Jump to content


Photo
- - - - -

Browser Redirect Virus


  • This topic is locked This topic is locked
11 replies to this topic

#1 timofjungle

timofjungle

    New Member

  • Members
  • Pip
  • 7 posts

Posted 11 March 2012 - 02:58 PM

Well, been struggling with a browser redirect for a couple weeks, haven't been able to get it with multiple passes of malwarebytes, windows defender, tdsskiller etc. Thought I'd go to the pros for some help. Here are my files:
DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Tim at 14:25:46 on 2012-03-11
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6143.3825 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.mg204.mail.yahoo.com/dc/launch?.partner=sbc&.gx=1&.rand=bvnkkbjfn8b7s
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
Trusted Zone: $talisma_url$
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1331165536716
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0FEB370C-D1CB-4B70-A5C8-43CC13E5F681} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8AB8F088-E128-4B1C-960D-F522875E893A} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A12C5DB2-9E87-4507-A30D-C3FABAA08F73} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{BF57C91B-F9FD-4E6D-9F7E-5F64AB6450B6} : DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{D60A10E1-5961-4904-8828-C2D8CDB3B72A} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D60A10E1-5961-4904-8828-C2D8CDB3B72A}\451627469637 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{D60A10E1-5961-4904-8828-C2D8CDB3B72A}\F4C697D6075737 : DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder
Hosts: 67.215.245.19 www.google-analytics.com.
Hosts: 67.215.245.19 ad-emea.doubleclick.net.
Hosts: 67.215.245.19 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-8-14 517632]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-27 2348352]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-3-9 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-9 382272]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 2152152]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-8-5 79360]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [2012-3-3 33592]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2012-3-3 14136]
S3 NTIOLib_1_0_6;NTIOLib_1_0_6;C:\Program Files (x86)\Setup Files\Ms7380v140\NTIOLib_X64.sys [2012-3-3 11888]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-2 652360]
.
=============== Created Last 30 ================
.
2012-03-11 14:44:53 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6B3339A8-4EB2-4114-8C69-EECB57FD4420}\mpengine.dll
2012-03-11 14:37:55 -------- d-----w- C:\Users\Tim\AppData\Roaming\SUPERAntiSpyware.com
2012-03-11 14:37:39 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-03-11 14:37:39 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-03-11 14:17:33 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-03-11 13:53:10 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-03-11 13:53:08 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-03-11 13:52:05 -------- d-----w- C:\ProgramData\PC Tools
2012-03-11 13:52:04 -------- d-----w- C:\Users\Tim\AppData\Roaming\TestApp
2012-03-10 21:23:28 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-10 21:14:07 98816 ----a-w- C:\Windows\sed.exe
2012-03-10 21:14:07 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-10 21:14:07 256000 ----a-w- C:\Windows\PEV.exe
2012-03-10 21:14:07 208896 ----a-w- C:\Windows\MBR.exe
2012-03-10 01:42:39 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-03-10 01:42:39 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-08 23:03:09 -------- d-----w- C:\Program Files\CCleaner
2012-03-03 21:49:57 -------- d-----w- C:\Program Files (x86)\Setup Files
2012-03-03 21:44:05 -------- d-----w- C:\Program Files (x86)\MSI
2012-03-03 19:27:56 -------- d-----w- C:\Windows\pss
2012-03-03 01:06:30 -------- d-----w- C:\Users\Tim\AppData\Roaming\Malwarebytes
2012-03-03 01:06:10 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-03 01:06:10 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-03 01:06:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-02 23:20:25 778736 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\install_flashplayer.exe
2012-03-02 23:20:25 148480 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\ncrypt.dll
2012-03-02 23:20:20 148480 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\55D7.tmp
2012-03-02 23:20:19 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\5559.tmp
2012-03-02 23:20:19 148480 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\5558.tmp.dat
2012-02-28 02:56:05 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-02-28 02:56:05 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-02-28 02:56:05 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
2012-02-28 02:56:05 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-02-28 02:56:05 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-02-28 02:55:31 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-02-28 01:52:45 -------- d-----w- C:\Program Files\iTunes
2012-02-28 01:52:45 -------- d-----w- C:\Program Files\iPod
2012-02-21 23:11:15 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2012-02-21 20:39:30 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-02-21 20:28:58 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2012-02-21 20:28:48 -------- d-----w- C:\Program Files (x86)\Lavasoft
2012-02-17 09:02:34 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-02-15 15:40:50 -------- d-----w- C:\ProgramData\WEBREG
2012-02-15 15:40:28 -------- d-----w- C:\Users\Tim\AppData\Local\HP
2012-02-15 15:39:40 224768 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzpp64w.dll
2012-02-15 15:38:28 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-02-15 15:37:28 -------- d-----w- C:\Windows\SysWow64\spool
2012-02-15 15:36:12 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2012-02-15 15:36:09 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2012-02-15 15:35:17 233472 ----a-w- C:\Windows\SysWow64\hpzc364w.dll
2012-02-15 15:35:17 131072 ----a-w- C:\Windows\System32\hpz3l64w.dll
2012-02-15 15:35:16 671816 ----a-w- C:\Windows\SysWow64\hpcdmc32.dll
2012-02-15 15:35:08 -------- d-----w- C:\Program Files (x86)\HP
2012-02-15 15:34:08 944128 ----a-w- C:\Windows\System32\hpwwiax3.dll
2012-02-15 15:34:08 359256 ----a-w- C:\Windows\System32\hpzids40.dll
2012-02-15 15:34:08 1420288 ----a-w- C:\Windows\System32\hpwtiop3.dll
2012-02-15 15:34:07 540672 ----a-w- C:\Windows\System32\hppldcoi.dll
2012-02-15 15:34:07 488960 ----a-w- C:\Windows\System32\hpovst11.dll
2012-02-14 19:44:16 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-14 19:44:16 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-14 19:44:13 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-14 19:44:13 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-14 19:44:12 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-14 19:44:11 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-14 19:44:07 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-14 19:44:07 634880 ----a-w- C:\Windows\System32\msvcrt.dll
.
==================== Find3M ====================
.
2012-02-10 02:05:44 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 14:26:10.51 ===============


attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/5/2010 3:31:07 PM
System Uptime: 3/11/2012 12:44:14 PM (2 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7380
Processor: Intel® Core™2 Duo CPU E8500 @ 3.16GHz | CPU 1 | 3166/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 116.895 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet J6400 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet J6400 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet J6400 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Officejet J6400 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: RT73 USB Wireless LAN Card
Device ID: USB\VID_148F&PID_2573\5&2F211CA2&0&4
Manufacturer: Ralink Technology Corp.
Name: RT73 USB Wireless LAN Card #4
PNP Device ID: USB\VID_148F&PID_2573\5&2F211CA2&0&4
Service: netr7364
.
==== System Restore Points ===================
.
RP510: 3/7/2012 7:05:12 PM - Windows Update
RP511: 3/7/2012 7:10:56 PM - Installed Network64
RP512: 3/7/2012 7:29:23 PM - Windows Update
RP513: 3/7/2012 8:18:22 PM - Installed Microsoft Fix it 50302
RP514: 3/7/2012 9:12:08 PM - Windows Update
RP515: 3/8/2012 3:00:11 AM - Windows Update
RP516: 3/9/2012 3:00:11 AM - Windows Update
RP517: 3/10/2012 3:00:12 AM - Windows Update
RP518: 3/11/2012 4:00:11 AM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 67.215.245.19 www.google-analytics.com.
Hosts: 67.215.245.19 ad-emea.doubleclick.net.
Hosts: 67.215.245.19 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
.
==== Installed Programs ======================
.
6400_Help
Ad-Aware
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.5.0
Apple Application Support
Apple Software Update
Arx Fatalis
Arx Fatalis version 1.21
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Citrix XenApp Plugin for Hosted Apps
Compatibility Pack for the 2007 Office system
Creative Audio Control Panel
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Destinations
DeviceDiscovery
DocProc
Download Manager 2.3.10
EA Download Manager
EA Installer
EA Shared Game Component: Activation
Fax
Google Chrome
GPBaseService2
Heroes of Might and Magic V
Heroes of Might and Magic V: Hammers of Fate
Heroes of Might and Magic V: Tribes of the East
HP Update
HPProductAssistant
HPSSupply
J6400
Java Auto Updater
Java™ 6 Update 27
League of Legends
Live Update 5
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Marvel™ - Ultimate Alliance
Mass Effect 2
Medieval II Total War
Medieval II Total War Kingdoms
Microsoft .NET Framework 1.1
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mount&Blade
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA ForceWare Network Access Manager
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Pando Media Booster
Portal
ProductContext
QuickTime
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Skype™ 5.5
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
StarCraft II
Status
Steam
Team Fortress 2
The Elder Scrolls IV: Oblivion
The Elder Scrolls V: Skyrim
The Lord of the Rings Online™: Siege of Mirkwood™ v03.01.00.802
Third Age - Total War 2.0 (Part1of2)
Third Age - Total War 2.0 (Part2of2)
Toolbox
TrayApp
TurningPoint 2008
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
WebReg
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/8/2012 3:50:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/8/2012 3:48:07 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2012 3:48:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/8/2012 3:48:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/8/2012 3:48:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/8/2012 3:48:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/8/2012 3:48:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/8/2012 3:48:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/8/2012 3:47:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
3/8/2012 3:47:38 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2012 3:47:38 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2012 3:47:38 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2012 3:47:38 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2012 3:47:38 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2012 3:47:38 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2012 3:47:34 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2012 3:47:34 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2012 3:47:34 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2012 3:47:34 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2012 3:47:32 PM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
3/7/2012 9:37:39 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/7/2012 7:28:22 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/7/2012 6:14:08 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/7/2012 5:54:09 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/7/2012 12:13:42 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.945.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
3/7/2012 12:13:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/6/2012 8:56:51 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/6/2012 8:40:00 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.908.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
3/6/2012 8:29:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.908.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
3/6/2012 8:25:55 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
3/6/2012 8:18:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6
3/6/2012 8:14:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.908.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
3/5/2012 9:33:32 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/5/2012 9:32:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fb80000000, 0xffffffffc000000e, 0x000000003725d880, 0xfffff70000000008). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030512-27281-01.
3/5/2012 9:26:41 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
3/4/2012 3:03:52 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.832.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/4/2012 3:03:52 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.832.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/4/2012 3:03:52 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.832.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/11/2012 9:32:30 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/11/2012 9:20:59 AM, Error: PCTCore [280] -
3/11/2012 4:02:14 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB2596954).
3/11/2012 4:01:43 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Publisher 2003 (KB2553084).
3/11/2012 4:01:16 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2597968).
3/11/2012 3:22:27 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1275.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
3/11/2012 3:22:27 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1275.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
3/11/2012 1:08:44 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1275.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
3/11/2012 1:08:44 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1275.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
3/10/2012 3:49:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1275.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
3/10/2012 3:49:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1275.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
3/10/2012 3:19:05 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/10/2012 3:14:01 PM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
3/10/2012 3:14:01 PM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

Attached Files



#2 timofjungle

timofjungle

    New Member

  • Members
  • Pip
  • 7 posts

Posted 17 March 2012 - 09:58 AM

*Bump*

Anyone able to help with this?

