1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Google redirect

Discussion in 'Malware and Virus Removal Archive' started by trae, 2011/02/04.

Page 1 of 2
  1. 2011/02/04
    trae

    trae Inactive Thread Starter

    Joined:
    2011/02/04
    Messages:
    18
    Likes Received:
    0
    [Resolved] Google redirect

    I am having a really tuff time even getting to this page as the redirect virus either blocks me or stops the page from completely loading. I have read the before you post rules and have copied all the logs you demand except the GMER which has no file to log. If I have done anything wrong.....please let me know and I will try my best to comply. Everytime I think I have gotten rid of this pest it seems to come back. The only change I did was tourn the Avast back on.
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5363

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    2/4/2011 5:09:34 PM
    mbam-log-2011-02-04 (17-09-34).txt

    Scan type: Quick scan
    Objects scanned: 155844
    Time elapsed: 1 minute(s), 50 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: eMachines
    BIOS Manufacturer: American Megatrends, Inc.
    System Manufacturer: eMachines
    System Product Name: EL1352G
    Logical Drives Mask: 0x0001003c

    Kernel Drivers (total 154):
    0x02A4F000 \SystemRoot\system32\ntoskrnl.exe
    0x02A06000 \SystemRoot\system32\hal.dll
    0x00BBD000 \SystemRoot\system32\kdcom.dll
    0x00C07000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00C14000 \SystemRoot\system32\PSHED.dll
    0x00C28000 \SystemRoot\system32\CLFS.SYS
    0x00C86000 \SystemRoot\system32\CI.dll
    0x00D46000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00DEA000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00EA7000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00EFE000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00F07000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00F11000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00F44000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00F51000 \SystemRoot\System32\drivers\partmgr.sys
    0x00F66000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00F7B000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00FD7000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x00FDE000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00E00000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00E1A000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x00E23000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x00E4D000 \SystemRoot\system32\DRIVERS\nvstor64.sys
    0x01041000 \SystemRoot\system32\DRIVERS\storport.sys
    0x010A3000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x010AE000 \SystemRoot\system32\drivers\fltmgr.sys
    0x010FA000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01226000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0110E000 \SystemRoot\System32\Drivers\msrpc.sys
    0x013C9000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x0116C000 \SystemRoot\System32\Drivers\cng.sys
    0x013E3000 \SystemRoot\System32\drivers\pcw.sys
    0x013F4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x01488000 \SystemRoot\system32\drivers\ndis.sys
    0x0157A000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01603000 \SystemRoot\System32\drivers\tcpip.sys
    0x0142B000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01890000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x018DC000 \SystemRoot\System32\Drivers\spldr.sys
    0x018E4000 \SystemRoot\System32\drivers\rdyboost.sys
    0x0191E000 \SystemRoot\System32\Drivers\mup.sys
    0x01930000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01939000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01973000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01989000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x019C7000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x019F1000 \SystemRoot\System32\Drivers\Null.SYS
    0x01800000 \SystemRoot\System32\Drivers\Beep.SYS
    0x01807000 \SystemRoot\System32\drivers\vga.sys
    0x01815000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x0183A000 \SystemRoot\System32\drivers\watchdog.sys
    0x0184A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x01853000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x0185C000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x01865000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x01870000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x015DA000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x01881000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x01475000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x03653000 \SystemRoot\system32\drivers\afd.sys
    0x036DD000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x036E7000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x0372C000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x03735000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x0375B000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x03771000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x03780000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x0379B000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x037AF000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x03600000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x0360C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03617000 \SystemRoot\System32\drivers\discache.sys
    0x03626000 \SystemRoot\System32\Drivers\dfsc.sys
    0x01200000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x03ADE000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x03B27000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x03B4D000 \SystemRoot\system32\DRIVERS\amdppm.sys
    0x03B62000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x03B80000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x03B8F000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x03B9E000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x03BA9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x03A00000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03A11000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x03A35000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
    0x0F0E5000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x0FDFC000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x03C65000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x03D59000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x03D9F000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x03DA8000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x03DB8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x03DCE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x03DF2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x03C00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x03C2F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x0F000000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x03C4A000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x03DFE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x0F021000 \SystemRoot\system32\DRIVERS\ks.sys
    0x0F064000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x0F076000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x0F0D0000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x040EF000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x04318000 \SystemRoot\system32\drivers\portcls.sys
    0x04355000 \SystemRoot\system32\drivers\drmk.sys
    0x04377000 \SystemRoot\system32\drivers\ksthunk.sys
    0x0438B000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x04399000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x043B2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x043BB000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x043BD000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x043CA000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x000C0000 \SystemRoot\System32\win32k.sys
    0x043E5000 \SystemRoot\System32\drivers\Dxapi.sys
    0x043F1000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00590000 \SystemRoot\System32\TSDDD.dll
    0x00670000 \SystemRoot\System32\cdd.dll
    0x02288000 \SystemRoot\system32\DRIVERS\netr28ux.sys
    0x02382000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x0238F000 \SystemRoot\system32\drivers\luafv.sys
    0x023B2000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x023EC000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x023F5000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
    0x02200000 \SystemRoot\system32\drivers\WudfPf.sys
    0x02221000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x04000000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x02236000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x02249000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x02261000 \SystemRoot\system32\DRIVERS\vwifimp.sys
    0x03E80000 \SystemRoot\system32\drivers\HTTP.sys
    0x03F48000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x03F66000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x03F7E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x03FAB000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x03E00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x05671000 \SystemRoot\system32\drivers\peauth.sys
    0x05717000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x05722000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
    0x05600000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
    0x03E23000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x0564D000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x04053000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x0565F000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
    0x05A38000 \SystemRoot\System32\DRIVERS\srv.sys
    0x05AD0000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x76D00000 \Windows\System32\ntdll.dll
    0x47FB0000 \Windows\System32\smss.exe
    0xFF020000 \Windows\System32\apisetschema.dll
    0xFF200000 \Windows\System32\autochk.exe
    0xFEF70000 \Windows\System32\msvcrt.dll
    0xFEEA0000 \Windows\System32\usp10.dll
    0xFEE20000 \Windows\System32\difxapi.dll

