EBB000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x03E68000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x04BE4000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x04EC9000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x004B0000 \SystemRoot\System32\TSDDD.dll
    0x006B0000 \SystemRoot\System32\cdd.dll
    0x04A00000 \SystemRoot\system32\drivers\luafv.sys
    0x03FBC000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x04A23000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x04AB9000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x0FFE3000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x082B8000 \SystemRoot\system32\drivers\HTTP.sys
    0x08381000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x0839F000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x083B7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x08200000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x0824D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x08670000 \SystemRoot\system32\drivers\peauth.sys
    0x08716000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x08721000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x08752000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x08764000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x088F0000 \SystemRoot\System32\DRIVERS\srv.sys
    0x00810000 \SystemRoot\System32\ATMFD.DLL
    0x08800000 \SystemRoot\system32\DRIVERS\yk62x64.sys
    0x76D60000 \Windows\System32\ntdll.dll
    0x48150000 \Windows\System32\smss.exe
    0xFF080000 \Windows\System32\apisetschema.dll
    0xFFE30000 \Windows\System32\autochk.exe
    0xFEFF0000 \Windows\System32\shlwapi.dll
    0xFEFC0000 \Windows\System32\imm32.dll
    0xFEF20000 \Windows\System32\clbcatq.dll
    0xFEEB0000 \Windows\System32\gdi32.dll
    0xFE120000 \Windows\System32\shell32.dll
    0xFE0D0000 \Windows\System32\ws2_32.dll
    0xFE030000 \Windows\System32\comdlg32.dll
    0xFDF20000 \Windows\System32\msctf.dll
    0xFDE40000 \Windows\System32\oleaut32.dll
    0x76F30000 \Windows\System32\psapi.dll
    0xFDBE0000 \Windows\System32\iertutil.dll
    0x76C60000 \Windows\System32\user32.dll
    0xFDBC0000 \Windows\System32\sechost.dll
    0xFDB60000 \Windows\System32\Wldap32.dll
    0xFD9E0000 \Windows\System32\urlmon.dll
    0xFD9C0000 \Windows\System32\imagehlp.dll
    0xFD7E0000 \Windows\System32\setupapi.dll
    0xFD7D0000 \Windows\System32\nsi.dll
    0xFD700000 \Windows\System32\usp10.dll
    0xFD660000 \Windows\System32\msvcrt.dll
    0xFD530000 \Windows\System32\wininet.dll
    0xFD520000 \Windows\System32\lpk.dll
    0xFD3F0000 \Windows\System32\rpcrt4.dll
    0x76B40000 \Windows\System32\kernel32.dll
    0xFD370000 \Windows\System32\difxapi.dll
    0xFD290000 \Windows\System32\advapi32.dll
    0xFD080000 \Windows\System32\ole32.dll
    0x76F20000 \Windows\System32\normaliz.dll
    0xFD010000 \Windows\System32\KernelBase.dll
    0xFCFD0000 \Windows\System32\wintrust.dll
    0xFCF90000 \Windows\System32\cfgmgr32.dll
    0xFCEF0000 \Windows\System32\comctl32.dll
    0xFCED0000 \Windows\System32\devobj.dll
    0xFCD60000 \Windows\System32\crypt32.dll
    0xFCD50000 \Windows\System32\msasn1.dll
    0x76A20000 \Windows\SysWOW64\normaliz.dll

    Processes (total 40):
    0 System Idle Process
    4 System
    352 C:\Windows\System32\smss.exe
    436 csrss.exe
    484 C:\Windows\System32\wininit.exe
    504 csrss.exe
    544 C:\Windows\System32\services.exe
    592 C:\Windows\System32\lsass.exe
    600 C:\Windows\System32\lsm.exe
    664 C:\Windows\System32\winlogon.exe
    724 C:\Windows\System32\svchost.exe
    808 C:\Windows\System32\nvvsvc.exe
    848 C:\Windows\System32\svchost.exe
    916 C:\Windows\System32\svchost.exe
    988 C:\Windows\System32\svchost.exe
    1016 C:\Windows\System32\svchost.exe
    864 C:\Windows\System32\svchost.exe
    1072 C:\Windows\System32\svchost.exe
    1140 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    1184 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    1196 C:\Windows\System32\nvvsvc.exe
    1312 C:\Windows\System32\dwm.exe
    1336 C:\Windows\explorer.exe
    1736 C:\Program Files\AVAST Software\Avast\AvastUI.exe
    1156 C:\Windows\System32\spoolsv.exe
    1288 C:\Windows\System32\taskhost.exe
    1044 C:\Windows\System32\svchost.exe
    2088 C:\Windows\System32\AEADISRV.EXE
    2132 C:\Windows\System32\svchost.exe
    2216 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    2576 C:\Windows\System32\SearchIndexer.exe
    3044 C:\Windows\System32\svchost.exe
    3860 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    3948 C:\Windows\System32\svchost.exe
    1880 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    2780 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    2060 C:\Windows\SysWOW64\ctfmon.exe
    3848 C:\Windows\System32\audiodg.exe
    1872 C:\Users\A. K\Desktop\MBRCheck.exe
    3996 C:\Windows\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

    PhysicalDrive0 Model Number:

    Size Device Name MBR Status
    --------------------------------------------
    79 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!
     
    Last edited: 2011/03/27
    TRiBaL,
    #1
  2. 2011/03/27
    TRiBaL

    TRiBaL Inactive Thread Starter

    Joined:
    2011/03/26
    Messages:
    14
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6173

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    26/3/2011 12:20:49
    mbam-log-2011-03-26 (12-20-49).txt

    Scan type: Quick scan
    Objects scanned: 163501
    Time elapsed: 1 minute(s), 2 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    TRiBaL,
    #2


  3. to hide this advert.