#3 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,551 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 17 March 2012 - 10:29 AM

Hello,

Don't do any websurfing while I am helping you to clean malware & for the duration, until we are all done.
Do NOT do any other fixes on your own, and do not do any adds or changes to your system without first checking with me here.

Keep Lavasoft Ad-Watch disabled for the duration, otherwise it may interfere with cleanups.
Start with the following.

Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
To show all files:
  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.
Step 3
Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4
Download Security Check by screen317 and save it to your Desktop: here or here
  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5
Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Start Internet Explorer
Using Internet Explorer browser only, go to BitDefender Quickscan website:
http://quickscan.bitdefender.com

and click "Start Scan".
Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.
Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.
If prompted, reply yes to allow it to run.
Press the Allow button and follow prompts.

Press the "Start Scan" once more.
You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/
and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.
It may seem to stall at moments, but have patience; it will move on.
You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.
The log report will show in your text editor. Save the log.
Do a Select ALL, Copy. Then paste contents into your next reply.

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender.
Use separate replies as needed if logs do not fit into one reply box.
Do NOT Attach files/reports.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#4 timofjungle

timofjungle

    New Member

  • Members
  • Pip
  • 7 posts

Posted 17 March 2012 - 04:41 PM

Results of screen317's Security Check version 0.99.31
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 27
Java version out of date!
Adobe Flash Player 10.2.159.1 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````



###########################################################################


info.txt logfile of random's system information tool 1.09 2012-03-17 16:15:32
======Uninstall list======
-->C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
-->MsiExec /X{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9 /remove
64 Bit HP CIO Components Installer-->MsiExec.exe /I{FF21C3E6-97FD-474F-9518-8DCBE94C2854}
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_Plugin.exe -maintain plugin
Adobe Flash Player 11 ActiveX 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe -maintain activex
Adobe Reader 9.5.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A95000000001}
Apple Application Support-->MsiExec.exe /I{343666E2-A059-48AC-AD67-230BF74E2DB2}
Apple Mobile Device Support-->MsiExec.exe /I{75104836-CAC7-444E-A39E-3F54151942F5}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Arx Fatalis version 1.21-->"C:\Program Files (x86)\Arkane Studios\Arx Fatalis\unins000.exe"
Arx Fatalis-->C:\Program Files (x86)\Arkane Studios\Arx Fatalis\Uninstall.exe
Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Citrix XenApp Plugin for Hosted Apps-->MsiExec.exe /I{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Creative Audio Control Panel-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x9 /remove
Creative Sound Blaster Properties x64 Edition-->"C:\Program Files (x86)\Creative Installation Information\SBCONTROL64\Setup.exe" /remove /l0x0009
Download Manager 2.3.10-->C:\Program Files (x86)\Download Manager\uninst.exe
EA Download Manager-->C:\Program Files (x86)\Electronic Arts\EADM\EADMUninstall.exe
EA Shared Game Component: Activation-->msiexec /qb /x {D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}
EA Shared Game Component: Activation-->MsiExec.exe /I{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}
ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"
Heroes of Might and Magic V: Hammers of Fate-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/15380
Heroes of Might and Magic V: Tribes of the East-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/15370
Heroes of Might and Magic V-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/15170
HP Customer Participation Program 13.0-->C:\Program Files (x86)\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Imaging Device Functions 13.0-->C:\Program Files (x86)\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OfficeJet J6400-->C:\Program Files (x86)\HP\Digital Imaging\{8AB2AC00-AFFF-4043-83D9-0086528B337F}\setup\hpzscr40.exe -datfile hpwscr14.dat -onestop -forcereboot
HP Smart Web Printing 4.51-->C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 13.0-->C:\Program Files (x86)\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
iTunes-->MsiExec.exe /I{5E11C972-1E76-45FE-8F92-14E0D1140B1B}
Java™ 6 Update 27-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216027FF}
League of Legends-->"C:\Program Files (x86)\InstallShield Installation Information\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\setup.exe" -runfromtemp -l0x0409 -removeonly
Live Update 5-->"C:\Program Files (x86)\MSI\Live Update 5\unins000.exe"
Malwarebytes Anti-Malware version 1.60.1.1000-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Marvel™ - Ultimate Alliance-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{932FB3F3-594D-4600-ABFA-F2DE80A14214}
Mass Effect 2-->"C:\Program Files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe"
Medieval II Total War Kingdoms-->"C:\Program Files (x86)\InstallShield Installation Information\{177703DE-D3F6-4E57-9212-E56A5C6F1164}\setup.exe" -runfromtemp -l0x0009 -removeonly
Medieval II Total War-->"C:\Program Files (x86)\InstallShield Installation Information\{A9D0745C-BABD-472B-8AF0-FAF888D31046}\setup.exe" -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Antimalware-->MsiExec.exe /X{05BFB060-4F22-4710-B0A2-2801A1B606C5}
Microsoft IntelliPoint 8.1-->msiexec.exe /I {3ED4AD02-F631-4A4C-AAC8-2325996E5A56}
Microsoft IntelliPoint 8.1-->MsiExec.exe /X{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91E30409-6000-11D3-8CFE-0150048383C9}
Microsoft Security Client-->MsiExec.exe /I{42738DB0-FC3E-4672-A99B-9372F5696E30}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Mount&Blade-->C:\Program Files (x86)\Mount&Blade\uninstall.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nexus Mod Manager-->"C:\Program Files\Nexus Mod Manager\uninstall\unins000.exe"
NVIDIA 3D Vision Controller Driver 296.10-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.6\NVI2.DLL",UninstallPackage Display.NVIRUSB
NVIDIA 3D Vision Driver 296.10-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.6\NVI2.DLL",UninstallPackage Display.3DVision
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->"C:\Program Files (x86)\InstallShield Installation Information\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}\setup.exe" -runfromtemp -l0x0009 -removeonly
NVIDIA Graphics Driver 296.10-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.6\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA PhysX System Software 9.12.0213-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.6\NVI2.DLL",UninstallPackage Display.PhysX
NVIDIA PhysX-->MsiExec.exe /X{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
NVIDIA Update 1.7.11-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.6\NVI2.DLL",UninstallPackage Display.Update
OCR Software by I.R.I.S. 13.0-->C:\Program Files (x86)\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Pando Media Booster-->C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe
Portal-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/400
QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Shop for HP Supplies-->C:\Program Files (x86)\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Sid Meier's Civilization V-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/8930
Skype™ 5.5-->MsiExec.exe /X{AA59DDE4-B672-4621-A016-4C248204957A}
StarCraft II-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\StarCraft II\Uninstall.exe
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Team Fortress 2-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/440
The Elder Scrolls IV: Oblivion -->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/22330
The Elder Scrolls V: Skyrim-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/72850
The Lord of the Rings Online™: Siege of Mirkwood™ v03.01.00.802-->"C:\Program Files (x86)\Turbine\The Lord of the Rings Online\unins000.exe"
TurningPoint 2008-->MsiExec.exe /X{B6FCAE72-20C8-44E8-B3CA-F9FB6B2210CF}
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
Ventrilo Client for Windows x64-->MsiExec.exe /X{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Toolbar-->C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
======Hosts File======
67.215.245.19 www.google-analytics.com.
67.215.245.19 ad-emea.doubleclick.net.
67.215.245.19 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.
======System event log======
Computer Name: Tim-PC
Event Code: 1014
Message: Name resolution for the name wpad.gateway.2wire.net timed out after none of the configured DNS servers responded.
Record Number: 17638
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20101230162347.796875-000
Event Type: Warning
User: Tim-PC\Tim
Computer Name: Tim-PC
Event Code: 1014
Message: Name resolution for the name vthumb.ak.fbcdn.net timed out after none of the configured DNS servers responded.
Record Number: 17607
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20101230041053.921875-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE
Computer Name: Tim-PC
Event Code: 1014
Message: Name resolution for the name wpad.gateway.2wire.net timed out after none of the configured DNS servers responded.
Record Number: 17581
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20101229123629.640625-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE
Computer Name: Tim-PC
Event Code: 1014
Message: Name resolution for the name rcm.amazon.com timed out after none of the configured DNS servers responded.
Record Number: 17559
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20101229014226.828125-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE
Computer Name: Tim-PC
Event Code: 1014
Message: Name resolution for the name optimized-by.rubiconproject.com timed out after none of the configured DNS servers responded.
Record Number: 17528
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20101228172023.904296-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE
=====Application event log=====
Computer Name: Tim-PC
Event Code: 1017
Message: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=G4CBX
ACID=?
Detailed Error[?]
Record Number: 130
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20100805222709.000000-000
Event Type: Error
User:
Computer Name: Tim-PC
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.
Record Number: 126
Source Name: Microsoft-Windows-Search
Time Written: 20100805222702.000000-000
Event Type: Warning
User:
Computer Name: Tim-PC
Event Code: 1017
Message: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=G4CBX
ACID=?
Detailed Error[?]
Record Number: 122
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20100805222652.000000-000
Event Type: Error
User:
Computer Name: Tim-PC
Event Code: 1017
Message: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=G4CBX
ACID=?
Detailed Error[?]
Record Number: 119
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20100805222622.000000-000
Event Type: Error
User:
Computer Name: Tim-PC
Event Code: 1017
Message: Installation of the Proof of Purchase failed. 0xC004F061
Partial Pkey=Q8YM8
ACID=e838d943-63ed-4a0b-9fb1-47152908acc9
Detailed Error[?]
Record Number: 116
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20100805222551.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: Tim-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1f34bc0
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: TV-PC
Source Network Address: 192.168.1.66
Source Port: 54794
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 415688
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120114013130.611328-000
Event Type: Audit Success
User:
Computer Name: Tim-PC
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1f33aed
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 415687
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120114013114.751953-000
Event Type: Audit Success
User:
Computer Name: Tim-PC
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1f33ad9
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 415686
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120114013114.751953-000
Event Type: Audit Success
User:
Computer Name: Tim-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1f33aed
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: ELIZABETH-PC
Source Network Address: 192.168.1.68
Source Port: 49957
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 415685
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120114013102.297851-000
Event Type: Audit Success
User:
Computer Name: Tim-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1f33ad9
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: ELIZABETH-PC
Source Network Address: 192.168.1.68
Source Port: 49956
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 415684
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120114013102.227539-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"asl.log"=Destination=file;OnFirstLog=command,environment,parent
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------


#################################################################################