    Processes (total 60):
    0 System Idle Process
    4 System
    268 C:\Windows\System32\smss.exe
    392 csrss.exe
    448 C:\Windows\System32\wininit.exe
    460 csrss.exe
    508 C:\Windows\System32\services.exe
    520 C:\Windows\System32\lsass.exe
    528 C:\Windows\System32\lsm.exe
    564 C:\Windows\System32\winlogon.exe
    696 C:\Windows\System32\svchost.exe
    768 C:\Windows\System32\nvvsvc.exe
    796 C:\Windows\System32\svchost.exe
    860 C:\Windows\System32\svchost.exe
    948 C:\Windows\System32\svchost.exe
    1000 C:\Windows\System32\svchost.exe
    404 C:\Windows\System32\audiodg.exe
    324 C:\Windows\System32\svchost.exe
    1096 C:\Windows\System32\svchost.exe
    1124 C:\Windows\System32\nvvsvc.exe
    1232 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1536 C:\Windows\System32\spoolsv.exe
    1572 C:\Windows\System32\svchost.exe
    1660 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    1724 C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
    1972 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    2024 C:\Windows\System32\svchost.exe
    812 C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
    1648 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    1056 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    2284 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    2428 WUDFHost.exe
    2824 C:\Windows\System32\taskhost.exe
    2848 C:\Windows\System32\taskeng.exe
    2904 C:\Windows\System32\dwm.exe
    2924 C:\Windows\explorer.exe
    2208 C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
    2520 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    2500 C:\Program Files\Windows Sidebar\sidebar.exe
    2972 C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
    1640 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    3220 C:\Windows\System32\svchost.exe
    3368 C:\Windows\System32\SearchIndexer.exe
    3496 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4024 C:\Windows\System32\svchost.exe
    3184 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe
    2536 C:\Windows\System32\svchost.exe
    3508 C:\Windows\System32\svchost.exe
    4140 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    4108 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    4404 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    412 C:\Windows\System32\taskeng.exe
    2148 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    4732 C:\Windows\System32\SearchProtocolHost.exe
    3600 C:\Windows\System32\SearchFilterHost.exe
    2544 C:\Windows\SysWOW64\dllhost.exe
    3140 C:\Windows\System32\SearchProtocolHost.exe
    2328 C:\Users\T-Rae\Desktop\MBRCheck.exe
    2212 C:\Windows\System32\conhost.exe
    4576 <unknown>

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000004`06500000 (NTFS)
    \\.\Q: --> error 5

    PhysicalDrive0 Model Number: HitachiHDS721050CLA, Rev: JP2O

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!



    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by T-Rae at 16:52:58.27 on Fri 02/04/2011
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1791.879 [GMT -6:00]

    AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\T-Rae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AH38ZMGT\dds[1].scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352g&r=17361210m103p0424v195r4771t24q
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-12-26 273488]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-12-26 20560]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-12-26 62032]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-20 40384]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
    R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-3 483688]
    R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-6-7 243232]
    R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr28ux.sys [2010-12-21 987648]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-3 721768]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-3 269672]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-3 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-3 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-3 209768]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-21 135664]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

    =============== Created Last 30 ================

    2011-02-04 22:01:56 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-02-04 20:48:55 -------- d-----w- C:\Users\T-Rae\AppData\Roaming\IObit
    2011-02-04 20:48:55 -------- d-----w- C:\Program Files (x86)\IObit
    2011-02-04 20:14:16 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-02-04 20:11:09 -------- d-----w- C:\Users\T-Rae\AppData\Roaming\Malwarebytes
    2011-02-04 20:11:04 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-02-04 20:11:04 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-02-04 20:11:01 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-02-04 20:11:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-02-04 19:47:47 98816 ----a-w- C:\Windows\sed.exe
    2011-02-04 19:47:47 89088 ----a-w- C:\Windows\MBR.exe
    2011-02-04 19:47:47 256512 ----a-w- C:\Windows\PEV.exe
    2011-02-04 19:47:47 161792 ----a-w- C:\Windows\SWREG.exe
    2011-02-04 19:40:44 -------- d-----w- C:\Program Files\CCleaner

    ==================== Find3M ====================

    2011-01-13 08:47:35 38848 ----a-w- C:\Windows\avastSS.scr
    2011-01-13 08:37:23 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

    ============= FINISH: 16:53:15.54 ===============



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/21/2010 11:02:56 AM
    System Uptime: 2/4/2011 4:14:21 PM (0 hours ago)

    Motherboard: eMachines | | EL1352G
    Processor: AMD Sempron(tm) 145 Processor | CPU 1 | 2800/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 450 GiB total, 423.973 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: Microsoft PS/2 Mouse
    Device ID: ACPI\PNP0F03\4&5532EA8&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2 Mouse
    PNP Device ID: ACPI\PNP0F03\4&5532EA8&0
    Service: i8042prt

    ==== System Restore Points ===================

    RP1: 12/21/2010 3:11:17 PM - Scheduled Checkpoint
    RP2: 12/21/2010 4:12:14 PM - Windows Backup
    RP3: 12/21/2010 5:25:38 PM - Removed Norton Online Backup
    RP4: 12/26/2010 12:50:10 PM - avast! Free Antivirus Setup
    RP5: 12/27/2010 11:38:32 AM - Windows Backup
    RP6: 1/3/2011 10:57:59 AM - Windows Backup
    RP7: 1/9/2011 7:00:13 PM - Windows Backup
    RP8: 1/18/2011 1:01:49 PM - Windows Backup
    RP9: 1/23/2011 7:00:08 PM - Windows Backup
    RP10: 1/31/2011 11:36:55 AM - Windows Backup
    RP11: 2/4/2011 12:02:02 PM - Windows Backup
    RP12: 2/4/2011 2:49:28 PM - Advanced SystemCare RestorePoint
    RP13: 2/4/2011 3:52:16 PM - OTL Restore Point
    RP14: 2/4/2011 4:01:27 PM - Installed Java(TM) 6 Update 23

    ==== Installed Programs ======================

    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.1 MUI
    Advanced SystemCare 3
    Advertising Center
    avast! Free Antivirus
    Bejeweled 2 Deluxe
    Blackhawk Striker 2
    Bob the Builder Can-Do-Zoo
    Build-a-lot 2
    CyberLink PowerDVD 9
    eBay Worldwide
    eMachines Game Console
    eMachines Games
    eMachines Recovery Management
    eMachines Registration
    eMachines ScreenSaver
    eMachines Updater
    Escape Rosecliff Island
    Faerie Solitaire
    FATE - The Traitor Soul
    Google Update Helper
    Hotkey Utility
    Identity Card
    ImagXpress
    Java Auto Updater
    Java(TM) 6 Update 23
    Jewel Quest Solitaire 3
    Junk Mail filter update
    Malwarebytes' Anti-Malware
    Microsoft Choice Guard
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Monopoly
    MSVCRT
    Mystery P.I. - Lost in Los Angeles
    Nero 9 Essentials
    Nero ControlCenter
    Nero DiscSpeed
    Nero DiscSpeed Help
    Nero DriveSpeed
    Nero DriveSpeed Help
    Nero Express Help
    Nero InfoTool
    Nero InfoTool Help
    Nero Installer
    Nero Online Upgrade
    Nero StartSmart
    Nero StartSmart Help
    Nero StartSmart OEM
    NeroExpress
    neroxml
    NVIDIA ForceWare Network Access Manager
    Penguins!
    Plants vs. Zombies
    Polar Bowler
    Polar Golfer
    Realtek High Definition Audio Driver
    Scrabble Plus
    The Price is Right
    Virtual Families
    Virtual Villagers - A New Home
    Welcome Center
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Yahtzee
    Zuma Deluxe

    ==== Event Viewer Messages From Past Week ========

    2/4/2011 4:49:05 PM, Error: nvstor64 [3] - Data error on device. Device: \Device\RaidPort0 Model: Hitachi HDS721050CLA362 Firmware Version: JP2O Serial Number: JP1540HA35T9DH Port: 0
    2/4/2011 4:14:30 PM, Error: volmgr [46] - Crash dump initialization failed!
    2/4/2011 1:51:41 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    ==== End Of File ===========================
    :eek:
     
    trae,
    #1
  2. 2011/02/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================================================

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #2


  3. to hide this advert.