  4. 2011/03/27
    TRiBaL

    TRiBaL Inactive Thread Starter

    Joined:
    2011/03/26
    Messages:
    14
    Likes Received:
    0
    .
    DDS (Ver_11-03-05.01) - NTFS_AMD64
    Run by A. K at 12:36:31,89 on ‘Ëœ™ 26/03/2011
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
    Microsoft Windows 7 Home Premium 6.1.7601.1.1253.30.1033.18.4095.2822 [GMT 2:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\AEADISRV.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\A. Kandreviotis\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe "
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
    mRunOnce: [Uninstall Adobe Download Manager] "C:\Users\AB667~1.KAN\AppData\Local\Temp\getPlusUninst_Adobe.exe" /Get1noarp
    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    TCP: {9C992A31-0E2A-48DC-BBD4-6E13B183DCB4} = 192.168.1.254
    mRun-x64: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe /tray
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\AB667~1.KAN\AppData\Roaming\Mozilla\Firefox\Profiles\87u03pm2.default\
    FF - prefs.js: browser.startup.homepage - www.facebook.com
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
    FF - Ext: WebMail Notifier: {37fa1426-b82d-11db-8314-0800200c9a66} - %profile%\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
    FF - Ext: Password Exporter: {B17C1C5A-04B1-11DB-9804-B622A1EF5492} - %profile%\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
    FF - Ext: avast! WebRep: wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-26 505176]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-3-26 280408]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-3-26 22360]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-3-26 64344]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-3-26 42184]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-26 13336]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2011-3-26 397088]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-26 59392]
    .
    =============== Created Last 30 ================
    .
    2011-03-26 16:49:28 -------- d-----w- C:\Windows\Panther
    2011-03-26 10:19:05 -------- d-----w- C:\Users\AB667~1.KAN\AppData\Roaming\Malwarebytes
    2011-03-26 10:19:02 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-26 10:19:02 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-03-26 10:18:59 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-03-26 10:18:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-03-26 09:09:42 -------- d-----w- C:\symbols
    2011-03-26 09:07:37 -------- d-----w- C:\Program Files\Debugging Tools for Windows (x64)
    2011-03-26 08:41:58 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-03-26 08:41:58 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-03-26 08:41:11 -------- d-----w- C:\Windows\SysWow64\Adobe
    2011-03-26 08:38:07 -------- d-----w- C:\Users\AB667~1.KAN\AppData\Local\Adobe
    2011-03-26 08:16:10 -------- d-----w- C:\Program Files (x86)\Microsoft ActiveSync
    2011-03-26 08:08:12 -------- d-----w- C:\Users\A. Kandreviotis\Tracing
    2011-03-26 08:07:49 -------- d-----w- C:\Program Files (x86)\Microsoft
    2011-03-26 08:07:37 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
    2011-03-26 08:07:13 -------- d-----w- C:\Windows\PCHEALTH
    2011-03-26 08:07:07 4927864 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\cd21e36b1cbeb8c\Silverlight.2.0.exe
    2011-03-26 08:02:18 -------- d-----w- C:\Windows\SysWow64\directx
    2011-03-26 07:52:44 505176 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2011-03-26 07:52:43 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2011-03-26 07:52:37 40648 ----a-w- C:\Windows\avastSS.scr
    2011-03-26 07:52:35 -------- d-----w- C:\Program Files\AVAST Software
    2011-03-26 07:52:35 -------- d-----w- C:\PROGRA~3\AVAST Software
    2011-03-26 07:44:25 -------- d-----w- C:\Windows\System32\SPReview
    2011-03-26 07:44:21 -------- d-----w- C:\Windows\System32\EventProviders
    2011-03-26 07:42:59 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2011-03-26 07:31:31 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2011-03-26 07:31:31 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2011-03-26 07:31:31 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2011-03-26 07:31:31 1139200 ----a-w- C:\Windows\System32\FntCache.dll
    2011-03-26 07:31:31 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2011-03-26 07:14:58 214016 ----a-w- C:\Windows\System32\winsrv.dll
    2011-03-26 07:14:52 612864 ----a-w- C:\Windows\System32\vbscript.dll
    2011-03-26 07:14:52 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2011-03-26 07:14:48 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
    2011-03-26 07:14:48 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2011-03-26 07:14:48 366592 ----a-w- C:\Windows\System32\atmfd.dll
    2011-03-26 07:14:48 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-03-26 07:14:48 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2011-03-26 07:14:48 100864 ----a-w- C:\Windows\System32\fontsub.dll
    2011-03-26 07:07:51 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
    2011-03-26 07:06:01 397088 ----a-w- C:\Windows\System32\drivers\yk62x64.sys
    2011-03-26 07:04:53 -------- d-----w- C:\Users\AB667~1.KAN\AppData\Roaming\Intel Corporation
    2011-03-26 07:03:28 438808 ----a-w- C:\Windows\System32\drivers\iaStor.sys
    2011-03-26 07:02:09 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
    2011-03-26 07:02:03 -------- d-----w- C:\Intel
    .
    ==================== Find3M ====================
    .
    2011-03-26 07:46:31 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-03-26 07:46:31 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-03-26 07:07:51 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2011-03-26 07:07:51 133632 ----a-w- C:\Windows\System32\OpenAL32.dll
    2011-03-26 07:07:51 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2011-02-02 16:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-02-02 13:31:16 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2011-02-02 13:31:16 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2011-01-07 18:49:34 795752 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll
    2011-01-07 18:49:28 6143080 ----a-w- C:\Windows\System32\nvcpl.dll
    2011-01-07 18:49:10 3156072 ----a-w- C:\Windows\System32\nvsvc64.dll
    2011-01-07 18:48:58 61032 ----a-w- C:\Windows\System32\nvshext.dll
    2011-01-07 18:48:58 117864 ----a-w- C:\Windows\System32\nvmctray.dll
    2011-01-07 18:48:58 1005160 ----a-w- C:\Windows\System32\nvvsvc.exe
    2011-01-07 12:17:52 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2011-01-07 12:17:52 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
    2011-01-07 07:46:34 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2011-01-07 07:46:34 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2011-01-05 06:56:24 3129344 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 12:36:44,91 ===============
     
    TRiBaL,
    #3
  5. 2011/03/27
    TRiBaL

    TRiBaL Inactive Thread Starter

    Joined:
    2011/03/26
    Messages:
    14
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6173

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    26/3/2011 12:20:49
    mbam-log-2011-03-26 (12-20-49).txt

    Scan type: Quick scan
    Objects scanned: 163501
    Time elapsed: 1 minute(s), 2 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    TRiBaL,
    #4
  6. 2011/03/27
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    Admin.,
    #5
  7. 2011/03/27
    TRiBaL

    TRiBaL Inactive Thread Starter

    Joined:
    2011/03/26
    Messages:
    14
    Likes Received:
    0
    Ok thanks. What should i do now?
     
    TRiBaL,
    #6
  8. 2011/03/27
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    You wait....

    A Malware expert will have a look at your log in due course.
     