#5 timofjungle

timofjungle

    New Member

  • Members
  • Pip
  • 7 posts

Posted 17 March 2012 - 04:43 PM

Logfile of random's system information tool 1.09 (written by random/random)
Run by Tim at 2012-03-17 16:02:23
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 110 GB (36%) free of 305 GB
Total RAM: 6143 MB (68% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:15:29 PM, on 3/17/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\Tim.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mg204.mail...d=bvnkkbjfn8b7s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 67.215.245.19 www.google-analytics.com.
O1 - Hosts: 67.215.245.19 ad-emea.doubleclick.net.
O1 - Hosts: 67.215.245.19 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex
O4 - HKUS\S-1-5-21-1083885131-3927673959-2532517918-1008\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1083885131-3927673959-2532517918-1008\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane..._2.3.10.115.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1331165536716
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} (WebBrowserType Class) - https://pattcw.att.m...Installer64.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11434 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe"
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"C:\Program Files (x86)\Common Files\Motive\McciCMService.exe"
"C:\Program Files\Common Files\Motive\McciCMService.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe"
C:\Windows\system32\svchost.exe -k HPService
"c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Windows\System32\rundll32.exe" P17RunE.dll,RunDLLEntry
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\iPod\bin\iPodService.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Officejet J6400 series#1329320418" -Startup
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -Embedding
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4816 CREDAT:137581
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Tim\Desktop\Instructions.txt
"C:\Users\Tim\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1083885131-3927673959-2532517918-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1083885131-3927673959-2532517918-1000UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-23 328248]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-24 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-23 509496]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 1436736]
"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-04-13 2399632]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files (x86)\Steam\Steam.exe [2011-08-10 1242448]
"Pando Media Booster"=C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [2011-08-20 3077528]
"igndlm.exe"=C:\Program Files (x86)\Download Manager\DLM.exe [2009-10-27 1103216]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe [2011-12-07 247968]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]
"P17RunE"=RunDll32 P17RunE.dll,RunDLLEntry []
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-01-16 421736]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-02 59240]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]
"Live Update 5"=C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe [2012-01-30 315392]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-04-16 249344]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 2 months======
2012-03-17 16:02:23 ----D---- C:\rsit
2012-03-17 16:02:23 ----D---- C:\Program Files\trend micro
2012-03-17 15:57:08 ----D---- C:\Program Files (x86)\ERUNT
2012-03-14 03:04:02 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-03-14 03:04:01 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-03-14 03:04:01 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-03-13 20:41:54 ----A---- C:\Windows\system32\win32k.sys
2012-03-13 20:41:53 ----A---- C:\Windows\system32\DWrite.dll
2012-03-13 20:41:52 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-03-13 20:39:57 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-03-13 20:39:57 ----A---- C:\Windows\system32\rdpwsx.dll
2012-03-13 20:39:57 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-03-13 20:39:56 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2012-03-13 20:39:56 ----A---- C:\Windows\system32\rdpcore.dll
2012-03-13 20:39:56 ----A---- C:\Windows\system32\drivers\tdtcp.sys
2012-03-13 20:39:56 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-03-13 20:25:52 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2012-03-13 20:25:52 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2012-03-13 20:25:52 ----A---- C:\Windows\system32\OpenCL.dll
2012-03-13 20:25:52 ----A---- C:\Windows\system32\nvoglv64.dll
2012-03-13 20:25:52 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2012-03-13 20:25:51 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2012-03-13 20:25:51 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2012-03-13 20:25:51 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2012-03-13 20:25:51 ----A---- C:\Windows\system32\nvd3dumx.dll
2012-03-13 20:25:51 ----A---- C:\Windows\system32\nvcuvid.dll
2012-03-13 20:25:51 ----A---- C:\Windows\system32\nvcuvenc.dll
2012-03-13 20:25:51 ----A---- C:\Windows\system32\nvcuda.dll
2012-03-13 20:25:50 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2012-03-13 20:25:50 ----A---- C:\Windows\system32\nvcompiler.dll
2012-03-11 09:17:33 ----D---- C:\Program Files (x86)\PC Tools
2012-03-11 08:53:16 ----A---- C:\Windows\system32\drivers\Cat.DB
2012-03-11 08:53:10 ----A---- C:\Windows\system32\drivers\PCTSD64.sys
2012-03-11 08:52:10 ----AD---- C:\ProgramData\TEMP
2012-03-11 08:52:05 ----D---- C:\ProgramData\PC Tools
2012-03-11 08:52:04 ----D---- C:\Users\Tim\AppData\Roaming\TestApp
2012-03-10 16:26:27 ----A---- C:\TDSSKiller.2.7.19.0_10.03.2012_15.26.27_log.txt
2012-03-10 16:23:28 ----SHD---- C:\$RECYCLE.BIN
2012-03-10 16:19:56 ----A---- C:\ComboFix.txt
2012-03-10 16:14:07 ----A---- C:\Windows\zip.exe
2012-03-10 16:14:07 ----A---- C:\Windows\SWSC.exe
2012-03-10 16:14:07 ----A---- C:\Windows\SWREG.exe
2012-03-10 16:14:07 ----A---- C:\Windows\sed.exe
2012-03-10 16:14:07 ----A---- C:\Windows\PEV.exe
2012-03-10 16:14:07 ----A---- C:\Windows\NIRCMD.exe
2012-03-10 16:14:07 ----A---- C:\Windows\MBR.exe
2012-03-10 16:14:07 ----A---- C:\Windows\grep.exe
2012-03-10 16:14:06 ----D---- C:\Windows\ERDNT
2012-03-10 16:14:04 ----D---- C:\Qoobox
2012-03-09 20:42:39 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-03-09 20:42:39 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-08 18:03:09 ----D---- C:\Program Files\CCleaner
2012-03-06 21:32:01 ----A---- C:\TDSSKiller.2.7.19.0_06.03.2012_20.32.01_log.txt
2012-03-03 16:49:57 ----D---- C:\Program Files (x86)\Setup Files
2012-03-03 16:44:05 ----D---- C:\Program Files (x86)\MSI
2012-03-03 14:27:56 ----D---- C:\Windows\pss
2012-03-02 20:06:30 ----D---- C:\Users\Tim\AppData\Roaming\Malwarebytes
2012-03-02 20:06:10 ----D---- C:\ProgramData\Malwarebytes
2012-03-02 20:06:10 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-02 20:06:10 ----A---- C:\Windows\system32\drivers\mbam.sys
2012-02-29 13:26:56 ----A---- C:\Windows\SYSWOW64\nvStreaming.exe
2012-02-27 21:56:39 ----D---- C:\ProgramData\NVIDIA
2012-02-27 21:56:05 ----A---- C:\Windows\system32\nvvsvc.exe
2012-02-27 21:56:05 ----A---- C:\Windows\system32\nvsvc64.dll
2012-02-27 21:56:05 ----A---- C:\Windows\system32\nvshext.dll
2012-02-27 21:56:05 ----A---- C:\Windows\system32\nvmctray.dll
2012-02-27 21:56:05 ----A---- C:\Windows\system32\nvcpl.dll
2012-02-27 21:55:31 ----D---- C:\ProgramData\NVIDIA Corporation
2012-02-27 21:44:59 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2012-02-27 21:44:59 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2012-02-27 21:44:59 ----A---- C:\Windows\system32\nvwgf2umx.dll
2012-02-27 21:44:59 ----A---- C:\Windows\system32\nvgenco64.dll
2012-02-27 21:44:59 ----A---- C:\Windows\system32\nvdispco64.dll
2012-02-27 21:44:58 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2012-02-27 21:44:58 ----A---- C:\Windows\system32\nvapi64.dll
2012-02-27 20:52:45 ----D---- C:\Program Files\iTunes
2012-02-27 20:52:45 ----D---- C:\Program Files\iPod
2012-02-21 15:39:30 ----A---- C:\Windows\system32\drivers\SBREDrv.sys
2012-02-21 15:29:32 ----A---- C:\Windows\SYSWOW64\rp_stats.dat
2012-02-21 15:29:32 ----A---- C:\Windows\SYSWOW64\rp_rules.dat
2012-02-21 15:28:47 ----D---- C:\ProgramData\Lavasoft
2012-02-17 04:02:34 ----D---- C:\Program Files (x86)\MSXML 4.0
2012-02-15 10:40:50 ----D---- C:\ProgramData\WEBREG
2012-02-15 10:40:30 ----D---- C:\Users\Tim\AppData\Roaming\HP
2012-02-15 10:38:29 ----D---- C:\Users\Tim\AppData\Roaming\Yahoo!
2012-02-15 10:38:29 ----D---- C:\ProgramData\Yahoo! Companion
2012-02-15 10:38:28 ----D---- C:\Program Files (x86)\Yahoo!
2012-02-15 10:37:46 ----D---- C:\ProgramData\HP Product Assistant
2012-02-15 10:37:28 ----D---- C:\Windows\SYSWOW64\spool
2012-02-15 10:35:17 ----A---- C:\Windows\SYSWOW64\hpzc364w.dll
2012-02-15 10:35:17 ----A---- C:\Windows\system32\hpz3l64w.dll
2012-02-15 10:35:16 ----A---- C:\Windows\SYSWOW64\hpcdmc32.dll
2012-02-15 10:35:08 ----D---- C:\Program Files (x86)\HP
2012-02-15 10:35:07 ----D---- C:\Config.Msi
2012-02-15 10:34:39 ----N---- C:\Windows\hpwmdl14.dat
2012-02-15 10:34:39 ----A---- C:\Windows\hpwins14.dat
2012-02-15 10:34:23 ----D---- C:\ProgramData\HP
2012-02-15 10:34:08 ----A---- C:\Windows\system32\hpzids40.dll
2012-02-15 10:34:08 ----A---- C:\Windows\system32\hpwwiax3.dll
2012-02-15 10:34:08 ----A---- C:\Windows\system32\hpwtiop3.dll
2012-02-15 10:34:07 ----A---- C:\Windows\system32\hppldcoi.dll
2012-02-15 10:34:07 ----A---- C:\Windows\system32\hpovst11.dll
2012-02-15 04:00:39 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-02-15 04:00:39 ----A---- C:\Windows\system32\mshtmled.dll
2012-02-15 04:00:39 ----A---- C:\Windows\system32\iertutil.dll
2012-02-15 04:00:38 ----A---- C:\Windows\SYSWOW64\url.dll
2012-02-15 04:00:38 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-02-15 04:00:38 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-02-15 04:00:38 ----A---- C:\Windows\system32\url.dll
2012-02-15 04:00:38 ----A---- C:\Windows\system32\jscript9.dll
2012-02-15 04:00:37 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-02-15 04:00:37 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-02-15 04:00:37 ----A---- C:\Windows\system32\jscript.dll
2012-02-15 04:00:37 ----A---- C:\Windows\system32\ieui.dll
2012-02-15 04:00:36 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-02-15 04:00:36 ----A---- C:\Windows\system32\urlmon.dll
2012-02-15 04:00:36 ----A---- C:\Windows\system32\jsproxy.dll
2012-02-15 04:00:35 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-02-15 04:00:35 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-02-15 04:00:35 ----A---- C:\Windows\system32\wininet.dll
2012-02-15 04:00:34 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-02-15 04:00:33 ----A---- C:\Windows\system32\mshtml.dll
2012-02-15 04:00:32 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-02-15 04:00:32 ----A---- C:\Windows\system32\ieframe.dll
2012-02-14 14:44:18 ----A---- C:\Windows\system32\shell32.dll
2012-02-14 14:44:17 ----A---- C:\Windows\SYSWOW64\shell32.dll
2012-02-14 14:44:16 ----A---- C:\Windows\SYSWOW64\ntshrui.dll
2012-02-14 14:44:16 ----A---- C:\Windows\system32\ntshrui.dll
2012-02-14 14:44:11 ----A---- C:\Windows\system32\drivers\afd.sys
2012-02-14 14:44:07 ----A---- C:\Windows\SYSWOW64\msvcrt.dll
2012-02-14 14:44:07 ----A---- C:\Windows\system32\msvcrt.dll
2012-01-18 04:01:42 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2012-01-18 04:01:42 ----A---- C:\Windows\SYSWOW64\secur32.dll
2012-01-18 04:01:42 ----A---- C:\Windows\SYSWOW64\schannel.dll
2012-01-18 04:01:42 ----A---- C:\Windows\system32\sspisrv.dll
2012-01-18 04:01:42 ----A---- C:\Windows\system32\secur32.dll
2012-01-18 04:01:42 ----A---- C:\Windows\system32\schannel.dll
2012-01-18 04:01:42 ----A---- C:\Windows\system32\lsass.exe
2012-01-18 04:01:42 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2012-01-18 04:01:42 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-01-18 04:01:41 ----A---- C:\Windows\SYSWOW64\webio.dll
2012-01-18 04:01:41 ----A---- C:\Windows\system32\webio.dll
2012-01-18 04:01:41 ----A---- C:\Windows\system32\sspicli.dll
2012-01-18 04:01:41 ----A---- C:\Windows\system32\lsasrv.dll
2012-01-18 04:01:41 ----A---- C:\Windows\system32\drivers\cng.sys
======List of files/folders modified in the last 2 months======
2012-03-17 16:06:00 ----D---- C:\Windows\system32\config
2012-03-17 16:05:57 ----D---- C:\Windows\winsxs
2012-03-17 16:02:45 ----D---- C:\Windows\Prefetch
2012-03-17 16:02:23 ----RD---- C:\Program Files
2012-03-17 16:01:53 ----D---- C:\Windows\Temp
2012-03-17 15:57:08 ----RD---- C:\Program Files (x86)
2012-03-17 15:55:58 ----SHD---- C:\Windows\Installer
2012-03-17 15:55:42 ----DC---- C:\Windows\system32\DRVSTORE
2012-03-17 15:55:42 ----D---- C:\Windows\system32\drivers
2012-03-17 15:55:42 ----D---- C:\Windows\System32
2012-03-17 15:55:26 ----SHD---- C:\System Volume Information
2012-03-17 03:04:24 ----RSD---- C:\Windows\assembly
2012-03-16 19:24:13 ----D---- C:\Program Files (x86)\Steam
2012-03-16 14:30:56 ----D---- C:\Windows\system32\Tasks
2012-03-16 14:30:37 ----D---- C:\Windows\Tasks
2012-03-16 05:15:58 ----D---- C:\Windows\inf
2012-03-16 05:15:58 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-03-15 19:27:48 ----D---- C:\ProgramData
2012-03-15 03:00:26 ----D---- C:\Windows\system32\catroot2
2012-03-14 03:20:14 ----D---- C:\Windows\SysWOW64
2012-03-14 03:04:06 ----D---- C:\Windows\system32\catroot
2012-03-14 03:02:58 ----D---- C:\Windows\debug
2012-03-14 03:02:55 ----A---- C:\Windows\system32\MRT.exe
2012-03-13 20:38:59 ----D---- C:\Windows
2012-03-13 20:29:36 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2012-03-13 20:29:13 ----D---- C:\Windows\system32\DriverStore
2012-03-13 20:28:27 ----D---- C:\NVIDIA
2012-03-12 19:20:57 ----D---- C:\Windows\Logs
2012-03-12 03:02:18 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-03-11 08:53:08 ----D---- C:\Program Files (x86)\Common Files
2012-03-10 16:19:06 ----A---- C:\Windows\system.ini
2012-03-10 16:17:25 ----D---- C:\Windows\SYSWOW64\drivers
2012-03-10 16:17:25 ----D---- C:\Windows\AppPatch
2012-03-10 16:17:24 ----D---- C:\Program Files\Common Files
2012-03-10 09:57:21 ----D---- C:\Windows\system32\NDF
2012-03-08 18:07:21 ----D---- C:\Users\Tim\AppData\Roaming\Ventrilo
2012-03-08 18:07:21 ----D---- C:\Users\Tim\AppData\Roaming\Skype
2012-03-08 18:07:16 ----D---- C:\Windows\Panther
2012-03-08 18:07:16 ----D---- C:\Windows\Minidump
2012-03-07 19:12:21 ----D---- C:\Windows\Downloaded Program Files
2012-03-02 18:17:21 ----D---- C:\ProgramData\Adobe
2012-03-02 18:17:18 ----D---- C:\Program Files (x86)\Adobe
2012-03-01 20:24:56 ----D---- C:\Windows\system32\LogFiles
2012-02-28 04:12:55 ----D---- C:\Windows\Microsoft.NET
2012-02-27 21:56:57 ----RD---- C:\Users
2012-02-27 21:55:58 ----D---- C:\Program Files\NVIDIA Corporation
2012-02-27 21:49:04 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-02-27 20:53:16 ----D---- C:\Program Files (x86)\iTunes
2012-02-26 15:40:17 ----D---- C:\Windows\system32\drivers\etc
2012-02-15 10:40:19 ----A---- C:\Windows\win.ini
2012-02-15 10:39:39 ----D---- C:\Windows\twain_32
2012-02-15 10:37:50 ----RSD---- C:\Windows\Fonts
2012-02-15 04:23:20 ----D---- C:\Windows\SYSWOW64\migration
2012-02-15 04:23:20 ----D---- C:\Windows\system32\migration
2012-02-15 04:23:20 ----D---- C:\Program Files\Internet Explorer
2012-02-15 04:23:20 ----D---- C:\Program Files (x86)\Internet Explorer
2012-02-13 09:44:12 ----D---- C:\Windows\system32\wdi
2012-02-11 20:32:44 ----D---- C:\Program Files (x86)\StarCraft II
2012-02-10 10:54:49 ----D---- C:\ProgramData\PMB Files
2012-01-31 07:44:20 ----N---- C:\Windows\system32\MpSigStub.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2010-04-09 244328]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\netr7364.sys [2010-02-24 726816]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 NVNET;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6264.sys [2010-03-04 349416]
R3 P17;SB Audigy; C:\Windows\system32\drivers\P17.sys [2009-10-16 1309696]
R3 Point64;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point64.sys [2011-04-13 45432]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-13 95232]
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-12-10 23152]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [2010-04-30 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [2010-04-30 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-10 33592]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136]
S3 NTIOLib_1_0_6;NTIOLib_1_0_6; \??\C:\Program Files (x86)\Setup Files\Ms7380v140\NTIOLib_X64.sys [2011-01-06 11888]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-13 12288]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2011-05-10 51712]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-13 23040]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 27136]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2008-11-18 307200]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [2010-01-21 496232]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-13 27136]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-13 27136]
R2 McciCMService;McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [2010-04-30 319488]
R2 McciCMService64;McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [2010-04-30 517632]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2010-01-21 209000]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-02-29 889664]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-13 27136]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-01-16 934760]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-03-15 489256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 27136]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-08-05 79360]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-13 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-08-06 1255736]
S4 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
-----------------EOF-----------------