  4. 2011/02/05
    trae

    trae Inactive Thread Starter

    Joined:
    2011/02/04
    Messages:
    18
    Likes Received:
    0
    Here is the logs you told me to get. I had a really tuff time getting the rkill from bleeping computer because I was being blocked by the virus.
    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 02/05/2011 at 17:53:15.
    Operating System: Windows 7 Home Premium


    Processes terminated by Rkill or while it was running:

    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\runonce.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\runonce.exe


    Rkill completed on 02/05/2011 at 17:53:21.

    ComboFix 11-02-05.01 - T-Rae 02/05/2011 17:46:12.2.1 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1791.1138 [GMT -6:00]
    Running from: c:\users\T-Rae\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2011-01-05 to 2011-02-05 )))))))))))))))))))))))))))))))
    .

    2011-02-05 23:49 . 2011-02-05 23:49 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-04 22:02 . 2011-02-04 22:02 -------- d-----w- c:\windows\Sun
    2011-02-04 22:02 . 2011-02-04 22:02 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-02-04 22:01 . 2011-02-04 22:01 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-02-04 22:01 . 2011-02-04 22:01 -------- d-----w- c:\program files (x86)\Java
    2011-02-04 20:48 . 2011-02-04 20:48 -------- d-----w- c:\users\T-Rae\AppData\Roaming\IObit
    2011-02-04 20:48 . 2011-02-04 20:48 -------- d-----w- c:\program files (x86)\IObit
    2011-02-04 20:11 . 2011-02-04 20:11 -------- d-----w- c:\users\T-Rae\AppData\Roaming\Malwarebytes
    2011-02-04 20:11 . 2011-02-04 20:11 -------- d-----w- c:\programdata\Malwarebytes
    2011-02-04 20:11 . 2010-12-21 00:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-02-04 20:11 . 2011-02-04 20:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-02-04 20:11 . 2010-12-21 00:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-04 19:40 . 2011-02-04 19:40 -------- d-----w- c:\program files\CCleaner
    2011-01-20 20:43 . 2011-01-13 08:47 237168 ----a-w- c:\windows\system32\aswBoot.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-13 08:47 . 2010-12-26 18:50 38848 ----a-w- c:\windows\avastSS.scr
    2011-01-13 08:47 . 2010-12-26 18:50 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-01-13 08:41 . 2010-12-26 18:50 273488 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-01-13 08:40 . 2010-12-26 18:50 51792 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-01-13 08:37 . 2010-12-26 18:50 29264 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-01-13 08:37 . 2010-12-26 18:50 62032 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-01-13 08:37 . 2010-12-26 18:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    .

    ((((((((((((((((((((((((((((( SnapShot@2011-02-04_19.51.44 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-02-05 03:20 . 2011-02-05 03:20 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    - 2011-02-04 17:54 . 2011-02-04 17:54 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    - 2009-07-14 04:54 . 2011-02-04 17:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-02-05 15:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-02-04 17:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-02-05 15:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-02-05 15:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2011-02-04 17:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-06-07 17:12 . 2011-02-05 15:21 27948 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-02-05 15:21 37834 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-12-21 23:24 . 2011-02-05 15:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-12-21 23:24 . 2011-02-04 17:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-12-21 23:24 . 2011-02-05 15:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-12-21 23:24 . 2011-02-04 17:55 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-12-21 23:24 . 2011-02-04 17:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-12-21 23:24 . 2011-02-05 15:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-12-21 17:03 . 2011-02-05 15:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-12-21 17:03 . 2011-02-04 17:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-12-21 17:03 . 2011-02-04 17:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-12-21 17:03 . 2011-02-05 15:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-12-21 17:04 . 2011-02-05 15:21 5164 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1562301765-265582376-3443441864-1000_UserData.bin
    - 2011-02-04 17:55 . 2011-02-04 17:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-02-05 15:19 . 2011-02-05 15:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-02-05 15:19 . 2011-02-05 15:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-02-04 17:55 . 2011-02-04 17:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-02-04 22:01 . 2011-02-04 22:01 157472 c:\windows\SysWOW64\javaws.exe
    + 2011-02-04 22:01 . 2011-02-04 22:01 145184 c:\windows\SysWOW64\javaw.exe
    + 2011-02-04 22:01 . 2011-02-04 22:01 145184 c:\windows\SysWOW64\java.exe
    + 2010-12-21 23:59 . 2011-02-05 23:27 200758 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
    + 2009-07-14 02:36 . 2011-02-05 15:23 615566 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2011-02-04 17:59 615566 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2011-02-04 17:59 103682 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2011-02-05 15:23 103682 c:\windows\system32\perfc009.dat
    + 2011-02-04 22:02 . 2011-02-04 22:02 183808 c:\windows\Installer\1fb574.msi
    + 2011-02-04 22:01 . 2011-02-04 22:01 12604928 c:\windows\Installer\1fb56e.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher "= "c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
    "Hotkey Utility "= "c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2010-05-06 609312]
    "SunJavaUpdateSched "= "c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "= 5 (0x5)
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableUIADesktopToggle "= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux "=wdmaud.drv

    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-21 135664]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 62032]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
    S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
    S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]
    S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2009-08-05 987648]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 721768]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 269672]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-05 c:\windows\Tasks\AWC Startup.job
    - c:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2011-02-04 22:19]

    2011-02-05 c:\windows\Tasks\eMachines Registration Reminder.job
    - c:\program files (x86)\eMachines\Registration\GREG.exe [2009-08-28 09:40]

    2011-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-21 23:35]

    2011-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-21 23:35]
    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352g&r=17361210m103p0424v195r4771t24q
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @= "c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Shockwave Flash Object "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx "
    "ThreadingModel "= "Apartment "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "ShockwaveFlash.ShockwaveFlash.10 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "ShockwaveFlash.ShockwaveFlash "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Macromedia Flash Factory Object "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx "
    "ThreadingModel "= "Apartment "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "FlashFactory.FlashFactory.1 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "FlashFactory.FlashFactory "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker3 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-02-05 17:50:55
    ComboFix-quarantined-files.txt 2011-02-05 23:50
    ComboFix2.txt 2011-02-04 19:53

    Pre-Run: 455,065,456,640 bytes free
    Post-Run: 454,787,948,544 bytes free

    - - End Of File - - 9B30C3BDCA2171CE669ADB5F4A7E69C7
    I am still having problems with the redirect and even opening this website. I have to try and open about a dozen times before it actually does open. Thanks
     
    trae,
    #3
  5. 2011/02/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I can see, you run Combofix yesterday.
    Navigate to C:\Qoobox and post ComboFix2.txt log.

    Which browser is being affected?
     
    broni,
    #4
  6. 2011/02/05
    trae

    trae Inactive Thread Starter

    Joined:
    2011/02/04
    Messages:
    18
    Likes Received:
    0
    ok...here is the log you asked for. The browser being affected is internet explorer. I was unaware (being a novice) that there was another browser on this machine. It took me about 15 minutes to get to this page because the bug is blocking my access to this website. Only after several attempts does it let me in.
    ComboFix 11-01-31.02 - T-Rae 02/04/2011 13:48:29.1.1 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1791.1131 [GMT -6:00]
    Running from: c:\users\T-Rae\Downloads\ComboFix123.exe
    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2011-01-04 to 2011-02-04 )))))))))))))))))))))))))))))))
    .