    Admin.,
    #7
  9. 2011/03/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================================

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #8
  10. 2011/03/27
    TRiBaL

    TRiBaL Inactive Thread Starter

    Joined:
    2011/03/26
    Messages:
    14
    Likes Received:
    0
    ComboFix 11-03-26.02 - A. K 27/03/2011 19:01:35.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1253.30.1033.18.4095.3072 [GMT 3:00]
    Running from: c:\users\A. K\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-27 to 2011-03-27 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-27 16:03 . 2011-03-27 16:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-03-27 15:40 . 2011-03-27 15:39 601424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2011-03-27 15:40 . 2011-03-27 15:39 601424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3A049B6D-B5DC-4200-A7B9-6DDF5AD9A9B5}\gapaengine.dll
    2011-03-27 15:40 . 2011-01-12 23:20 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-03-27 15:40 . 2011-03-14 19:17 8424784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73D4C132-5717-4C8B-917B-04D1CC749FD0}\mpengine.dll
    2011-03-27 15:39 . 2011-03-27 15:39 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B6EDB4E6-4F4A-4B8D-BC69-F1C1727F499A}\gapaengine.dll
    2011-03-27 15:31 . 2011-03-27 15:31 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2011-03-27 15:31 . 2011-03-27 15:31 -------- d-----w- c:\program files\Microsoft Security Client
    2011-03-27 15:14 . 2011-03-27 15:14 -------- d-----r- c:\program files (x86)\Skype
    2011-03-27 15:14 . 2011-03-27 15:14 -------- d-----w- c:\programdata\Skype
    2011-03-27 14:43 . 2011-03-27 14:36 15416 ----a-w- c:\windows\system32\drivers\Asacpi.sys
    2011-03-27 14:01 . 2011-03-27 14:02 -------- d-----w- c:\programdata\SecTaskMan
    2011-03-27 14:01 . 2011-03-27 14:01 -------- d-----w- c:\program files (x86)\Security Task Manager
    2011-03-27 08:41 . 2011-03-27 08:41 -------- d-----w- c:\program files (x86)\OCCT
    2011-03-27 08:11 . 2011-03-27 08:11 -------- d-----w- c:\program files (x86)\NirSoft
    2011-03-26 16:49 . 2011-03-26 06:54 -------- d-----w- c:\windows\Panther
    2011-03-26 10:19 . 2011-03-26 10:19 -------- d-----w- c:\programdata\Malwarebytes
    2011-03-26 10:18 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-26 09:09 . 2011-03-26 09:09 -------- d-----w- C:\symbols
    2011-03-26 09:07 . 2011-03-26 09:09 -------- d-----w- c:\program files\Debugging Tools for Windows (x64)
    2011-03-26 09:07 . 2011-03-26 09:07 -------- d-----w- c:\program files\Microsoft SDKs
    2011-03-26 08:42 . 2011-03-26 08:42 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-03-26 08:41 . 2011-03-26 08:41 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-03-26 08:41 . 2011-03-26 08:41 -------- d-----w- c:\program files (x86)\Java
    2011-03-26 08:41 . 2011-03-26 08:41 -------- d-----w- c:\windows\SysWow64\Adobe
    2011-03-26 08:41 . 2011-03-26 08:41 -------- d-----w- c:\windows\SysWow64\Macromed
    2011-03-26 08:39 . 2011-03-26 08:39 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    2011-03-26 08:38 . 2011-03-26 08:38 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
    2011-03-26 08:37 . 2011-03-26 08:50 -------- d-----w- c:\programdata\NOS
    2011-03-26 08:37 . 2011-03-26 08:37 -------- d-----w- c:\program files (x86)\NOS
    2011-03-26 08:16 . 2011-03-26 08:16 -------- d-----w- c:\program files (x86)\Microsoft ActiveSync
    2011-03-26 08:14 . 2011-03-26 08:14 -------- d-----r- C:\MSOCache
    2011-03-26 08:08 . 2011-03-26 08:13 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
    2011-03-26 08:07 . 2011-03-26 08:07 -------- d-----w- c:\program files (x86)\Microsoft
    2011-03-26 08:07 . 2011-03-26 08:07 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
    2011-03-26 08:07 . 2011-03-26 08:07 -------- d-----w- c:\program files (x86)\Windows Live
    2011-03-26 08:07 . 2011-03-26 08:07 -------- d-----w- c:\windows\PCHEALTH
    2011-03-26 07:52 . 2011-02-23 15:04 238968 ----a-w- c:\windows\system32\aswBoot.exe
    2011-03-26 07:52 . 2011-03-27 15:28 -------- d-----w- c:\programdata\AVAST Software
    2011-03-26 07:52 . 2011-03-26 07:52 -------- d-----w- c:\program files\AVAST Software
    2011-03-26 07:44 . 2011-03-26 07:44 -------- d-----w- c:\windows\system32\SPReview
    2011-03-26 07:44 . 2011-03-26 07:44 -------- d-----w- c:\windows\system32\EventProviders
    2011-03-26 07:42 . 2010-11-20 13:27 13312 ----a-w- c:\windows\system32\sscore.dll
    2011-03-26 07:31 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
    2011-03-26 07:31 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2011-03-26 07:31 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
    2011-03-26 07:31 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
    2011-03-26 07:31 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2011-03-26 07:14 . 2010-12-17 11:42 214016 ----a-w- c:\windows\system32\winsrv.dll
    2011-03-26 07:14 . 2011-01-05 10:34 612864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-26 07:14 . 2011-01-05 05:55 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-03-26 07:14 . 2011-01-07 12:14 46080 ----a-w- c:\windows\system32\atmlib.dll
    2011-03-26 07:14 . 2011-01-07 09:20 366592 ----a-w- c:\windows\system32\atmfd.dll
    2011-03-26 07:14 . 2011-01-07 07:45 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2011-03-26 07:14 . 2011-01-07 05:43 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
    2011-03-26 07:14 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
    2011-03-26 07:14 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
    2011-03-26 07:07 . 2011-03-26 07:07 419840 ----a-w- c:\windows\system32\wrap_oal.dll
    2011-03-26 07:06 . 2011-02-17 09:41 397088 ----a-w- c:\windows\system32\drivers\yk62x64.sys
    2011-03-26 07:03 . 2011-03-26 07:07 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
    2011-03-26 07:03 . 2010-11-05 21:45 438808 ----a-w- c:\windows\system32\drivers\iaStor.sys
    2011-03-26 07:02 . 2011-03-26 07:03 -------- d-----w- c:\program files (x86)\Intel
    2011-03-26 07:02 . 2011-02-28 06:09 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
    2011-03-26 07:02 . 2011-03-26 07:02 -------- d-----w- C:\Intel
    2011-03-26 06:54 . 2011-03-26 08:08 -------- d-----w- c:\users\A. K
    2011-03-26 06:54 . 2011-03-26 06:54 -------- d-----w- C:\Recovery
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-26 07:46 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-03-26 07:46 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-02-02 13:31 . 2011-02-02 13:31 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2011-02-02 13:31 . 2011-02-02 13:31 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2011-01-08 03:27 . 2009-07-13 21:59 7729256 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2011-01-07 18:49 . 2011-01-07 18:49 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
    2011-01-07 18:49 . 2011-01-07 18:49 6143080 ----a-w- c:\windows\system32\nvcpl.dll
    2011-01-07 18:49 . 2011-01-07 18:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll
    2011-01-07 18:48 . 2011-01-07 18:48 61032 ----a-w- c:\windows\system32\nvshext.dll
    2011-01-07 18:48 . 2011-01-07 18:48 117864 ----a-w- c:\windows\system32\nvmctray.dll
    2011-01-07 18:48 . 2011-01-07 18:48 1005160 ----a-w- c:\windows\system32\nvvsvc.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon "= "c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
    "SoundMAXPnP "= "c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
    "Adobe Reader Speed Launcher "= "c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "SunJavaUpdateSched "= "c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "= 0 (0x0)
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableLUA "= 0 (0x0)
    "EnableUIADesktopToggle "= 0 (0x0)
    "PromptOnSecureDesktop "= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux "=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @= "Service "
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MPFILTER
    *NewlyCreated* - MPNWMON
    *NewlyCreated* - NISDRV
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAX "= "c:\program files (x86)\Analog Devices\SoundMAX\soundmax.exe" [2009-05-18 3866624]
    "MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs "=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
    TCP: {9C992A31-0E2A-48DC-BBD4-6E13B183DCB4} = 192.168.1.254
    FF - ProfilePath - c:\users\A. K\AppData\Roaming\Mozilla\Firefox\Profiles\87u03pm2.default\
    FF - prefs.js: browser.startup.homepage - www.facebook.com
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
    FF - Ext: WebMail Notifier: {37fa1426-b82d-11db-8314-0800200c9a66} - %profile%\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
    FF - Ext: Password Exporter: {B17C1C5A-04B1-11DB-9804-B622A1EF5492} - %profile%\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-03-27 19:04:31
    ComboFix-quarantined-files.txt 2011-03-27 16:04
    .
    Pre-Run: 60.187.508.736 bytes free
    Post-Run: 60.099.981.312 bytes free
    .
    - - End Of File - - 08B6DF34A0E921FE59333C8A3E9AFBF3
     