################################################################################


QuickScan 32-bit v0.9.9.111
---------------------------
Scan date: Sat Mar 17 16:25:49 2012
Machine ID: 54AF1884

No infection found.
-------------------

Processes
---------
hpwuSchd Application 3608 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
Creative Audio Service 820 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
Flash® Player Installer/Uninstaller 2488 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
GPCore COM object 4340 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
HP Digital Imaging 3688 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
HP Digital Imaging 3832 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
iTunes 3600 C:\Program Files (x86)\iTunes\iTunesHelper.exe
Java™ Platform SE Auto Updater 2 0 3576 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
mcci+McciCMService 1392 C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
Microsoft® Windows® Operating System 3592 C:\Windows\SysWOW64\rundll32.exe
MobileDeviceService 1932 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
NVIDIA Update Components 5088 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
Pando Media Booster 3292 C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
Stereo Vision Control Panel API Server 760 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
Windows® Internet Explorer 1980 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 2620 C:\Program Files (x86)\Internet Explorer\iexplore.exe
(verified) Microsoft® Visual Studio .NET 2200 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(verified) Microsoft® Windows® Operating System 1992 C:\Windows\SysWOW64\svchost.exe

Network activity
----------------
Process iexplore.exe (2620) connected on port 80 (HTTP) --> 216.115.110.118
Process iexplore.exe (2620) connected on port 80 (HTTP) --> 216.115.110.118
Process iexplore.exe (2620) connected on port 80 (HTTP) --> 209.191.92.114
Process iexplore.exe (2620) connected on port 443 (HTTP over SSL) --> 23.13.109.227
Process iexplore.exe (2620) connected on port 80 (HTTP) --> 23.13.111.139
Process iexplore.exe (2620) connected on port 80 (HTTP) --> 23.13.111.139
Process iexplore.exe (2620) connected on port 80 (HTTP) --> 208.46.17.152
Process iexplore.exe (2620) connected on port 80 (HTTP) --> 208.46.17.152
Process iexplore.exe (2620) connected on port 80 (HTTP) --> 66.235.142.2
Process iexplore.exe (2620) connected on port 80 (HTTP) --> 66.235.142.2
Process iexplore.exe (2620) connected on port 80 (HTTP) --> 67.215.245.19
Process iexplore.exe (2620) connected on port 80 (HTTP) --> 67.215.245.19
Process iexplore.exe (2620) connected on port 80 (HTTP) --> 188.165.220.204
Process PMB.exe (3292) listens on ports: 443 (HTTP over SSL), 563 (NNTP over SSL), 57455

Autoruns and critical files
---------------------------
hpwuSchd Application C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
P17Run Endpoints Dynamic Link Library C:\Windows\system32\P17RunE.dll
Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Apple Push C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
BootStartLiveupdate.exe C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe
Download Manager C:\Program Files (x86)\Download Manager\DLM.exe
Flash® Player Installer/Uninstaller C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
HP Digital Imaging C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe
Java™ Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Pando Media Booster C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe
Steam C:\Program Files (x86)\Steam\Steam.exe
Windows® Internet Explorer c:\windows\syswow64\webcheck.dll
(verified) Google Update C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe

Browser plugins
---------------
AcroIEHelperShim Library C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
Download Manager IE Control C:\Windows\Downloaded Program Files\DLMControl.dll
Flash® Player Installer/Uninstaller C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
Google Update C:\Users\Tim\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
HP Smart Web Printing c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
HP Smart Web Printing c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
IGN Download Manager Plug-in C:\Program Files (x86)\Download Manager\npfpdlm.dll
Java™ Platform SE 6 U27 C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U27 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
Motive Plugin C:\Program Files (x86)\Common Files\Motive\npMotive.dll
npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
NVIDIA 3D Vision C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
NVIDIA 3D VISION C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
NVIDIA Application Filter C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
NVIDIA Application Filter C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll
Pando Web Plugin C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
Windows® Internet Explorer c:\windows\syswow64\ieframe.dll
Yahoo! Single Instance for Mail c:\program files (x86)\yahoo!\companion\installs\cpn\ytsingleinstance.dll
Yahoo! Toolbar c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll

Scan
----
MD5: 1fa3b42da40d0f387a7899a9731a2e94 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
MD5: 505f022493d471025add399a4162208b C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files (x86)\Bonjour\mdnsNSP.dll
MD5: 2cbca94abccb2b79e4693ba0e4fc85be C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
MD5: 1f9b3487739b31c3d770728cb157a54d C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
MD5: b8e421c0890356cd4a793d8a346d9096 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: 1f3ff6c062b311fe410ec89f6bfac213 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
MD5: 37cf2461cb5e40c4cfab82c8fc79a2bc C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
MD5: fc33cbbb9cadcec307da010fe763d04c C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll
MD5: 054b87c872292a960b9b8a834b34dfa7 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: 149d74e1128a86dc9cfb2851fbea11eb C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
MD5: 250bf888ddbe88d61eb19a9d4957c794 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: 5a963c340de1a01ba6e24945ce05d16a C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
MD5: f4bc62990e7e5c29799a895b80fc3177 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
MD5: 73862ff693168369a90f046e7f227b83 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MD5: 794950db77aa590c2964eca0a5874a09 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
MD5: 8ba9851e671e8b5e49e303748ffd530c C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
MD5: 2503287bd19ae52e36e9de42834a2ac0 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.DLL
MD5: 2e14406e05789f91c9282ae7cfca3a07 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MD5: 3debbecf665dcdde3a95d9b902010817 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: 1224bc6de919f8cd8c1c945280e63852 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
MD5: 06a4250c9e3606cae3f68da45702f342 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
MD5: 905b5bf5be0a86e8412801bf20357195 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll
MD5: c0ead9f8ab83d41ff07303c75589c2b8 C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
MD5: 6e3245df783e58375b3465f03274743e C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MD5: e6cb119ef2e148eaa1a247343550756e C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
MD5: b73b5999d47cd9727264f557626bce3a C:\Program Files (x86)\Common Files\Motive\npMotive.dll
MD5: 407a1253f6eafb40cdb9ab2802dd946f C:\Program Files (x86)\Common Files\Steam\SteamService.exe
MD5: 69cdba2b9c397e349a04fa70dd9170a2 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
MD5: cc4c812e4bb09fd47aa38e5d3172cffe C:\Program Files (x86)\Download Manager\DLM.exe
MD5: 546ed69c34e82f2326d17508d3768f4a C:\Program Files (x86)\Download Manager\npfpdlm.dll
MD5: 09ef4ebe20aae0992f612aff38ce4984 C:\Program Files (x86)\HP\Digital Imaging\bin\hpocxi08.dll
MD5: 07de0d8b45b87c4dfff2f2efe56f10e0 C:\Program Files (x86)\HP\Digital Imaging\bin\hpodio08.dll
MD5: 0335b80f0c3f3d2be9e1f34292a33d98 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
MD5: 9d32ccc9fa270046a92e0255bc1ca7f7 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcob08.dll
MD5: 08457d8f8149757c70cea59c71ec5d27 c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll
MD5: e14cf5255c46e1556e344cd720f34f25 c:\program files (x86)\hp\digital imaging\bin\hpqddcmn.dll
MD5: 75cc8c5146a3fb76221a7606628778d5 c:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll
MD5: 347a39b69ac03b8f56d8807b989f5ca8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpb01.dll
MD5: 883008a9b5bff94a153d99dba54cb5c1 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
MD5: cc190b07e357bcd40c2afb57b9a67b7f C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpreh.dll
MD5: 59d4fad70ce78c700130236d77bd5b05 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsem08.rsc
MD5: 9f372bf6410ded44e36eb97aa87910eb C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSplh08.dll
MD5: becb2f793d826583c6d42bee2680b807 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqssm08.dll
MD5: f12ff2ecb2f6f7d9c5062d67d8334ae9 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
MD5: 2cbece0c6e6fd071b073c317eb7eae28 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsti08.dll
MD5: 7721ce64fb3675ad6c20ed1fdda639a0 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.dll
MD5: 6dae7b4b08ba0f5bb8ea2ba333e8ee29 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.rsc
MD5: e986d1068aef099ca3be2aeab4c8d643 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
MD5: d488b2c96355f6d403d4a73454c2bc9c C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwso08.dll
MD5: f37882f128efacefe353e0bae2766909 C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
MD5: cbbaf06c2ac8882d239c8dc5bfa197fd C:\Program Files (x86)\HP\Digital Imaging\Product Assistant\bin\hprbevst.dll
MD5: 67a7e5daca78544c826b16cd8c816a5c c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
MD5: c05a0b625dfe1f6d25e5430746a180d1 c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
MD5: 21293443961a4e2597453ee7a9347f22 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
MD5: a1659e4d08fe8d0f0bc61960d8c0369e C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MD5: cf5d4889c15cc8a40be54f55f27093b1 C:\Program Files (x86)\Internet Explorer\IEShims.dll
MD5: 904e13ba41af2e353a32cf351ca53639 C:\Program Files (x86)\Internet Explorer\iexplore.exe
MD5: 1fa3b42da40d0f387a7899a9731a2e94 C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
MD5: e4ce6c4ae730e0ec87fc5da4cd1946ad C:\Program Files (x86)\iTunes\iTunesHelper.dll
MD5: 0dcac41eb58a45049bd7ff665c32d5f4 C:\Program Files (x86)\iTunes\iTunesHelper.exe
MD5: e7be61eb1bde3921ff0cdd24f1535332 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
MD5: 93a67ad03fd9c2286a4a5ad9a67f381a C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
MD5: 64151c0799431e0304ae1bd6202131a7 C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
MD5: 6f158c6029d841a5f37708cc2bbf3362 C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
MD5: 41700402834f793a8c06731e5cfba62a C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
MD5: 056b19651bd7b7ce5f89a3ac46dbdc08 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
MD5: 3af4eaedbf40072525b89b45ee51d3fd C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe
MD5: 192476c10371dc83243d67432b2cdcbf C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys
MD5: 1b32c54b95121ab1683c7b83b2db4b96 C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys
MD5: 052db5027eae1ae6fbf02e347aaf1cd7 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
MD5: 5373b9ac92779ce4b6ff9051c3516989 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
MD5: fc0a58529a02b1eed55ddc58696b7908 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
MD5: bd012dc22c78be1071bc21eb125d782f C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
MD5: 63da5cad540ef9074ed25daff40fc299 C:\Program Files (x86)\Pando Networks\Media Booster\BugSplat.dll
MD5: d2af7a30e4b7ba1c743f0dce11e04b5e C:\Program Files (x86)\Pando Networks\Media Booster\freebl3.dll
MD5: 0efa66e9384dbced4d639fb9bdd97536 C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
MD5: 4c5e139fab02bee58edc88e1512110fb C:\Program Files (x86)\Pando Networks\Media Booster\nspr4.dll
MD5: cbfa0b98efbeb31d5b98c5bfb918328f C:\Program Files (x86)\Pando Networks\Media Booster\nss3.dll
MD5: 80a44106ac048d325b4f667b24de1e40 C:\Program Files (x86)\Pando Networks\Media Booster\plc4.dll
MD5: c96442e1d75a229e9a583e6773ff4b6f C:\Program Files (x86)\Pando Networks\Media Booster\plds4.dll
MD5: c7144387e236687f8fb3f26fc845a822 C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MD5: 6a5ed595e0cad51dde2da14edc8f4bff C:\Program Files (x86)\Pando Networks\Media Booster\smime3.dll
MD5: 63c5640c22ed06766b7edd04abe76287 C:\Program Files (x86)\Pando Networks\Media Booster\softokn3.dll
MD5: b4af61bda9d4c58fb9b67b9759a98205 C:\Program Files (x86)\Pando Networks\Media Booster\ssl3.dll
MD5: af43c4f7f3c8bc95dad95024f96cdc4a C:\Program Files (x86)\QuickTime\QTTask.exe
MD5: c02f70960fa934b8defa16a03d7f6556 C:\Program Files (x86)\Setup Files\Ms7380v140\NTIOLib_X64.sys
MD5: 67384147dd005e54d2c0a20408e28579 C:\Program Files (x86)\Steam\Steam.exe
MD5: 6a2e0e49a4f2a9df3e6293e37e7486bd c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
MD5: f64c4241fe5e519f62c47c361dc671d7 c:\program files (x86)\yahoo!\companion\installs\cpn\ytsingleinstance.dll
MD5: f9d908de6b166dac9b89bf62fa291ce8 C:\Program Files\Bonjour\mdnsNSP.dll
MD5: ebbcd5dfbb1de70e8f4af8fa59e401fd C:\Program Files\Bonjour\mDNSResponder.exe
MD5: be3d584d7c021eb7d89166eecb83c341 C:\Program Files\Common Files\Motive\McciCMService.exe
MD5: ee4c2a137c7088911a8919effc9812e7 C:\Program Files\iPod\bin\iPodService.exe
MD5: 157e9e498206a3366baa7e4697bdd947 c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
MD5: 566ddd5d82520da01d75f81428ac4c38 c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
MD5: 76fcbfd0c78de110468b356f85ec6db3 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
MD5: 13c0d9cba38ffa6d0c9e721b5e7212a0 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
MD5: e12e992a1582f2429d3d290296672f92 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
MD5: d61c339a4dd1df2c138514307439e048 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll
MD5: a9f3bfc9345f49614d5859ec95b9e994 C:\Program Files\Windows Media Player\wmpnetwk.exe
MD5: 9bd4dcb5412921864a7aacdedfbd1923 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
MD5: 07c02c892e8e1a72d6bf35004f0e9c5e C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
MD5: 27626506e07795bb6357f7f2ef78a90b C:\Users\Tim\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
MD5: 9c17dcd6ddfeb1a012544faf4f2789f6 C:\Windows\AppPatch\AcGenral.DLL
MD5: 368b2bee3f88bfb883d2c74a258de6f6 C:\Windows\AppPatch\AcLayers.DLL
MD5: 6d7de520d8aa80a243347becd401eb54 C:\Windows\AppPatch\AcWow64.DLL
MD5: af78e9d4d1ed741039fa610157f91711 C:\Windows\Downloaded Program Files\DLMControl.dll
MD5: 4334ac34536737bb13dc47b07b7a0c42 C:\Windows\Downloaded Program Files\qsax.dll
MD5: c4002b6b41975f057d98c439030cea07 C:\Windows\ehome\ehRecvr.exe
MD5: 332feab1435662fc6c672e25beb37be3 C:\Windows\Explorer.exe
MD5: 5988fc40f8db5b0739cd1e3a5d0d78bd C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
MD5: a8b7f3818ab65695e3a0bb3279f6dce6 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
MD5: 773212b2aaa24c1e31f10246b15b276c C:\Windows\servicing\TrustedInstaller.exe
MD5: 37ce7a79d901235504f9add99a7ac177 C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
MD5: 7a044b0746d957bfd7aae18cfd8422c5 C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
MD5: 0a12d948b2cc7fbb01e28daa5e7c01ea C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
MD5: cb4863f2bd46aa02d954b86b56a149da C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