    2011-02-04 19:51 . 2011-02-04 19:51 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-04 19:40 . 2011-02-04 19:40 -------- d-----w- c:\program files\CCleaner
    2011-01-20 20:43 . 2011-01-13 08:47 237168 ----a-w- c:\windows\system32\aswBoot.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-13 08:47 . 2010-12-26 18:50 38848 ----a-w- c:\windows\avastSS.scr
    2011-01-13 08:47 . 2010-12-26 18:50 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-01-13 08:41 . 2010-12-26 18:50 273488 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-01-13 08:40 . 2010-12-26 18:50 51792 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-01-13 08:37 . 2010-12-26 18:50 29264 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-01-13 08:37 . 2010-12-26 18:50 62032 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-01-13 08:37 . 2010-12-26 18:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
    2010-06-07 17:23 433648 ----a-w- c:\programdata\Partner\Partner.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "swg "= "c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-07 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher "= "c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
    "Hotkey Utility "= "c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2010-05-06 609312]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "= 5 (0x5)
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableUIADesktopToggle "= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux "=wdmaud.drv

    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-21 135664]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-06-07 332272]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 62032]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
    S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
    S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]
    S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2009-08-05 987648]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 721768]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 269672]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-04 c:\windows\Tasks\eMachines Registration Reminder.job
    - c:\program files (x86)\eMachines\Registration\GREG.exe [2009-08-28 09:40]

    2011-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-21 23:35]

    2011-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-21 23:35]
    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
    2010-06-07 17:23 750064 ----a-w- c:\programdata\Partner\Partner64.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs "=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352g&r=17361210m103p0424v195r4771t24q
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @= "c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Shockwave Flash Object "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx "
    "ThreadingModel "= "Apartment "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "ShockwaveFlash.ShockwaveFlash.10 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "ShockwaveFlash.ShockwaveFlash "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Macromedia Flash Factory Object "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx "
    "ThreadingModel "= "Apartment "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "FlashFactory.FlashFactory.1 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "FlashFactory.FlashFactory "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker3 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-02-04 13:53:09
    ComboFix-quarantined-files.txt 2011-02-04 19:53

    Pre-Run: 456,207,040,512 bytes free
    Post-Run: 456,100,175,872 bytes free

    - - End Of File - - E8174647CDE922AB3AB885035DA45425
     
    trae,
    #5
  7. 2011/02/05
    trae

    trae Inactive Thread Starter

    Joined:
    2011/02/04
    Messages:
    18
    Likes Received:
    0
    Forgot to mention it will not let me update windows defender also. Not sure if that is relevant or not. Thanks
     
    trae,
    #6
  8. 2011/02/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
    broni,
    #7
  9. 2011/02/05
    trae