    Last edited: 2011/03/27
    TRiBaL,
    #9
  11. 2011/03/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I don't see much there.

    blbdrive.sys file seems to be a safe file: http://www.runscanner.net/file/blbdrive.sys.html, but we'll double check.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    blbdrive.sys
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #10
  12. 2011/03/27
    TRiBaL

    TRiBaL Inactive Thread Starter

    Joined:
    2011/03/26
    Messages:
    14
    Likes Received:
    0
    OTL logfile created on: 27/3/2011 20:36:13 - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\A. Kandreviotis\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

    4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 71,00% Memory free
    8,00 Gb Paging File | 7,00 Gb Available in Paging File | 84,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 79,90 Gb Total Space | 56,03 Gb Free Space | 70,13% Space Free | Partition Type: NTFS

    Computer Name: HOME-PC | User Name: A. Kandreviotis | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/03/27 20:34:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\A. Kandreviotis\Desktop\OTL.exe
    PRC - [2011/03/20 02:27:07 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010/11/06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/03/27 20:34:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\A. Kandreviotis\Desktop\OTL.exe
    MOD - [2010/11/20 14:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/06/05 17:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
    SRV - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/03/27 17:36:30 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Asacpi.sys -- (MTsensor)
    DRV:64bit: - [2011/02/17 12:41:00 | 000,397,088 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2010/11/20 16:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 16:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 16:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2010/11/20 14:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/06 00:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 23:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/05 17:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-4271104471-1563031730-284074725-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "www.facebook.com "
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
    FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
    FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.7.6
    FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
    FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/26 11:34:23 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/26 11:41:58 | 000,000,000 | ---D | M]

    [2011/03/26 11:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A. Kandreviotis\AppData\Roaming\Mozilla\Extensions
    [2011/03/27 17:47:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A. Kandreviotis\AppData\Roaming\Mozilla\Firefox\Profiles\87u03pm2.default\extensions
    [2011/03/26 11:43:31 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\A. Kandreviotis\AppData\Roaming\Mozilla\Firefox\Profiles\87u03pm2.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
    [2011/03/26 11:44:04 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\A. Kandreviotis\AppData\Roaming\Mozilla\Firefox\Profiles\87u03pm2.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
    [2011/03/26 11:45:12 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\A. Kandreviotis\AppData\Roaming\Mozilla\Firefox\Profiles\87u03pm2.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
    [2011/03/26 11:42:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\A. Kandreviotis\AppData\Roaming\Mozilla\Firefox\Profiles\87u03pm2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2011/03/26 11:43:08 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\A. Kandreviotis\AppData\Roaming\Mozilla\Firefox\Profiles\87u03pm2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2011/03/26 11:36:07 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Users\A. Kandreviotis\AppData\Roaming\Mozilla\Firefox\Profiles\87u03pm2.default\extensions\nasanightlaunch@example.com
    [2011/03/27 17:12:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/03/26 11:41:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/03/26 11:41:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2009/06/11 00:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4271104471-1563031730-284074725-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4271104471-1563031730-284074725-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-4271104471-1563031730-284074725-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Error creating restore point.