MD5: 2cae4ed96aa903578452b85e5383940c C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
MD5: e96170a923a69711b4d08e885f05d889 C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
MD5: 44ca750001f0db8c308d1ca4abd0f8e5 C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
MD5: 15df9eb8daba744e4d0e9b117f760f49 C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
MD5: a2385b02cb492131af6f79959a42a93f C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
MD5: 3ad0832e8e29fbe9bd722e3354dd4f57 C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
MD5: 88dc1714e38d4eb41a4378aab98e753b C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
MD5: a1d4deb5176c96b1a80715f6a1fdfb4f C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
MD5: b302a1630e5aea2d830b76bbcd761d72 C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
MD5: 22f767bb3b704f79363999bd4a49e68e C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
MD5: 00b83152f99e846fefb139c574cd4a96 C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
MD5: 50035c36acee069d0c209288208626d9 C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
MD5: cdf677ad479fa99f2e4d9766b83ef53c C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
MD5: 12c34c7325b74e8347e8db75279a8f3f C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
MD5: 96324ed3218133a13fff82055afac733 C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
MD5: a7bdf88a46bcc218b73e383e6547ba5f C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
MD5: 573c70d7076f2f101752a727db7c2280 C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
MD5: 29b01d02e9ff3d8a63f8747b50a5a1a3 C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
MD5: 0cc90316b34118e3b8af760d92c262a4 C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
MD5: 6f399c3e562c4e69df96039743a7aa26 C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
MD5: f3b94e04053c2483a6fecf953d6661d6 C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
MD5: c6942a18444bfffc3cceca69a7e1879c C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
MD5: f47e08b025ae376ef1342fc9ecfecdf1 C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
MD5: 8a13e14b68e00ac2cb67420396d8a1c5 C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
MD5: 863f793d15b4026b1a5fdeca873d4d84 C:\Windows\system32\apphelp.dll
MD5: c940f2f5c60b3727c5f18840735b229c C:\Windows\System32\audioses.dll
MD5: 7a6986dd659b96398a11af5173892715 C:\Windows\system32\Cabinet.dll
MD5: ad7b9c14083b52bc532fba5948342b98 C:\Windows\system32\cmd.exe
MD5: 4e5fe39c1076d115ec8bfcfe14d75b80 C:\Windows\system32\credssp.dll
MD5: a585bebf7d054bd9618eda0922d5484a C:\Windows\system32\cryptsvc.dll
MD5: 35cede6439ff0d8903223a0817ffe46c C:\Windows\system32\d2d1.dll
MD5: 2de90400a63818fa38c4c5c9adb166bf C:\Windows\system32\d3d10_1.dll
MD5: 9c36a3ca80f9b204c670336d344f5df8 C:\Windows\system32\d3d10_1core.dll
MD5: 162d247e995eaebf3ef4289069e1111c C:\Windows\system32\DEVRTL.dll
MD5: e9e01eb683c132f7fa27cd607b8a2b63 C:\Windows\system32\dhcpcore.dll
MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:\Windows\system32\dnsapi.DLL
MD5: 062373995eae5f0eac9eaa9192136bfb C:\Windows\system32\dnssd.dll
MD5: ccf4e830512c0a298791f1d34b81c215 C:\Windows\system32\DWrite.dll
MD5: 0411b7958c524bb2e91ee1b3035fe321 C:\Windows\system32\dxgi.dll
MD5: 8b88ebbb05a0e56b7dcc708498c02b3e C:\Windows\system32\Explorer.exe
MD5: e2a17bcc08d92f42e08af6ba2f93aba7 C:\Windows\system32\explorerframe.dll
MD5: 03a03a453f1aaae0c73aaaf895321c7a C:\Windows\System32\fwpuclnt.dll
MD5: 1cd5c2dfd2a5bf6da720386679f3c449 C:\Windows\system32\hpzipr12.dll
MD5: 490fc0d07f7c0468e232ab8e8e956719 C:\Windows\system32\IEFRAME.dll
MD5: 07970aa4c392efb133d1a1bfbd66a58f C:\Windows\system32\IEUI.dll
MD5: a6f09e5669d9a19035f6d942caa15882 C:\Windows\system32\IMM32.DLL
MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\system32\iphlpapi.dll
MD5: 243974ec02f7ae49e4179c54624143ab C:\Windows\System32\MMDevApi.dll
MD5: 497c9c3db953a60ec4f43a097e15f75e C:\Windows\system32\MSHTML.dll
MD5: 0ce4d3bd306da6d1f6f233c403f5b667 C:\Windows\system32\msi.dll
MD5: eee470f2a771fc0b543bdeef74fceca0 C:\Windows\system32\msiexec.exe
MD5: 8999b8631c7fd9f7f9ec3cafd953ba24 C:\Windows\system32\mswsock.dll
MD5: 4205ca4cd43e725db9ff02b0a588a8c6 C:\Windows\System32\msxml3.dll
MD5: 8b57a1ad493653bb57f281fe75dd175b C:\Windows\System32\NaturalLanguage6.dll
MD5: 104a1070e90f1c530328e69b49718841 C:\Windows\System32\nlaapi.dll
MD5: 7e9b1c0eff510cdf93a4cfecf9f2b86e C:\Windows\system32\nvwgf2um.dll
MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\system32\OLEACC.dll
MD5: bc6b92e13ec81de9c77fa1816cc325d6 C:\Windows\system32\P17RunE.dll
MD5: 487f44b08efeaf5ad087878357b9403d C:\Windows\system32\pdh.dll
MD5: edd2ad141debd425d74a52a4d7be6ac4 C:\Windows\System32\Perfctrs.dll
MD5: 414bba67a3ded1d28437eb66aeb8a720 C:\Windows\system32\pla.dll
MD5: 12c45e3cb6d65f73209549e2d02eca7a C:\Windows\system32\PROPSYS.dll
MD5: dbc02d918fff1cad628acbe0c0eaa8e8 C:\Windows\system32\provsvc.dll
MD5: 5997d769cdb108390dcfaebf442bf816 C:\Windows\system32\RpcRtRemote.dll
MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159 C:\Windows\system32\rtutils.dll
MD5: 68ecca523ed760aafc03c5d587569859 C:\Windows\system32\samcli.dll
MD5: 236f286e103fd44bd85fdd93097fd5dd C:\Windows\system32\SearchIndexer.exe
MD5: 69678722290c78d5d7198c60b5a4e3e8 C:\Windows\system32\Secur32.dll
MD5: 4ae380f39a0032eab7dd953030b26d28 C:\Windows\system32\sessenv.dll
MD5: 414da952a35bf5d50192e28263b40577 C:\Windows\System32\shsvcs.dll
MD5: 6a1e8deb746912df47cf651e138401d7 C:\Windows\System32\StructuredQuery.dll
MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\Windows\system32\SXS.DLL
MD5: 613bf4820361543956909043a265c6ac C:\Windows\System32\tapisrv.dll
MD5: 465dbf63a5049e4db4bc5c12ffe781cb C:\Windows\system32\tquery.dll
MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:\Windows\system32\USERENV.dll
MD5: 61ac3efdfacfdd3f0f11dd4fd4044223 c:\windows\system32\userinit.exe
MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C:\Windows\system32\wbem\fastprox.dll
MD5: 704314fd398c81d5f342caa5df7b7f21 C:\Windows\system32\wbemcomn.dll
MD5: 34eee0dfaadb4f691d6d5308a51315dc C:\Windows\System32\wcncsvc.dll
MD5: a9d880f97530d5b8fee278923349929d C:\Windows\System32\webclnt.dll
MD5: fb19fc5951a88f3c523e35c2c98d23c0 C:\Windows\system32\webio.dll
MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C:\Windows\system32\windowscodecs.dll
MD5: ca9f7888b524d8100b977c81f44c3234 C:\Windows\system32\WINHTTP.dll
MD5: d5aefad57c08349a4393d987df7c715d C:\Windows\system32\WINMM.dll
MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C:\Windows\system32\WINSPOOL.DRV
MD5: 418e881201583a3039d81f43e39e6c78 C:\Windows\system32\WINSTA.dll
MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc C:\Windows\system32\WsmSvc.dll
MD5: 6a6b2ee4565a178035be2a4ff6f2c968 C:\Windows\system32\WTSAPI32.dll
MD5: edf2a5e96bec469da3f64e9bdd386111 C:\Windows\system32\xmllite.dll
MD5: d2958325c1ae1ae37a83334c6229e3bc C:\Windows\SysWOW64\actxprxy.dll
MD5: 95e2376b3323f062eb562b8586d0f14a C:\Windows\syswow64\ADVAPI32.dll
MD5: 0421441fbf668c7e72eeb658b04aa8c7 C:\Windows\SysWOW64\APOMngr.DLL
MD5: f436e847fa799ecd75ad8c313673f450 C:\Windows\syswow64\CFGMGR32.dll
MD5: 45f681a6de7ccd2e2cc3bae71fc1cb51 C:\Windows\SysWOW64\CmdRtr.DLL
MD5: d1de1eafde97be41cf6585027ff3e732 C:\Windows\syswow64\comdlg32.dll
MD5: 454e292861a4ef1d72f43f42bbaf6917 C:\Windows\syswow64\CRYPT32.dll
MD5: 2eeff4502f5e13b1bed4a04ccad64c08 C:\Windows\syswow64\DEVOBJ.dll
MD5: d6d3ad7bf1d6f6ce9547613ed5e170a2 C:\Windows\syswow64\GDI32.dll
MD5: ee9d715af1b928982f417238b9914484 C:\Windows\SysWOW64\ieapfltr.dll
MD5: 490fc0d07f7c0468e232ab8e8e956719 c:\windows\syswow64\ieframe.dll
MD5: cdf5b6aec538e02d5579e2e791042a1a C:\Windows\syswow64\iertutil.dll
MD5: b2fd31e20b423335fe3273b4bf95813c C:\Windows\syswow64\imagehlp.dll
MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\SysWOW64\IPHLPAPI.DLL
MD5: 2f0971c08f73ee881bb54cc7c11dff7b C:\Windows\SysWOW64\jscript9.dll
MD5: 99c3f8e9cc59d95666eb8d8a8b4c2beb C:\Windows\syswow64\kernel32.dll
MD5: 5c2d21c9b6b6175b89bc5d7e3cb979e1 C:\Windows\syswow64\KERNELBASE.dll
MD5: d5f72e03edf8bdea4847d693237330c7 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.dll
MD5: 54126cddef533083d0ffdb94810ad1aa C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
MD5: 5006b5dba7979cdc3481e24dd0c03802 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MD5: 938f39b50bafe13d6f58c7790682c010 C:\Windows\syswow64\MSASN1.dll
MD5: 0ce4d3bd306da6d1f6f233c403f5b667 C:\Windows\SysWOW64\msi.dll
MD5: 9dc80a8aaaaac397bdab3c67165a824e C:\Windows\syswow64\msvcrt.dll
MD5: e73b0f1819602cb6ef176fb78d76a47b C:\Windows\SysWOW64\ntdll.dll
MD5: 821f621d859ab9d6b31a13db0ef4b5a8 C:\Windows\SysWOW64\OemSpiE.dll
MD5: 928cf7268086631f54c3d8e17238c6dd C:\Windows\syswow64\ole32.dll
MD5: 6c765e82b57f2e66ce9c54ac238471d9 C:\Windows\syswow64\OLEAUT32.dll
MD5: 175ddf1779085d1750a49e49ae73bc94 C:\Windows\SysWOW64\P17APO32.dll
MD5: bc6b92e13ec81de9c77fa1816cc325d6 C:\Windows\SysWOW64\P17RunE.dll
MD5: c5ad8083cf94201f1f8084ecc696a8b7 C:\Windows\syswow64\RPCRT4.dll
MD5: 5997d769cdb108390dcfaebf442bf816 C:\Windows\SysWOW64\RpcRtRemote.dll
MD5: 1affb765af1fdcc0c185c38e9ddddaee C:\Windows\SysWOW64\schannel.dll
MD5: 10fb16b50affda6d44588f3c445dc273 C:\Windows\syswow64\SETUPAPI.dll
MD5: 358fc25391c6733eaf49db480afdfd8c C:\Windows\syswow64\SHELL32.dll
MD5: 8cc3c111d653e96f3ea1590891491d71 C:\Windows\syswow64\SHLWAPI.dll
MD5: 44b2693080979a0e05085b3faaa43a09 C:\Windows\syswow64\SspiCli.dll
MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\Windows\SysWOW64\SXS.DLL
MD5: 79f14b5df9e17e12193337ed4ee1c491 C:\Windows\syswow64\urlmon.dll
MD5: 5e0db2d8b2750543cd2ebb9ea8e6cdd3 C:\Windows\syswow64\USER32.dll
MD5: 804aaafebb3ad5f49334dd906bcb1de5 C:\Windows\syswow64\USP10.dll
MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\syswow64\webcheck.dll
MD5: 1d94fa7c81d2ffe494af094619ba706f C:\Windows\syswow64\WININET.dll
MD5: d5aefad57c08349a4393d987df7c715d C:\Windows\SysWOW64\WINMM.dll
MD5: 2d0d2da87bea7144f2a17f19d0d17e4c C:\Windows\syswow64\WINTRUST.dll
MD5: a8bb45f9ecad993461e0fef8e2a99152 C:\Windows\syswow64\WLDAP32.dll
MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\Windows\syswow64\WS2_32.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: 58a14c45a5cd2528f10a889e7b0c3fc2 C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.DLL
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
MD5: ca6ade4f7761bb15b3325356dc3b82bb C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
MD5: fbfca1a574d47ee575448b719cbbf2e4 C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL
MD5: bdac1aa64495d0f7e1ff810ebbf1f018 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\COMCTL32.dll
MD5: 352b3dc62a0d259a82a052238425c872 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MD5: 0029eba325f2fc9b6ba46bee33f32a09 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll

No file uploaded.
Scan finished - communication took 4 sec
Total traffic - 0.01 MB sent, 0.94 KB recvd
Scanned 376 files and modules - 24 seconds
==============================================================================

#6 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,551 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 18 March 2012 - 09:56 AM

These steps are for timofjungle only. If you are a casual viewer, do NOT try this on your system!
If you are not timofjungle and have a similar problem, do NOT post here; start your own topic


The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!


You will want to print out or copy these instructions to Notepad for Safe offline reference!

Turn off (disable) Lavasoft Ad-Watch and MS Security Essentials antivirus
Right click on the Ad-Watch icon in the system tray.
At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
Active: This will turn Ad-Watch On\Off without closing it.
Automatic: Suspicious activity will be blocked automatically.
Uncheck both of those boxes.

Turn off MS Sec Essentials (leave firewall on)
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Step 2
Download aswMBR.exe ( 511KB ) to your desktop.
RIGHT click on aswMBR.exe and select Run As Administrator to start.

change the a-v scan to None.

uncheck trace disk IO calls


Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Step 3
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Step 4
Turn off MS Sec Essentials (leave firewall on)
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Click on Scan.
  • Click on Report and copy/paste the content of the notepad into your next reply.

Step 5
If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Right- click on Combo-Fix.exe on your Desktop Posted Image and select "Run as Administrator".
  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.

    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.


A file will be created at => C:\Combofix.txt.
Note:
Do not mouseclick combofix's window nor run any program while Combofix is running.
That may cause it to stall.

Reply with a copy of the C:\Combofix.txt log

Step 6
RE-Enable your antivirus program.

Copy and Paste into reply the contents of aswMBR log
TDSSKILLER log
RogueKiller log
C:\Combofix.txt
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#7 timofjungle

timofjungle

    New Member

  • Members
  • Pip
  • 7 posts

Posted 18 March 2012 - 02:06 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-18 13:31:12
-----------------------------
13:31:12.005 OS Version: Windows x64 6.1.7601 Service Pack 1
13:31:12.005 Number of processors: 2 586 0x170A
13:31:12.005 ComputerName: TIM-PC UserName: Tim
13:31:13.115 Initialize success
13:39:38.611 AVAST engine defs: 12031700
13:40:27.670 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
13:40:27.670 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
13:40:27.686 Disk 0 MBR read successfully
13:40:27.686 Disk 0 MBR scan
13:40:27.694 Disk 0 Windows 7 default MBR code
13:40:27.694 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:40:27.709 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
13:40:27.725 Disk 0 scanning C:\Windows\system32\drivers
13:40:35.016 Service scanning
13:40:50.878 Modules scanning
13:40:50.878 Scan finished successfully
13:41:54.030 Disk 0 MBR has been saved successfully to "C:\Users\Tim\Desktop\Reports\MBR.dat"
13:41:54.030 The log file has been saved successfully to "C:\Users\Tim\Desktop\Reports\aswMBR.txt"