    trae Inactive Thread Starter

    Joined:
    2011/02/04
    Messages:
    18
    Likes Received:
    0
    2011/02/05 19:28:55.0317 3904 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
    2011/02/05 19:28:55.0551 3904 ================================================================================
    2011/02/05 19:28:55.0551 3904 SystemInfo:
    2011/02/05 19:28:55.0551 3904
    2011/02/05 19:28:55.0551 3904 OS Version: 6.1.7600 ServicePack: 0.0
    2011/02/05 19:28:55.0551 3904 Product type: Workstation
    2011/02/05 19:28:55.0551 3904 ComputerName: T-RAE-PC
    2011/02/05 19:28:55.0551 3904 UserName: T-Rae
    2011/02/05 19:28:55.0551 3904 Windows directory: C:\Windows
    2011/02/05 19:28:55.0551 3904 System windows directory: C:\Windows
    2011/02/05 19:28:55.0551 3904 Running under WOW64
    2011/02/05 19:28:55.0551 3904 Processor architecture: Intel x64
    2011/02/05 19:28:55.0551 3904 Number of processors: 1
    2011/02/05 19:28:55.0551 3904 Page size: 0x1000
    2011/02/05 19:28:55.0551 3904 Boot type: Normal boot
    2011/02/05 19:28:55.0551 3904 ================================================================================
    2011/02/05 19:28:55.0754 3904 Initialize success
    2011/02/05 19:28:57.0439 3196 ================================================================================
    2011/02/05 19:28:57.0439 3196 Scan started
    2011/02/05 19:28:57.0439 3196 Mode: Manual;
    2011/02/05 19:28:57.0439 3196 ================================================================================
    2011/02/05 19:28:57.0829 3196 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/02/05 19:28:57.0860 3196 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/02/05 19:28:57.0922 3196 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/02/05 19:28:57.0969 3196 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/02/05 19:28:58.0031 3196 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/02/05 19:28:58.0078 3196 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/02/05 19:28:58.0187 3196 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
    2011/02/05 19:28:58.0312 3196 AGERESoftModem (2173e070647ac68c16b8214fe5c05ec3) C:\Windows\system32\DRIVERS\agrsm64.sys
    2011/02/05 19:28:58.0406 3196 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    2011/02/05 19:28:58.0546 3196 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    2011/02/05 19:28:58.0577 3196 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    2011/02/05 19:28:58.0671 3196 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/02/05 19:28:58.0796 3196 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/02/05 19:28:58.0874 3196 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/02/05 19:28:58.0921 3196 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/02/05 19:28:58.0999 3196 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/02/05 19:28:59.0045 3196 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    2011/02/05 19:28:59.0155 3196 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/02/05 19:28:59.0186 3196 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/02/05 19:28:59.0279 3196 aswFsBlk (6923740db573b46fdda13e1df412c577) C:\Windows\system32\drivers\aswFsBlk.sys
    2011/02/05 19:28:59.0404 3196 aswMonFlt (de001b988b58bfd453f667842655b22e) C:\Windows\system32\drivers\aswMonFlt.sys
    2011/02/05 19:28:59.0451 3196 aswRdr (e0d1002d7fa65dd023788b17f714e682) C:\Windows\system32\drivers\aswRdr.sys
    2011/02/05 19:28:59.0545 3196 aswSP (c3eafdc0f533425614430a112ba71e9a) C:\Windows\system32\drivers\aswSP.sys
    2011/02/05 19:28:59.0591 3196 aswTdi (0226ffbc420d8fb67ba3b9dbdd1f2dca) C:\Windows\system32\drivers\aswTdi.sys
    2011/02/05 19:28:59.0701 3196 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/02/05 19:28:59.0732 3196 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    2011/02/05 19:28:59.0857 3196 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/02/05 19:28:59.0966 3196 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/02/05 19:29:00.0106 3196 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/02/05 19:29:00.0231 3196 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/02/05 19:29:00.0262 3196 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    2011/02/05 19:29:00.0356 3196 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/02/05 19:29:00.0403 3196 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/02/05 19:29:00.0434 3196 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/02/05 19:29:00.0465 3196 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/02/05 19:29:00.0496 3196 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/02/05 19:29:00.0512 3196 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/02/05 19:29:00.0543 3196 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/02/05 19:29:00.0590 3196 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/02/05 19:29:00.0699 3196 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/02/05 19:29:00.0808 3196 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/02/05 19:29:00.0871 3196 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/02/05 19:29:00.0995 3196 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/02/05 19:29:01.0027 3196 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/02/05 19:29:01.0073 3196 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    2011/02/05 19:29:01.0167 3196 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/02/05 19:29:01.0261 3196 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/02/05 19:29:01.0307 3196 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/02/05 19:29:01.0432 3196 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
    2011/02/05 19:29:01.0479 3196 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/02/05 19:29:01.0557 3196 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/02/05 19:29:01.0682 3196 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/02/05 19:29:01.0760 3196 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/02/05 19:29:01.0916 3196 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/02/05 19:29:02.0041 3196 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/02/05 19:29:02.0103 3196 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    2011/02/05 19:29:02.0243 3196 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/02/05 19:29:02.0275 3196 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/02/05 19:29:02.0384 3196 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/02/05 19:29:02.0493 3196 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/02/05 19:29:02.0524 3196 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/02/05 19:29:02.0555 3196 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/02/05 19:29:02.0649 3196 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    2011/02/05 19:29:02.0711 3196 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/02/05 19:29:02.0805 3196 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/02/05 19:29:02.0852 3196 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/02/05 19:29:02.0883 3196 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/02/05 19:29:03.0039 3196 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/02/05 19:29:03.0117 3196 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    2011/02/05 19:29:03.0148 3196 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/02/05 19:29:03.0195 3196 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/02/05 19:29:03.0242 3196 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/02/05 19:29:03.0273 3196 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/02/05 19:29:03.0335 3196 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/02/05 19:29:03.0429 3196 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/02/05 19:29:03.0491 3196 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    2011/02/05 19:29:03.0554 3196 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    2011/02/05 19:29:03.0616 3196 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/02/05 19:29:03.0679 3196 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/02/05 19:29:03.0741 3196 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/02/05 19:29:03.0897 3196 IntcAzAudAddService (2e3b99e8c23be2bf32ebe1db5261f275) C:\Windows\system32\drivers\RTKVHD64.sys
    2011/02/05 19:29:03.0991 3196 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    2011/02/05 19:29:04.0022 3196 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/02/05 19:29:04.0115 3196 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/02/05 19:29:04.0162 3196 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/02/05 19:29:04.0193 3196 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/02/05 19:29:04.0287 3196 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/02/05 19:29:04.0334 3196 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/02/05 19:29:04.0365 3196 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/02/05 19:29:04.0459 3196 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/02/05 19:29:04.0490 3196 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/02/05 19:29:04.0568 3196 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    2011/02/05 19:29:04.0615 3196 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/02/05 19:29:04.0661 3196 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/02/05 19:29:04.0786 3196 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/02/05 19:29:04.0864 3196 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/02/05 19:29:04.0958 3196 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/02/05 19:29:05.0005 3196 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/02/05 19:29:05.0036 3196 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/02/05 19:29:05.0067 3196 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/02/05 19:29:05.0161 3196 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/02/05 19:29:05.0223 3196 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/02/05 19:29:05.0270 3196 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/02/05 19:29:05.0348 3196 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/02/05 19:29:05.0457 3196 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/02/05 19:29:05.0566 3196 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/02/05 19:29:05.0613 3196 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    2011/02/05 19:29:05.0675 3196 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    2011/02/05 19:29:05.0722 3196 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/02/05 19:29:05.0769 3196 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    2011/02/05 19:29:05.0831 3196 mrxsmb (ab5892797c4114640ba333949568de8c) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/02/05 19:29:05.0878 3196 mrxsmb10 (81a38f7aeeb265634b05ae5f3f29fbc4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/02/05 19:29:05.0894 3196 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/02/05 19:29:05.0941 3196 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    2011/02/05 19:29:05.0956 3196 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/02/05 19:29:06.0003 3196 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/02/05 19:29:06.0097 3196 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/02/05 19:29:06.0159 3196 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/02/05 19:29:06.0253 3196 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/02/05 19:29:06.0299 3196 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/02/05 19:29:06.0315 3196 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/02/05 19:29:06.0362 3196 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    2011/02/05 19:29:06.0440 3196 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/02/05 19:29:06.0502 3196 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/02/05 19:29:06.0565 3196 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/02/05 19:29:06.0611 3196 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/02/05 19:29:06.0705 3196 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/02/05 19:29:06.0767 3196 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    2011/02/05 19:29:06.0845 3196 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/02/05 19:29:06.0877 3196 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/02/05 19:29:06.0970 3196 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/02/05 19:29:07.0033 3196 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/02/05 19:29:07.0111 3196 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    2011/02/05 19:29:07.0220 3196 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2011/02/05 19:29:07.0282 3196 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    2011/02/05 19:29:07.0391 3196 netr28ux (26672f93749ac9fd28da1b0f94efa78d) C:\Windows\system32\DRIVERS\netr28ux.sys
    2011/02/05 19:29:07.0438 3196 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/02/05 19:29:07.0547 3196 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/02/05 19:29:07.0594 3196 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2011/02/05 19:29:07.0750 3196 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    2011/02/05 19:29:07.0797 3196 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/02/05 19:29:07.0891 3196 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
    2011/02/05 19:29:08.0187 3196 nvlddmkm (4628fa8f0cc0d509bc14a223e99d36f3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/02/05 19:29:08.0359 3196 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
    2011/02/05 19:29:08.0405 3196 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/02/05 19:29:08.0468 3196 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/02/05 19:29:08.0515 3196 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
    2011/02/05 19:29:08.0608 3196 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/02/05 19:29:08.0639 3196 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/02/05 19:29:08.0702 3196 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/02/05 19:29:08.0733 3196 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    2011/02/05 19:29:08.0795 3196 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    2011/02/05 19:29:08.0827 3196 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    2011/02/05 19:29:08.0858 3196 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/02/05 19:29:08.0889 3196 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/02/05 19:29:08.0920 3196 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/02/05 19:29:09.0092 3196 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/02/05 19:29:09.0139 3196 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/02/05 19:29:09.0248 3196 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    2011/02/05 19:29:09.0310 3196 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/02/05 19:29:09.0388 3196 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/02/05 19:29:09.0451 3196 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/02/05 19:29:09.0466 3196 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/02/05 19:29:09.0560 3196 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/02/05 19:29:09.0607 3196 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/02/05 19:29:09.0700 3196 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/02/05 19:29:09.0731 3196 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/02/05 19:29:09.0763 3196 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/02/05 19:29:09.0794 3196 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/02/05 19:29:09.0825 3196 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/02/05 19:29:09.0934 3196 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/02/05 19:29:09.0981 3196 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/02/05 19:29:10.0012 3196 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    2011/02/05 19:29:10.0121 3196 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    2011/02/05 19:29:10.0246 3196 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/02/05 19:29:10.0309 3196 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/02/05 19:29:10.0387 3196 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/02/05 19:29:10.0449 3196 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/02/05 19:29:10.0558 3196 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/02/05 19:29:10.0667 3196 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/02/05 19:29:10.0699 3196 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/02/05 19:29:10.0745 3196 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/02/05 19:29:10.0761 3196 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/02/05 19:29:10.0792 3196 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/02/05 19:29:10.0823 3196 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/02/05 19:29:10.0917 3196 Sftfs (d5183ed285d2795491dc15bddcbee5ad) C:\Windows\system32\DRIVERS\Sftfslh.sys
    2011/02/05 19:29:10.0948 3196 Sftplay (00f118b68c50d2206dd51634f9142b83) C:\Windows\system32\DRIVERS\Sftplaylh.sys
    2011/02/05 19:29:11.0057 3196 Sftredir (76a827df5640bfe16a0cdbb4108adeca) C:\Windows\system32\DRIVERS\Sftredirlh.sys
    2011/02/05 19:29:11.0089 3196 Sftvol (1b4c9701645086bab8cafffce30ed284) C:\Windows\system32\DRIVERS\Sftvollh.sys
    2011/02/05 19:29:11.0182 3196 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/02/05 19:29:11.0213 3196 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/02/05 19:29:11.0245 3196 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/02/05 19:29:11.0354 3196 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/02/05 19:29:11.0416 3196 srv (37c3abc2338010e110d2a6a3930f3149) C:\Windows\system32\DRIVERS\srv.sys
    2011/02/05 19:29:11.0447 3196 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
    2011/02/05 19:29:11.0479 3196 srvnet (cce32bb223e9ff55d241099a858fa889) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/02/05 19:29:11.0588 3196 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/02/05 19:29:11.0697 3196 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    2011/02/05 19:29:11.0791 3196 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
    2011/02/05 19:29:11.0915 3196 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/02/05 19:29:11.0978 3196 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    2011/02/05 19:29:12.0009 3196 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/02/05 19:29:12.0071 3196 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/02/05 19:29:12.0118 3196 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    2011/02/05 19:29:12.0149 3196 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    2011/02/05 19:29:12.0212 3196 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/02/05 19:29:12.0305 3196 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/02/05 19:29:12.0352 3196 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/02/05 19:29:12.0383 3196 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    2011/02/05 19:29:12.0477 3196 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/02/05 19:29:12.0524 3196 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    2011/02/05 19:29:12.0602 3196 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/02/05 19:29:12.0695 3196 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/02/05 19:29:12.0805 3196 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/02/05 19:29:12.0851 3196 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/02/05 19:29:12.0867 3196 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/02/05 19:29:12.0898 3196 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/02/05 19:29:12.0992 3196 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/02/05 19:29:13.0070 3196 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/02/05 19:29:13.0148 3196 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/02/05 19:29:13.0195 3196 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/02/05 19:29:13.0288 3196 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/02/05 19:29:13.0351 3196 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/02/05 19:29:13.0444 3196 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/02/05 19:29:13.0491 3196 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/02/05 19:29:13.0585 3196 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    2011/02/05 19:29:13.0647 3196 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/02/05 19:29:13.0678 3196 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    2011/02/05 19:29:13.0709 3196 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/02/05 19:29:13.0741 3196 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/02/05 19:29:13.0819 3196 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/02/05 19:29:13.0850 3196 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/02/05 19:29:13.0928 3196 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    2011/02/05 19:29:13.0975 3196 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/02/05 19:29:14.0068 3196 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/02/05 19:29:14.0084 3196 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/02/05 19:29:14.0131 3196 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/02/05 19:29:14.0209 3196 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/02/05 19:29:14.0349 3196 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/02/05 19:29:14.0396 3196 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/02/05 19:29:14.0536 3196 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/02/05 19:29:14.0614 3196 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/02/05 19:29:14.0661 3196 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    2011/02/05 19:29:14.0755 3196 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/02/05 19:29:14.0833 3196 ================================================================================
    2011/02/05 19:29:14.0833 3196 Scan finished
    2011/02/05 19:29:14.0833 3196 ================================================================================
    2011/02/05 19:29:24.0505 0656 Deinitialize success
    Ok.....hope I did this one right.
     