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/27 20:34:22 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\A. Kandreviotis\Desktop\OTL.exe
    [2011/03/27 20:34:12 | 007,109,112 | ---- | C] (Uniblue Systems Ltd ) -- C:\Users\A. Kandreviotis\Desktop\cbrunscannerregistrybooster.exe
    [2011/03/27 20:16:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/03/27 19:04:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/03/27 19:01:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/03/27 19:01:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/03/27 19:01:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/03/27 19:00:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/03/27 19:00:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/03/27 18:59:17 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/03/27 18:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2011/03/27 18:31:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2011/03/27 18:14:54 | 000,000,000 | ---D | C] -- C:\Users\A. Kandreviotis\AppData\Roaming\Skype
    [2011/03/27 18:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2011/03/27 18:14:15 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
    [2011/03/27 18:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
    [2011/03/27 17:36:30 | 000,000,000 | ---D | C] -- C:\Users\A. Kandreviotis\Desktop\64bitAsacpi
    [2011/03/27 17:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
    [2011/03/27 17:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
    [2011/03/27 17:01:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
    [2011/03/27 12:08:10 | 000,000,000 | ---D | C] -- C:\Users\A. Kandreviotis\Documents\OCCT
    [2011/03/27 11:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OCCT
    [2011/03/27 11:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OCCT
    [2011/03/27 11:41:08 | 002,997,946 | ---- | C] (Tetedeiench ) -- C:\Users\A. Kandreviotis\Desktop\OCCTPT3.1.0.exe
    [2011/03/27 11:11:44 | 000,000,000 | ---D | C] -- C:\Users\A. Kandreviotis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
    [2011/03/27 11:11:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
    [2011/03/26 19:49:28 | 000,000,000 | ---D | C] -- C:\Windows\Panther
    [2011/03/26 14:33:34 | 000,945,272 | ---- | C] (Prevx) -- C:\Users\A. Kandreviotis\Desktop\prevxcsifree.exe
    [2011/03/26 14:27:20 | 000,000,000 | ---D | C] -- C:\Users\A. Kandreviotis\Desktop\p64v265
    [2011/03/26 13:19:05 | 000,000,000 | ---D | C] -- C:\Users\A. Kandreviotis\AppData\Roaming\Malwarebytes
    [2011/03/26 13:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/03/26 13:18:59 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/03/26 13:17:57 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\A. Kandreviotis\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/03/26 13:16:22 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\A. Kandreviotis\Desktop\TFC.exe
    [2011/03/26 12:09:42 | 000,000,000 | ---D | C] -- C:\symbols
    [2011/03/26 12:08:20 | 000,000,000 | ---D | C] -- C:\Users\A. Kandreviotis\Desktop\debugwiz
    [2011/03/26 12:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x64)
    [2011/03/26 12:07:37 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x64)
    [2011/03/26 12:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1
    [2011/03/26 12:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
    [2011/03/26 11:49:52 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2011/03/26 11:42:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2011/03/26 11:42:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2011/03/26 11:41:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2011/03/26 11:41:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
    [2011/03/26 11:41:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
    [2011/03/26 11:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
    [2011/03/26 11:38:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
    [2011/03/26 11:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
    [2011/03/26 11:38:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
    [2011/03/26 11:38:07 | 000,000,000 | ---D | C] -- C:\Users\A. Kandreviotis\AppData\Roaming\Macromedia
    [2011/03/26 11:38:07 | 000,000,000 | ---D | C] -- C:\Users\A. Kandreviotis\AppData\Roaming\Adobe
    [2011/03/26 11:38:07 | 000,000,000 | ---D | C] -- C:\Users\A. Kandreviotis\AppData\Local\Adobe
    [2011/03/26 11:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
    [2011/03/26 11:37:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NOS
    [2011/03/26 11:34:23 | 000,000,000 | ---D | C] -- C:\Users\A. Kandreviotis\AppData\Roaming\Mozilla
    [2011/03/26 11:34:23 | 000,000,000 | ---D | C] -- C:\Users\A. Kandreviotis\AppData\Local\Mozilla
    [2011/03/26 11:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
    [2011/03/26 11:34:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2011/03/26 11:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    [2011/03/26 11:16:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
    [2011/03/26 11:16:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
    [2011/03/26 11:15:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
    [2011/03/26 11:14:50 | 000,000,000 | R--D | C] -- C:\MSOCache
    [2011/03/26 11:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2011/03/26 11:08:12 | 000,000,000 | ---D | C] -- C:\Users\A. Kandreviotis\Tracing
    [2011/03/26 11:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
    [2011/03/26 11:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
    [2011/03/26 11:07:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
    [2011/03/26 11:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
    [2011/03/26 11:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
    [2011/03/26 11:07:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
    [2011/03/26 11:07:13 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
    [2011/03/26 11:06:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
    [2011/03/26 11:02:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
    [2011/03/26 10:52:43 | 000,238,968 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2011/03/26 10:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2011/03/26 10:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/03/26 10:44:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
    [2011/03/26 10:44:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
    [2011/03/26 10:43:17 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
    [2011/03/26 10:43:06 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
    [2011/03/26 10:27:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
    [2011/03/26 10:11:47 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2011/03/26 10:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    [2011/03/26 10:09:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
    [2011/03/26 10:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
    [2011/03/26 10:09:36 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
    [2011/03/26 10:09:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
    [2011/03/26 10:09:26 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
    [2011/03/26 10:09:26 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
    [2011/03/26 10:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
    [2011/03/26 10:09:04 | 000,000,000 | ---D | C] -- C:\NVIDIA
    [2011/03/26 10:07:51 | 001,828,352 | ---- | C] (Creative) -- C:\Windows\SysNative\adi_oal.dll
    [2011/03/26 10:07:51 | 001,503,232 | ---- | C] (Creative) -- C:\Windows\SysWow64\adi_oal.dll
    [2011/03/26 10:07:51 | 000,419,840 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2011/03/26 10:07:51 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
    [2011/03/26 10:07:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
    [2011/03/26 10:07:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
    [2011/03/26 10:07:48 | 000,062,464 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysWow64\SFFXComm.dll
    [2011/03/26 10:07:48 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundMAX
    [2011/03/26 10:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SonicFocus
    [2011/03/26 10:07:42 | 000,174,592 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFProc64.dll
    [2011/03/26 10:07:42 | 000,163,840 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFCTPL64.dll
    [2011/03/26 10:07:42 | 000,122,880 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFFXCPStr.dll
    [2011/03/26 10:07:42 | 000,078,848 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFSAPO64.dll
    [2011/03/26 10:07:42 | 000,078,336 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFHAPO64.dll
    [2011/03/26 10:07:42 | 000,069,120 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFComm64.dll
    [2011/03/26 10:07:42 | 000,059,392 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFMAPO64.dll
    [2011/03/26 10:07:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Analog Devices
    [2011/03/26 10:06:01 | 000,397,088 | ---- | C] (Marvell) -- C:\Windows\SysNative\drivers\yk62x64.sys
    [2011/03/26 10:04:53 | 000,000,000 | ---D | C] -- C:\Users\A. Kandreviotis\AppData\Roaming\Intel Corporation
    [2011/03/26 10:03:57 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
    [2011/03/26 10:03:28 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
    [2011/03/26 10:03:27 | 000,000,000 | ---D | C] -- C:\Users\A. Kandreviotis\AppData\Roaming\InstallShield
    [2011/03/26 10:02:09 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
    [2011/03/26 10:02:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
    [2011/03/26 10:02:03 | 000,000,000 | ---D | C] -- C:\Intel
    [2011/03/26 09:54:38 | 000,000,000 | R--D | C] -- C:\Users\A. Kandreviotis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2011/03/26 09:54:38 | 000,000,000 | R--D | C] -- C:\Users\A. Kandreviotis\Searches
    [2011/03/26 09:54:38 | 000,000,000 | R--D | C] -- C:\Users\A. Kandreviotis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2011/03/26 09:54:38 | 000,000,000 | -H-D | C] -- C:\Users\A. Kandreviotis\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2011/03/26 09:54:31 | 000,000,000 | ---D | C] -- C:\Users\A. Kandreviotis\AppData\Roaming\Identities
    [2011/03/26 09:54:30 | 000,000,000 | R--D | C] -- C:\Users\A. Kandreviotis\Contacts
    [2011/03/26 09:54:30 | 000,000,000 | ---D | C] -- C:\Users\A. Kandreviotis\AppData\Local\VirtualStore
    [2011/03/26 09:54:26 | 000,000,000 | --SD | C] -- C:\Users\A. Kandreviotis\AppData\Roaming\Microsoft
    [2011/03/26 09:54:26 | 000,000,000 | R--D | C] -- C:\Users\A. Kandreviotis\Videos
    [2011/03/26 09:54:26 | 000,000,000 | R--D | C] -- C:\Users\A. Kandreviotis\Saved Games
    [2011/03/26 09:54:26 | 000,000,000 | R--D | C] -- C:\Users\A. Kandreviotis\Pictures
    [2011/03/26 09:54:26 | 000,000,000 | R--D | C] -- C:\Users\A. Kandreviotis\Music
    [2011/03/26 09:54:26 | 000,000,000 | R--D | C] -- C:\Users\A. Kandreviotis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2011/03/26 09:54:26 | 000,000,000 | R--D | C] -- C:\Users\A. Kandreviotis\Links
    [2011/03/26 09:54:26 | 000,000,000 | R--D | C] -- C:\Users\A. Kandreviotis\Favorites
    [2011/03/26 09:54:26 | 000,000,000 | R--D | C] -- C:\Users\A. Kandreviotis\Downloads
    [2011/03/26 09:54:26 | 000,000,000 | R--D | C] -- C:\Users\A. Kandreviotis\My Documents
    [2011/03/26 09:54:26 | 000,000,000 | R--D | C] -- C:\Users\A. Kandreviotis\Desktop
    [2011/03/26 09:54:26 | 000,000,000 | R--D | C] -- C:\Users\A. Kandreviotis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2011/03/26 09:54:26 | 000,000,000 | -HSD | C] -- C:\Users\A. Kandreviotis\AppData\Local\Temporary Internet Files
    [2011/03/26 09:54:26 | 000,000,000 | -HSD | C] -- C:\Users\A. Kandreviotis\Templates
    [2011/03/26 09:54:26 | 000,000,000 | -HSD | C] -- C:\Users\A. Kandreviotis\Start Menu
    [2011/03/26 09:54:26 | 000,000,000 | -HSD | C] -- C:\Users\A. Kandreviotis\SendTo
    [2011/03/26 09:54:26 | 000,000,000 | -HSD | C] -- C:\Users\A. Kandreviotis\Recent
    [2011/03/26 09:54:26 | 000,000,000 | -HSD | C] -- C:\Users\A. Kandreviotis\PrintHood
    [2011/03/26 09:54:26 | 000,000,000 | -HSD | C] -- C:\Users\A. Kandreviotis\NetHood
    [2011/03/26 09:54:26 | 000,000,000 | -HSD | C] -- C:\Users\A. Kandreviotis\Documents\My Videos
    [2011/03/26 09:54:26 | 000,000,000 | -HSD | C] -- C:\Users\A. Kandreviotis\Documents\My Pictures
    [2011/03/26 09:54:26 | 000,000,000 | -HSD | C] -- C:\Users\A. Kandreviotis\Documents\My Music
    [2011/03/26 09:54:26 | 000,000,000 | -HSD | C] -- C:\Users\A. Kandreviotis\My Documents
    [2011/03/26 09:54:26 | 000,000,000 | -HSD | C] -- C:\Users\A. Kandreviotis\Local Settings
    [2011/03/26 09:54:26 | 000,000,000 | -HSD | C] -- C:\Users\A. Kandreviotis\AppData\Local\History
    [2011/03/26 09:54:26 | 000,000,000 | -HSD | C] -- C:\Users\A. Kandreviotis\Cookies
    [2011/03/26 09:54:26 | 000,000,000 | -HSD | C] -- C:\Users\A. Kandreviotis\Application Data
    [2011/03/26 09:54:26 | 000,000,000 | -HSD | C] -- C:\Users\A. Kandreviotis\AppData\Local\Application Data
    [2011/03/26 09:54:26 | 000,000,000 | -H-D | C] -- C:\Users\A. Kandreviotis\AppData
    [2011/03/26 09:54:26 | 000,000,000 | ---D | C] -- C:\Users\A. Kandreviotis\AppData\Local\Temp
    [2011/03/26 09:54:26 | 000,000,000 | ---D | C] -- C:\Users\A. Kandreviotis\AppData\Local\Microsoft
    [2011/03/26 09:54:26 | 000,000,000 | ---D | C] -- C:\Users\A. Kandreviotis\AppData\Roaming\Media Center Programs
    [2011/03/26 09:54:16 | 000,000,000 | ---D | C] -- C:\Recovery
    [2011/03/26 09:50:35 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
    [2011/03/26 09:50:15 | 000,000,000 | -HSD | C] -- C:\System Volume Information