    trae,
    #8
  10. 2011/02/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That's clean.

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay? ".
     
    broni,
    #9
  11. 2011/02/05
    trae

    trae Inactive Thread Starter

    Joined:
    2011/02/04
    Messages:
    18
    Likes Received:
    0
    Ok......I downloaded the RK Unhooker but it will not run . Keep getting Error loading driver message. NTSTATUS code: oxCoooo36B I tried the first two download sites but got same resilts for both so did not try third. I did try run as Administrator. Looks like one bad bug.
     
    trae,
    #10
  12. 2011/02/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    My fault. It won't run on 64-bit system.
    Sorry for that :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #11
  13. 2011/02/05
    trae

    trae Inactive Thread Starter

    Joined:
    2011/02/04
    Messages:
    18
    Likes Received:
    0
    OTL logfile created on: 2/5/2011 8:15:36 PM - Run 3
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\T-Rae\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 449.66 Gb Total Space | 423.60 Gb Free Space | 94.20% Space Free | Partition Type: NTFS

    Computer Name: T-RAE-PC | User Name: T-Rae | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/02/04 15:50:23 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\T-Rae\Desktop\OTL.exe
    PRC - [2011/01/13 02:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2011/01/13 02:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/12/16 16:19:34 | 002,402,512 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
    PRC - [2010/05/05 20:24:42 | 000,609,312 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
    PRC - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
    PRC - [2009/12/03 00:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2009/12/03 00:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/02/04 15:50:23 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\T-Rae\Desktop\OTL.exe
    MOD - [2011/01/20 15:25:43 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
    MOD - [2009/07/13 19:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/01/13 02:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
    SRV:64bit: - [2009/08/10 17:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
    SRV:64bit: - [2009/08/10 17:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM))
    SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2010/01/15 15:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2009/12/03 00:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2009/12/03 00:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2009/10/09 20:59:08 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe -- (Greg_Service)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/01/13 02:37:23 | 000,062,032 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2009/12/03 00:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2009/12/03 00:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2009/12/03 00:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2009/12/03 00:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2009/08/05 07:59:48 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
    DRV:64bit: - [2009/07/30 03:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
    DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 23:34:38 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AGERESoftModem)
    DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352g&r=17361210m103p0424v195r4771t24q
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352g&r=17361210m103p0424v195r4771t24q


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1562301765-265582376-3443441864-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKU\S-1-5-21-1562301765-265582376-3443441864-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1562301765-265582376-3443441864-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1562301765-265582376-3443441864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/02/05 17:52:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/02/05 17:45:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/02/04 16:02:22 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2011/02/04 16:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2011/02/04 16:02:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2011/02/04 16:01:56 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
    [2011/02/04 16:01:56 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
    [2011/02/04 16:01:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
    [2011/02/04 16:01:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
    [2011/02/04 16:01:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2011/02/04 15:50:17 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\T-Rae\Desktop\OTL.exe
    [2011/02/04 15:41:54 | 000,000,000 | ---D | C] -- C:\Users\T-Rae\Desktop\tdsskiller
    [2011/02/04 14:48:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 3
    [2011/02/04 14:48:55 | 000,000,000 | ---D | C] -- C:\Users\T-Rae\AppData\Roaming\IObit
    [2011/02/04 14:48:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
    [2011/02/04 14:11:09 | 000,000,000 | ---D | C] -- C:\Users\T-Rae\AppData\Roaming\Malwarebytes
    [2011/02/04 14:11:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/02/04 14:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/02/04 14:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/02/04 14:11:01 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/02/04 14:11:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/02/04 13:47:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/02/04 13:47:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/02/04 13:47:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/02/04 13:47:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/02/04 13:46:39 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/02/04 13:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2011/02/04 13:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2011/02/04 12:55:14 | 000,000,000 | ---D | C] -- C:\Users\T-Rae\Documents\New folder
    [2011/01/20 14:43:47 | 000,237,168 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