    ========== Files - Modified Within 30 Days ==========

    [2011/03/27 20:34:53 | 007,109,112 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\A. Kandreviotis\Desktop\cbrunscannerregistrybooster.exe
    [2011/03/27 20:34:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\A. Kandreviotis\Desktop\OTL.exe
    [2011/03/27 20:25:35 | 000,014,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/03/27 20:25:35 | 000,014,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/03/27 20:20:36 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/03/27 20:20:36 | 000,617,910 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/03/27 20:20:36 | 000,107,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/03/27 20:16:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/03/27 20:15:56 | 3220,307,968 | -HS- | M] () -- C:\hiberfil.sys
    [2011/03/27 19:00:46 | 004,303,726 | R--- | M] () -- C:\Users\A. Kandreviotis\Desktop\ComboFix.exe
    [2011/03/27 18:31:31 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2011/03/27 18:31:25 | 000,734,810 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/03/27 18:14:19 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2011/03/27 17:36:30 | 000,015,416 | ---- | M] () -- C:\Windows\SysNative\drivers\Asacpi.sys
    [2011/03/27 17:36:12 | 000,008,341 | ---- | M] () -- C:\Users\A. Kandreviotis\Desktop\64bitAsacpi.zip
    [2011/03/27 17:00:55 | 002,057,568 | ---- | M] () -- C:\Users\A. Kandreviotis\Desktop\SecurityTaskManager_Setup.exe
    [2011/03/27 16:58:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2011/03/27 11:41:33 | 000,000,951 | ---- | M] () -- C:\Users\A. Kandreviotis\Desktop\OCCT.lnk
    [2011/03/27 11:41:19 | 002,997,946 | ---- | M] (Tetedeiench ) -- C:\Users\A. Kandreviotis\Desktop\OCCTPT3.1.0.exe
    [2011/03/27 11:11:19 | 000,127,718 | ---- | M] () -- C:\Users\A. Kandreviotis\Desktop\bluescreenview_setup.exe
    [2011/03/26 15:17:54 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2011/03/26 14:50:39 | 000,000,056 | ---- | M] () -- C:\Windows\wininit.ini
    [2011/03/26 14:33:52 | 000,945,272 | ---- | M] (Prevx) -- C:\Users\A. Kandreviotis\Desktop\prevxcsifree.exe
    [2011/03/26 13:34:43 | 000,625,664 | ---- | M] () -- C:\Users\A. Kandreviotis\Desktop\dds.scr
    [2011/03/26 13:33:31 | 000,080,384 | ---- | M] () -- C:\Users\A. Kandreviotis\Desktop\MBRCheck.exe
    [2011/03/26 13:21:33 | 000,301,568 | ---- | M] () -- C:\Users\A. Kandreviotis\Desktop\i0ct5yjt.exe
    [2011/03/26 13:18:25 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\A. Kandreviotis\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/03/26 13:16:25 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\A. Kandreviotis\Desktop\TFC.exe
    [2011/03/26 12:07:54 | 000,063,344 | ---- | M] () -- C:\Users\A. Kandreviotis\Desktop\debugwiz.zip
    [2011/03/26 11:49:48 | 369,864,345 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/03/26 11:46:17 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
    [2011/03/26 11:39:04 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
    [2011/03/26 11:34:21 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/03/26 11:32:47 | 000,285,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/03/26 11:16:23 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
    [2011/03/26 10:52:43 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2011/03/26 10:07:51 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2011/03/26 10:07:51 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
    [2011/03/26 09:52:27 | 000,041,962 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
    [2011/03/26 09:52:27 | 000,041,962 | ---- | M] () -- C:\Windows\SysNative\license.rtf
    [2011/02/28 09:09:40 | 000,053,248 | ---- | M] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll

    ========== Files Created - No Company Name ==========

    [2011/03/27 19:01:13 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/03/27 19:01:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/03/27 19:01:13 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/03/27 19:01:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/03/27 19:01:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/03/27 18:58:19 | 004,303,726 | R--- | C] () -- C:\Users\A. Kandreviotis\Desktop\ComboFix.exe
    [2011/03/27 18:31:25 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/03/27 18:31:23 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2011/03/27 18:30:26 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2011/03/27 18:14:19 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2011/03/27 17:43:37 | 000,015,416 | ---- | C] () -- C:\Windows\SysNative\drivers\Asacpi.sys
    [2011/03/27 17:36:11 | 000,008,341 | ---- | C] () -- C:\Users\A. Kandreviotis\Desktop\64bitAsacpi.zip
    [2011/03/27 17:00:51 | 002,057,568 | ---- | C] () -- C:\Users\A. Kandreviotis\Desktop\SecurityTaskManager_Setup.exe
    [2011/03/27 16:58:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2011/03/27 11:41:33 | 000,000,951 | ---- | C] () -- C:\Users\A. Kandreviotis\Desktop\OCCT.lnk
    [2011/03/27 11:11:18 | 000,127,718 | ---- | C] () -- C:\Users\A. Kandreviotis\Desktop\bluescreenview_setup.exe
    [2011/03/26 15:17:54 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2011/03/26 14:34:01 | 000,000,056 | ---- | C] () -- C:\Windows\wininit.ini
    [2011/03/26 13:34:35 | 000,625,664 | ---- | C] () -- C:\Users\A. Kandreviotis\Desktop\dds.scr
    [2011/03/26 13:33:30 | 000,080,384 | ---- | C] () -- C:\Users\A. Kandreviotis\Desktop\MBRCheck.exe
    [2011/03/26 13:21:31 | 000,301,568 | ---- | C] () -- C:\Users\A. Kandreviotis\Desktop\i0ct5yjt.exe
    [2011/03/26 12:07:54 | 000,063,344 | ---- | C] () -- C:\Users\A. Kandreviotis\Desktop\debugwiz.zip
    [2011/03/26 11:49:48 | 369,864,345 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/03/26 11:46:17 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2011/03/26 11:39:04 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2011/03/26 11:39:04 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
    [2011/03/26 11:34:21 | 000,001,939 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/03/26 11:16:23 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/03/26 10:52:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2011/03/26 10:43:42 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
    [2011/03/26 10:42:58 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
    [2011/03/26 10:42:54 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
    [2011/03/26 10:42:54 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
    [2011/03/26 10:42:50 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
    [2011/03/26 10:09:26 | 000,007,621 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
    [2011/03/26 09:54:26 | 000,000,290 | ---- | C] () -- C:\Users\A. Kandreviotis\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2011/03/26 09:54:26 | 000,000,272 | ---- | C] () -- C:\Users\A. Kandreviotis\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2011/03/26 09:50:15 | 3220,307,968 | -HS- | C] () -- C:\hiberfil.sys
    [2009/07/14 08:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 05:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/14 05:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/14 03:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/14 00:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/11 00:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== LOP Check ==========