    ========== Files - Modified Within 30 Days ==========

    [2011/02/05 20:04:05 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
    [2011/02/05 20:03:13 | 000,133,632 | ---- | M] () -- C:\Users\T-Rae\Desktop\RKUnhookerLE.EXE
    [2011/02/05 20:00:01 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\eMachines Registration Reminder.job
    [2011/02/05 19:55:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/02/05 19:46:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/02/05 17:44:52 | 004,264,054 | R--- | M] () -- C:\Users\T-Rae\Desktop\ComboFix.exe
    [2011/02/05 17:27:14 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/02/05 09:26:47 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/02/05 09:26:47 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/02/05 09:23:55 | 000,714,754 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/02/05 09:23:55 | 000,615,566 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/02/05 09:23:55 | 000,103,682 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/02/05 09:19:42 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
    [2011/02/05 09:19:27 | 1408,786,432 | -HS- | M] () -- C:\hiberfil.sys
    [2011/02/04 16:48:48 | 000,080,384 | ---- | M] () -- C:\Users\T-Rae\Desktop\MBRCheck.exe
    [2011/02/04 16:07:52 | 000,720,369 | ---- | M] () -- C:\Users\T-Rae\Desktop\rkill.exe
    [2011/02/04 16:01:44 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
    [2011/02/04 16:01:44 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
    [2011/02/04 16:01:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
    [2011/02/04 16:01:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
    [2011/02/04 15:50:23 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\T-Rae\Desktop\OTL.exe
    [2011/02/04 15:41:28 | 001,246,371 | ---- | M] () -- C:\Users\T-Rae\Desktop\tdsskiller.zip
    [2011/02/04 15:25:53 | 000,296,448 | ---- | M] () -- C:\Users\T-Rae\Desktop\2xtu7r03.exe
    [2011/02/04 14:48:59 | 000,001,254 | ---- | M] () -- C:\Users\T-Rae\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
    [2011/02/04 14:48:59 | 000,001,230 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
    [2011/02/04 14:11:04 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/02/04 13:40:46 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2011/01/20 14:43:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2011/01/13 02:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/01/13 02:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2011/01/13 02:47:23 | 000,237,168 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2011/01/13 02:41:44 | 000,273,488 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2011/01/13 02:40:20 | 000,051,792 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2011/01/13 02:37:34 | 000,029,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2011/01/13 02:37:23 | 000,062,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2011/01/13 02:37:12 | 000,020,560 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

    ========== Files Created - No Company Name ==========

    [2011/02/05 20:03:11 | 000,133,632 | ---- | C] () -- C:\Users\T-Rae\Desktop\RKUnhookerLE.EXE
    [2011/02/05 19:57:00 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
    [2011/02/05 17:37:25 | 004,264,054 | R--- | C] () -- C:\Users\T-Rae\Desktop\ComboFix.exe
    [2011/02/04 16:48:44 | 000,080,384 | ---- | C] () -- C:\Users\T-Rae\Desktop\MBRCheck.exe
    [2011/02/04 16:07:39 | 000,720,369 | ---- | C] () -- C:\Users\T-Rae\Desktop\rkill.exe
    [2011/02/04 15:41:13 | 001,246,371 | ---- | C] () -- C:\Users\T-Rae\Desktop\tdsskiller.zip
    [2011/02/04 15:25:53 | 000,296,448 | ---- | C] () -- C:\Users\T-Rae\Desktop\2xtu7r03.exe
    [2011/02/04 14:49:04 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
    [2011/02/04 14:48:59 | 000,001,254 | ---- | C] () -- C:\Users\T-Rae\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
    [2011/02/04 14:48:59 | 000,001,230 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
    [2011/02/04 14:11:04 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/02/04 13:47:47 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/02/04 13:47:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/02/04 13:47:47 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/02/04 13:47:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/02/04 13:47:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/02/04 13:40:46 | 000,000,831 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2010/12/21 14:27:34 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

    ========== Custom Scans ==========


    < >

    < %SYSTEMDRIVE%\*.* >
    [2010/06/07 11:59:36 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2011/02/05 09:19:27 | 1408,786,432 | -HS- | M] () -- C:\hiberfil.sys
    [2011/02/05 09:19:26 | 1878,384,640 | -HS- | M] () -- C:\pagefile.sys
    [2010/08/10 14:45:14 | 000,002,246 | ---- | M] () -- C:\RHDSetup.log
    [2011/02/05 17:53:21 | 000,000,495 | ---- | M] () -- C:\rkill.log
    [2011/02/04 15:42:40 | 000,062,688 | ---- | M] () -- C:\TDSSKiller.2.4.16.0_04.02.2011_15.42.10_log.txt
    [2011/02/05 19:28:16 | 000,062,688 | ---- | M] () -- C:\TDSSKiller.2.4.16.0_05.02.2011_19.27.39_log.txt
    [2011/02/05 19:28:31 | 000,002,240 | ---- | M] () -- C:\TDSSKiller.2.4.16.0_05.02.2011_19.28.27_log.txt
    [2011/02/05 19:29:24 | 000,062,688 | ---- | M] () -- C:\TDSSKiller.2.4.16.0_05.02.2011_19.28.55_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/13 23:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 23:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 23:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 23:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 14:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/01/13 02:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2009/07/10 13:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/12/21 17:24:08 | 000,000,221 | -HS- | M] () -- C:\Users\T-Rae\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/02/04 15:25:53 | 000,296,448 | ---- | M] () -- C:\Users\T-Rae\Desktop\2xtu7r03.exe
    [2011/02/05 17:44:52 | 004,264,054 | R--- | M] () -- C:\Users\T-Rae\Desktop\ComboFix.exe
    [2011/02/04 16:48:48 | 000,080,384 | ---- | M] () -- C:\Users\T-Rae\Desktop\MBRCheck.exe
    [2011/02/04 15:50:23 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\T-Rae\Desktop\OTL.exe
    [2011/02/04 16:07:52 | 000,720,369 | ---- | M] () -- C:\Users\T-Rae\Desktop\rkill.exe
    [2011/02/05 20:03:13 | 000,133,632 | ---- | M] () -- C:\Users\T-Rae\Desktop\RKUnhookerLE.EXE

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 15:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2010/08/10 14:45:37 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2010/08/10 14:45:37 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2010/08/10 14:39:36 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2010/08/10 14:39:36 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/12/21 11:04:51 | 000,000,402 | -HS- | M] () -- C:\Users\T-Rae\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >
     
    trae,
    #12
  14. 2011/02/05
    trae

    trae Inactive Thread Starter

    Joined:
    2011/02/04
    Messages:
    18
    Likes Received:
    0
    OTL Extras logfile created on: 2/4/2011 3:51:49 PM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\T-Rae\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 449.66 Gb Total Space | 424.52 Gb Free Space | 94.41% Space Free | Partition Type: NTFS

    Computer Name: T-RAE-PC | User Name: T-Rae | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "CCleaner" = CCleaner
    "LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1b454602-bab1-4837-95bb-f54766ae363f}" = Nero 9 Essentials
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
    "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
    "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
    "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
    "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
    "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Advanced SystemCare 3_is1" = Advanced SystemCare 3
    "avast5" = avast! Free Antivirus
    "eMachines Game Console" = eMachines Game Console
    "eMachines Registration" = eMachines Registration
    "eMachines Screensaver" = eMachines ScreenSaver
    "eMachines Welcome Center" = Welcome Center
    "Hotkey Utility" = Hotkey Utility
    "Identity Card" = Identity Card
    "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "WildTangent emachines Master Uninstall" = eMachines Games
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WT078910" = Bejeweled 2 Deluxe
    "WT078930" = Zuma Deluxe
    "WT078954" = Blackhawk Striker 2
    "WT078962" = Bob the Builder Can-Do-Zoo
    "WT079018" = Faerie Solitaire
    "WT079022" = FATE - The Traitor Soul
    "WT079066" = Jewel Quest Solitaire 3
    "WT079098" = Monopoly
    "WT079102" = Mystery P.I. - Lost in Los Angeles
    "WT079106" = Penguins!
    "WT079110" = Plants vs. Zombies
    "WT079114" = Polar Bowler
    "WT079118" = Polar Golfer
    "WT079150" = Scrabble Plus
    "WT079154" = The Price is Right
    "WT079175" = Virtual Villagers - A New Home
    "WT079180" = Yahtzee
    "WT079283" = Build-a-lot 2
    "WT079316" = Escape Rosecliff Island
    "WT079418" = Virtual Families

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/26/2010 2:21:15 PM | Computer Name = T-Rae-PC | Source = CVHSVC | ID = 100
    Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
    DownloadLatest Failed: The operation timed out

    Error - 12/26/2010 2:37:38 PM | Computer Name = T-Rae-PC | Source = RasClient | ID = 20227
    Description =

    Error - 12/27/2010 2:45:05 PM | Computer Name = T-Rae-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ".Error in manifest or policy file "c:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 12/27/2010 2:46:40 PM | Computer Name = T-Rae-PC | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe ".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture= "AMD64 ",type= "win32 ",version= "1.0.0.1 ". Definition
    is WLMFDS,processorArchitecture= "x86 ",type= "win32 ",version= "1.0.0.1 ". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 1/3/2011 2:18:08 PM | Computer Name = T-Rae-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ".Error in manifest or policy file "c:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 1/3/2011 2:19:07 PM | Computer Name = T-Rae-PC | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe ".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture= "AMD64 ",type= "win32 ",version= "1.0.0.1 ". Definition
    is WLMFDS,processorArchitecture= "x86 ",type= "win32 ",version= "1.0.0.1 ". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 1/4/2011 12:47:15 PM | Computer Name = T-Rae-PC | Source = CVHSVC | ID = 100
    Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
    DownloadLatest Failed: The server name or address could not be resolved

    Error - 1/12/2011 12:03:03 PM | Computer Name = T-Rae-PC | Source = CVHSVC | ID = 100
    Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
    DownloadLatest Failed: The server name or address could not be resolved

    Error - 1/18/2011 3:40:03 PM | Computer Name = T-Rae-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ".Error in manifest or policy file "c:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 1/18/2011 3:41:09 PM | Computer Name = T-Rae-PC | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe ".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture= "AMD64 ",type= "win32 ",version= "1.0.0.1 ". Definition
    is WLMFDS,processorArchitecture= "x86 ",type= "win32 ",version= "1.0.0.1 ". Please use
    sxstrace.exe for detailed diagnosis.

    [ System Events ]
    Error - 12/29/2010 7:47:11 PM | Computer Name = T-Rae-PC | Source = bowser | ID = 8003
    Description =

    Error - 12/29/2010 11:31:39 PM | Computer Name = T-Rae-PC | Source = bowser | ID = 8003
    Description =

    Error - 12/29/2010 11:33:22 PM | Computer Name = T-Rae-PC | Source = bowser | ID = 8003
    Description =

    Error - 12/29/2010 11:36:19 PM | Computer Name = T-Rae-PC | Source = bowser | ID = 8003
    Description =

    Error - 12/29/2010 11:41:19 PM | Computer Name = T-Rae-PC | Source = bowser | ID = 8003
    Description =

    Error - 12/31/2010 2:24:19 PM | Computer Name = T-Rae-PC | Source = bowser | ID = 8003
    Description =

    Error - 1/10/2011 5:07:20 PM | Computer Name = T-Rae-PC | Source = bowser | ID = 8003
    Description =

    Error - 1/10/2011 8:43:47 PM | Computer Name = T-Rae-PC | Source = bowser | ID = 8003
    Description =

    Error - 1/11/2011 1:44:17 PM | Computer Name = T-Rae-PC | Source = bowser | ID = 8003
    Description =

    Error - 1/11/2011 10:53:26 PM | Computer Name = T-Rae-PC | Source = bowser | ID = 8003
    Description =


    < End of report >
     
    trae,
    #13
  15. 2011/02/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2011/02/05 20:04:05 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ================================================================

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #14
  16. 2011/02/05
    trae

    trae Inactive Thread Starter

    Joined:
    2011/02/04
    Messages:
    18
    Likes Received:
    0
    All processes killed
    Error: Unable to interpret <O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.> in the current context!
    Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
    Error: Unable to interpret <O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found> in the current context!
    Error: Unable to interpret <O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found> in the current context!
    Error: Unable to interpret <[2011/02/05 20:04:05 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys> in the current context!
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: T-Rae
    ->Temp folder emptied: 987036 bytes
    ->Temporary Internet Files folder emptied: 52019538 bytes
    ->Java cache emptied: 2027 bytes
    ->Flash cache emptied: 2305 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 51.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: T-Rae
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.20.6 log created on 02052011_204440

    Files\Folders moved on Reboot...
    C:\Users\T-Rae\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
    trae,
    #15
  17. 2011/02/05
    trae

    trae Inactive Thread Starter

    Joined:
    2011/02/04
    Messages:
    18
    Likes Received:
    0
    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    avast! Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 23
    Out of date Java installed!
    Adobe Flash Player
    Adobe Reader 9.1 MUI
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Alwil Software Avast5 AvastSvc.exe
    ``````````End of Log````````````
     
    trae,
    #16
  18. 2011/02/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You did something wrong.
    Most likely, you missed "a colon" in front of "OTL" in my script (1st line).
    Please, redo.
     
    broni,
    #17
  19. 2011/02/05
    trae

    trae Inactive Thread Starter

    Joined:
    2011/02/04
    Messages:
    18
    Likes Received:
    0
    The virus will not let me access the online scanner site.
     
    trae,
    #18
  20. 2011/02/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, redo OTL fix first.

    I want you to download and install another browser, Firefox: http://www.mozilla.com/en-US/firefox/ to see, if you'll have same issues.
     
    broni,
    #19
  21. 2011/02/05
    trae

    trae Inactive Thread Starter

    Joined:
    2011/02/04
    Messages:
    18
    Likes Received:
    0
    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    File C:\Windows\SysWow64\drivers\Normandy.sys not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: T-Rae
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 5238902 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 770 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 608 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 5.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: T-Rae
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.20.6 log created on 02052011_211946

    Files\Folders moved on Reboot...
    C:\Users\T-Rae\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
    Ok...I made sure I checked all users and run fix.....Also made sure I got everything icluding the elusive colon. only twenty tries to get back to this page this time.
     
    trae,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...