    [2009/07/14 08:08:49 | 000,006,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/03/27 19:04:31 | 000,012,645 | ---- | M] () -- C:\ComboFix.txt
    [2011/03/26 12:09:57 | 000,021,584 | ---- | M] () -- C:\debuglog.txt
    [2011/03/27 20:15:56 | 3220,307,968 | -HS- | M] () -- C:\hiberfil.sys
    [2011/03/27 20:15:59 | 4293,746,688 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2009/07/14 08:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 08:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 08:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 08:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 23:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 07:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/07/14 07:49:38 | 000,000,146 | -HS- | M] () -- C:\Users\A. Kandreviotis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/03/27 11:11:19 | 000,127,718 | ---- | M] () -- C:\Users\A. Kandreviotis\Desktop\bluescreenview_setup.exe
    [2011/03/27 20:34:53 | 007,109,112 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\A. Kandreviotis\Desktop\cbrunscannerregistrybooster.exe
    [2011/03/27 19:00:46 | 004,303,726 | R--- | M] () -- C:\Users\A. Kandreviotis\Desktop\ComboFix.exe
    [2011/03/26 13:21:33 | 000,301,568 | ---- | M] () -- C:\Users\A. Kandreviotis\Desktop\i0ct5yjt.exe
    [2011/03/26 11:39:46 | 002,833,568 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\A. Kandreviotis\Desktop\install_flash_player.exe
    [2011/03/26 11:40:11 | 000,885,024 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\A. Kandreviotis\Desktop\jxpiinstall.exe
    [2011/03/26 13:18:25 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\A. Kandreviotis\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/03/26 13:33:31 | 000,080,384 | ---- | M] () -- C:\Users\A. Kandreviotis\Desktop\MBRCheck.exe
    [2011/03/27 18:27:40 | 009,920,304 | ---- | M] (Microsoft Corporation) -- C:\Users\A. Kandreviotis\Desktop\mseinstall.exe
    [2011/03/27 11:41:19 | 002,997,946 | ---- | M] (Tetedeiench ) -- C:\Users\A. Kandreviotis\Desktop\OCCTPT3.1.0.exe
    [2011/03/27 20:34:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\A. Kandreviotis\Desktop\OTL.exe
    [2011/03/26 14:33:52 | 000,945,272 | ---- | M] (Prevx) -- C:\Users\A. Kandreviotis\Desktop\prevxcsifree.exe
    [2011/03/27 17:00:55 | 002,057,568 | ---- | M] () -- C:\Users\A. Kandreviotis\Desktop\SecurityTaskManager_Setup.exe
    [2011/03/26 11:40:37 | 004,758,096 | ---- | M] (Adobe Systems Inc.) -- C:\Users\A. Kandreviotis\Desktop\Shockwave_Installer_Slim.exe
    [2011/03/26 13:16:25 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\A. Kandreviotis\Desktop\TFC.exe
    [2011/03/26 12:05:22 | 000,509,264 | ---- | M] (Microsoft Corporation) -- C:\Users\A. Kandreviotis\Desktop\winsdk_web.exe
    [2011/03/26 11:40:47 | 000,318,904 | ---- | M] (Microsoft Corporation) -- C:\Users\A. Kandreviotis\Desktop\wmpfirefoxplugin.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/11 00:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/03/26 10:49:48 | 000,000,402 | -HS- | M] () -- C:\Users\A. Kandreviotis\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < MD5 for: BLBDRIVE.SYS >
    [2009/07/14 02:35:59 | 000,045,056 | ---- | M] (Microsoft Corporation) MD5=61583EE3C3A17003C4ACD0475646B4D3 -- C:\Windows\SysNative\drivers\blbdrive.sys
    [2009/07/14 02:35:59 | 000,045,056 | ---- | M] (Microsoft Corporation) MD5=61583EE3C3A17003C4ACD0475646B4D3 -- C:\Windows\SysNative\DriverStore\FileRepository\blbdrive.inf_amd64_neutral_1aa816fe7dc98c3f\blbdrive.sys
    [2009/07/14 02:35:59 | 000,045,056 | ---- | M] (Microsoft Corporation) MD5=61583EE3C3A17003C4ACD0475646B4D3 -- C:\Windows\winsxs\amd64_blbdrive.inf_31bf3856ad364e35_6.1.7600.16385_none_e96898ffe0d97c7e\blbdrive.sys

    < End of report >
     
    TRiBaL,
    #11
  13. 2011/03/27
    TRiBaL

    TRiBaL Inactive Thread Starter

    Joined:
    2011/03/26
    Messages:
    14
    Likes Received:
    0
    OTL Extras logfile created on: 27/3/2011 20:36:13 - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\A. Kandreviotis\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

    4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 71,00% Memory free
    8,00 Gb Paging File | 7,00 Gb Available in Paging File | 84,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 79,90 Gb Total Space | 56,03 Gb Free Space | 70,13% Space Free | Partition Type: NTFS

    Computer Name: HOME-PC | User Name: A. Kandreviotis | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

    [HKEY_USERS\S-1-5-21-4271104471-1563031730-284074725-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
    htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 File not found
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
    https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 File not found
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
    htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
    http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
    https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
    "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
    "{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.2
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{901F0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Proofing Tools
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Host OpenAL (ADI)" = Host OpenAL (ADI)
    "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
    "NirSoft BlueScreenView" = NirSoft BlueScreenView
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OCCT_is1" = OCCT Perestroika 3.1.0
    "Security Task Manager" = Security Task Manager 1.8c
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 27/3/2011 11:30:26 | Computer Name = Home-PC | Source = Microsoft Security Client Setup | ID = 100
    Description = HRESULT:0x8004FF0A Description:Microsoft Security Essentials installation
    was canceled. You canceled the Security Essentials installation on your computer.
    Error code:0x8004FF0A.

    [ System Events ]
    Error - 26/3/2011 3:26:29 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7023
    Description = The Windows Modules Installer service terminated with the following
    error: %%16405

    Error - 26/3/2011 4:31:21 | Computer Name = Home-PC | Source = Microsoft-Windows-HAL | ID = 12
    Description = The platform firmware has corrupted memory across the previous system
    power transition. Please check for updated firmware for your system.

    Error - 26/3/2011 4:49:54 | Computer Name = Home-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 10:48:28 πμ on ?26/?3/?2011 was unexpected.

    Error - 26/3/2011 4:49:55 | Computer Name = Home-PC | Source = BugCheck | ID = 1001
    Description =

    Error - 27/3/2011 12:02:27 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 27/3/2011 12:03:37 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.


    < End of report >
     
    TRiBaL,
    #12
  14. 2011/03/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    What happened to Avast?

    That file in question is definitely legit and clean.

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #13
  15. 2011/03/28
    TRiBaL

    TRiBaL Inactive Thread Starter

    Joined:
    2011/03/26
    Messages:
    14
    Likes Received:
    0
    I removed avast and installed MSE. Hope it didn't interfere with our routine.


    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: A. Kandreviotis
    ->Temp folder emptied: 34122 bytes
    ->Temporary Internet Files folder emptied: 494764 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 102659660 bytes
    ->Flash cache emptied: 3079 bytes

    User: AB667~1~KAN
    ->Temp folder emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2414 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 98,00 mb


    [EMPTYFLASH]

    User: A. Kandreviotis
    ->Flash cache emptied: 0 bytes

    User: AB667~1~KAN

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 03282011_083026

    Files\Folders moved on Reboot...
    C:\Users\A. Kandreviotis\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
     
    TRiBaL,
    #14
  16. 2011/03/28
    TRiBaL

    TRiBaL Inactive Thread Starter

    Joined:
    2011/03/26
    Messages:
    14
    Likes Received:
    0
    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is disabled!)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Java(TM) 6 Update 24
    Out of date Java installed!
    Adobe Flash Player 10.2.153.1
    Adobe Reader X (10.0.1)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    Microsoft Security Client Antimalware NisSrv.exe
    ``````````End of Log````````````
     
    TRiBaL,
    #15
  17. 2011/03/28
    TRiBaL

    TRiBaL Inactive Thread Starter

    Joined:
    2011/03/26
    Messages:
    14
    Likes Received:
    0
    ESET:

    C:\Users\A. Kandreviotis\Desktop\cbrunscannerregistrybooster.exe Win32/RegistryBooster application
     
    TRiBaL,
    #16
  18. 2011/03/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    ...and Eset scan....
     
    broni,
    #17
  19. 2011/04/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL

:Services

:Reg

:Files
C:\Users\A. Kandreviotis\Desktop\cbrunscannerregistrybooster.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================

    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
    broni,
    #18
  20. 2011/04/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    The issue seems to be resolved.
     
    broni,
    #19

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...