################################################################################


13:42:52.0017 4672 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
13:42:52.0463 4672 ============================================================
13:42:52.0463 4672 Current date / time: 2012/03/18 13:42:52.0463
13:42:52.0463 4672 SystemInfo:
13:42:52.0463 4672
13:42:52.0463 4672 OS Version: 6.1.7601 ServicePack: 1.0
13:42:52.0463 4672 Product type: Workstation
13:42:52.0463 4672 ComputerName: TIM-PC
13:42:52.0463 4672 UserName: Tim
13:42:52.0463 4672 Windows directory: C:\Windows
13:42:52.0463 4672 System windows directory: C:\Windows
13:42:52.0463 4672 Running under WOW64
13:42:52.0463 4672 Processor architecture: Intel x64
13:42:52.0463 4672 Number of processors: 2
13:42:52.0463 4672 Page size: 0x1000
13:42:52.0463 4672 Boot type: Normal boot
13:42:52.0463 4672 ============================================================
13:42:53.0246 4672 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:42:53.0253 4672 \Device\Harddisk0\DR0:
13:42:53.0253 4672 MBR used
13:42:53.0253 4672 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:42:53.0253 4672 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
13:42:53.0277 4672 Initialize success
13:42:53.0277 4672 ============================================================
13:43:13.0342 0892 ============================================================
13:43:13.0342 0892 Scan started
13:43:13.0342 0892 Mode: Manual;
13:43:13.0342 0892 ============================================================
13:43:13.0920 0892 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:43:13.0928 0892 1394ohci - ok
13:43:13.0959 0892 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:43:13.0967 0892 ACPI - ok
13:43:14.0006 0892 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:43:14.0006 0892 AcpiPmi - ok
13:43:14.0038 0892 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:43:14.0045 0892 adp94xx - ok
13:43:14.0053 0892 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:43:14.0061 0892 adpahci - ok
13:43:14.0077 0892 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:43:14.0077 0892 adpu320 - ok
13:43:14.0131 0892 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:43:14.0139 0892 AFD - ok
13:43:14.0170 0892 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:43:14.0178 0892 agp440 - ok
13:43:14.0202 0892 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:43:14.0202 0892 aliide - ok
13:43:14.0217 0892 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:43:14.0217 0892 amdide - ok
13:43:14.0241 0892 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:43:14.0241 0892 AmdK8 - ok
13:43:14.0256 0892 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:43:14.0256 0892 AmdPPM - ok
13:43:14.0288 0892 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:43:14.0288 0892 amdsata - ok
13:43:14.0312 0892 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:43:14.0312 0892 amdsbs - ok
13:43:14.0328 0892 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:43:14.0328 0892 amdxata - ok
13:43:14.0367 0892 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:43:14.0367 0892 AppID - ok
13:43:14.0406 0892 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:43:14.0406 0892 arc - ok
13:43:14.0421 0892 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:43:14.0421 0892 arcsas - ok
13:43:14.0453 0892 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:43:14.0460 0892 AsyncMac - ok
13:43:14.0492 0892 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:43:14.0500 0892 atapi - ok
13:43:14.0546 0892 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:43:14.0554 0892 b06bdrv - ok
13:43:14.0585 0892 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:43:14.0585 0892 b57nd60a - ok
13:43:14.0625 0892 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:43:14.0625 0892 Beep - ok
13:43:14.0664 0892 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:43:14.0664 0892 blbdrive - ok
13:43:14.0734 0892 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:43:14.0734 0892 bowser - ok
13:43:14.0742 0892 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:43:14.0742 0892 BrFiltLo - ok
13:43:14.0757 0892 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:43:14.0757 0892 BrFiltUp - ok
13:43:14.0789 0892 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:43:14.0789 0892 BridgeMP - ok
13:43:14.0812 0892 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:43:14.0812 0892 Brserid - ok
13:43:14.0828 0892 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:43:14.0828 0892 BrSerWdm - ok
13:43:14.0843 0892 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:43:14.0843 0892 BrUsbMdm - ok
13:43:14.0851 0892 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:43:14.0851 0892 BrUsbSer - ok
13:43:14.0867 0892 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:43:14.0867 0892 BTHMODEM - ok
13:43:14.0882 0892 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:43:14.0882 0892 cdfs - ok
13:43:14.0914 0892 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
13:43:14.0921 0892 cdrom - ok
13:43:14.0945 0892 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:43:14.0945 0892 circlass - ok
13:43:14.0976 0892 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:43:14.0984 0892 CLFS - ok
13:43:15.0015 0892 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:43:15.0015 0892 CmBatt - ok
13:43:15.0039 0892 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:43:15.0039 0892 cmdide - ok
13:43:15.0078 0892 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:43:15.0085 0892 CNG - ok
13:43:15.0101 0892 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:43:15.0101 0892 Compbatt - ok
13:43:15.0140 0892 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:43:15.0140 0892 CompositeBus - ok
13:43:15.0164 0892 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:43:15.0164 0892 crcdisk - ok
13:43:15.0234 0892 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
13:43:15.0234 0892 CSC - ok
13:43:15.0281 0892 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:43:15.0281 0892 DfsC - ok
13:43:15.0296 0892 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:43:15.0296 0892 discache - ok
13:43:15.0313 0892 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:43:15.0313 0892 Disk - ok
13:43:15.0368 0892 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:43:15.0368 0892 drmkaud - ok
13:43:15.0399 0892 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:43:15.0407 0892 DXGKrnl - ok
13:43:15.0477 0892 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:43:15.0532 0892 ebdrv - ok
13:43:15.0563 0892 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:43:15.0571 0892 elxstor - ok
13:43:15.0602 0892 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:43:15.0602 0892 ErrDev - ok
13:43:15.0625 0892 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:43:15.0625 0892 exfat - ok
13:43:15.0641 0892 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:43:15.0641 0892 fastfat - ok
13:43:15.0665 0892 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:43:15.0665 0892 fdc - ok
13:43:15.0696 0892 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:43:15.0696 0892 FileInfo - ok
13:43:15.0711 0892 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:43:15.0711 0892 Filetrace - ok
13:43:15.0727 0892 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:43:15.0727 0892 flpydisk - ok
13:43:15.0766 0892 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:43:15.0766 0892 FltMgr - ok
13:43:15.0805 0892 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:43:15.0805 0892 FsDepends - ok
13:43:15.0821 0892 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:43:15.0821 0892 Fs_Rec - ok
13:43:15.0875 0892 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:43:15.0875 0892 fvevol - ok
13:43:15.0891 0892 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:43:15.0899 0892 gagp30kx - ok
13:43:15.0915 0892 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:43:15.0915 0892 GEARAspiWDM - ok
13:43:15.0930 0892 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:43:15.0930 0892 hcw85cir - ok
13:43:15.0977 0892 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:43:15.0977 0892 HdAudAddService - ok
13:43:15.0993 0892 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:43:15.0993 0892 HDAudBus - ok
13:43:16.0008 0892 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:43:16.0008 0892 HidBatt - ok
13:43:16.0024 0892 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:43:16.0024 0892 HidBth - ok
13:43:16.0040 0892 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:43:16.0040 0892 HidIr - ok
13:43:16.0071 0892 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:43:16.0071 0892 HidUsb - ok
13:43:16.0110 0892 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:43:16.0110 0892 HpSAMD - ok
13:43:16.0172 0892 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:43:16.0180 0892 HTTP - ok
13:43:16.0219 0892 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:43:16.0219 0892 hwpolicy - ok
13:43:16.0250 0892 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:43:16.0250 0892 i8042prt - ok
13:43:16.0266 0892 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:43:16.0282 0892 iaStorV - ok
13:43:16.0313 0892 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:43:16.0313 0892 iirsp - ok
13:43:16.0329 0892 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:43:16.0329 0892 intelide - ok
13:43:16.0344 0892 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:43:16.0344 0892 intelppm - ok
13:43:16.0391 0892 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:43:16.0391 0892 IpFilterDriver - ok
13:43:16.0407 0892 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:43:16.0407 0892 IPMIDRV - ok
13:43:16.0422 0892 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:43:16.0422 0892 IPNAT - ok
13:43:16.0454 0892 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:43:16.0454 0892 IRENUM - ok
13:43:16.0485 0892 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:43:16.0485 0892 isapnp - ok
13:43:16.0516 0892 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:43:16.0516 0892 iScsiPrt - ok
13:43:16.0532 0892 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:43:16.0532 0892 kbdclass - ok
13:43:16.0563 0892 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:43:16.0563 0892 kbdhid - ok
13:43:16.0594 0892 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:43:16.0594 0892 KSecDD - ok
13:43:16.0625 0892 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:43:16.0625 0892 KSecPkg - ok
13:43:16.0641 0892 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:43:16.0641 0892 ksthunk - ok
13:43:16.0672 0892 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:43:16.0672 0892 lltdio - ok
13:43:16.0719 0892 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:43:16.0719 0892 LSI_FC - ok
13:43:16.0735 0892 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:43:16.0735 0892 LSI_SAS - ok
13:43:16.0750 0892 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:43:16.0750 0892 LSI_SAS2 - ok
13:43:16.0766 0892 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:43:16.0766 0892 LSI_SCSI - ok
13:43:16.0782 0892 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:43:16.0782 0892 luafv - ok
13:43:16.0829 0892 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
13:43:16.0829 0892 MBAMProtector - ok
13:43:16.0844 0892 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:43:16.0844 0892 megasas - ok
13:43:16.0875 0892 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:43:16.0875 0892 MegaSR - ok
13:43:16.0907 0892 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:43:16.0907 0892 Modem - ok
13:43:16.0954 0892 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:43:16.0954 0892 monitor - ok
13:43:16.0985 0892 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:43:16.0985 0892 mouclass - ok
13:43:17.0000 0892 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:43:17.0000 0892 mouhid - ok
13:43:17.0032 0892 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:43:17.0032 0892 mountmgr - ok
13:43:17.0094 0892 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
13:43:17.0094 0892 MpFilter - ok
13:43:17.0110 0892 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:43:17.0125 0892 mpio - ok
13:43:17.0141 0892 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
13:43:17.0141 0892 MpNWMon - ok
13:43:17.0157 0892 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:43:17.0157 0892 mpsdrv - ok
13:43:17.0235 0892 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
13:43:17.0235 0892 MREMP50 - ok
13:43:17.0266 0892 MREMP50a64 - ok
13:43:17.0266 0892 MREMPR5 - ok
13:43:17.0266 0892 MRENDIS5 - ok
13:43:17.0297 0892 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
13:43:17.0297 0892 MRESP50 - ok
13:43:17.0297 0892 MRESP50a64 - ok
13:43:17.0329 0892 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:43:17.0329 0892 MRxDAV - ok
13:43:17.0360 0892 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:43:17.0360 0892 mrxsmb - ok
13:43:17.0391 0892 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:43:17.0391 0892 mrxsmb10 - ok
13:43:17.0438 0892 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:43:17.0438 0892 mrxsmb20 - ok
13:43:17.0485 0892 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:43:17.0485 0892 msahci - ok
13:43:17.0516 0892 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:43:17.0516 0892 msdsm - ok
13:43:17.0563 0892 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:43:17.0563 0892 Msfs - ok
13:43:17.0579 0892 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:43:17.0579 0892 mshidkmdf - ok
13:43:17.0610 0892 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:43:17.0610 0892 msisadrv - ok
13:43:17.0688 0892 MSI_MSIBIOS_010507 (192476c10371dc83243d67432b2cdcbf) C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys
13:43:17.0688 0892 MSI_MSIBIOS_010507 - ok
13:43:17.0704 0892 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:43:17.0704 0892 MSKSSRV - ok
13:43:17.0735 0892 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:43:17.0735 0892 MSPCLOCK - ok
13:43:17.0750 0892 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:43:17.0750 0892 MSPQM - ok
13:43:17.0782 0892 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:43:17.0797 0892 MsRPC - ok
13:43:17.0797 0892 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:43:17.0797 0892 mssmbios - ok
13:43:17.0813 0892 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:43:17.0813 0892 MSTEE - ok
13:43:17.0829 0892 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:43:17.0829 0892 MTConfig - ok
13:43:17.0860 0892 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:43:17.0860 0892 Mup - ok
13:43:17.0907 0892 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:43:17.0915 0892 NativeWifiP - ok
13:43:17.0977 0892 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:43:17.0985 0892 NDIS - ok
13:43:18.0024 0892 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:43:18.0024 0892 NdisCap - ok
13:43:18.0047 0892 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:43:18.0047 0892 NdisTapi - ok
13:43:18.0094 0892 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:43:18.0094 0892 Ndisuio - ok
13:43:18.0133 0892 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:43:18.0133 0892 NdisWan - ok
13:43:18.0165 0892 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:43:18.0165 0892 NDProxy - ok
13:43:18.0204 0892 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:43:18.0204 0892 NetBIOS - ok
13:43:18.0235 0892 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:43:18.0235 0892 NetBT - ok
13:43:18.0297 0892 netr7364 (621559a521682a888d83db34c6ec0bf8) C:\Windows\system32\DRIVERS\netr7364.sys
13:43:18.0297 0892 netr7364 - ok
13:43:18.0339 0892 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:43:18.0339 0892 nfrd960 - ok
13:43:18.0363 0892 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:43:18.0371 0892 NisDrv - ok
13:43:18.0402 0892 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:43:18.0402 0892 Npfs - ok
13:43:18.0417 0892 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:43:18.0417 0892 nsiproxy - ok
13:43:18.0480 0892 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:43:18.0503 0892 Ntfs - ok
13:43:18.0605 0892 NTIOLib_1_0_4 (1b32c54b95121ab1683c7b83b2db4b96) C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys
13:43:18.0605 0892 NTIOLib_1_0_4 - ok
13:43:18.0667 0892 NTIOLib_1_0_6 (c02f70960fa934b8defa16a03d7f6556) C:\Program Files (x86)\Setup Files\Ms7380v140\NTIOLib_X64.sys
13:43:18.0667 0892 NTIOLib_1_0_6 - ok
13:43:18.0699 0892 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:43:18.0699 0892 Null - ok
13:43:18.0738 0892 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
13:43:18.0738 0892 NVENETFD - ok
13:43:18.0957 0892 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:43:19.0152 0892 nvlddmkm - ok
13:43:19.0199 0892 NVNET (bd25e03ead63ac3365f25175b4dbd56a) C:\Windows\system32\DRIVERS\nvmf6264.sys
13:43:19.0207 0892 NVNET - ok
13:43:19.0246 0892 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:43:19.0246 0892 nvraid - ok
13:43:19.0277 0892 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:43:19.0277 0892 nvstor - ok
13:43:19.0300 0892 nvstor64 (71b6ecd3c56fbf12fb1968da3953b703) C:\Windows\system32\DRIVERS\nvstor64.sys
13:43:19.0308 0892 nvstor64 - ok
13:43:19.0356 0892 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:43:19.0356 0892 nv_agp - ok
13:43:19.0387 0892 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:43:19.0387 0892 ohci1394 - ok
13:43:19.0442 0892 P17 (edd1dcd36f6115acc6935c3f88ff54d7) C:\Windows\system32\drivers\P17.sys
13:43:19.0458 0892 P17 - ok
13:43:19.0497 0892 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:43:19.0497 0892 Parport - ok
13:43:19.0520 0892 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:43:19.0520 0892 partmgr - ok
13:43:19.0536 0892 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:43:19.0536 0892 pci - ok
13:43:19.0551 0892 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:43:19.0551 0892 pciide - ok
13:43:19.0567 0892 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:43:19.0567 0892 pcmcia - ok
13:43:19.0590 0892 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:43:19.0590 0892 pcw - ok
13:43:19.0606 0892 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:43:19.0614 0892 PEAUTH - ok
13:43:19.0715 0892 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
13:43:19.0715 0892 Point64 - ok
13:43:19.0754 0892 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:43:19.0754 0892 PptpMiniport - ok
13:43:19.0770 0892 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:43:19.0770 0892 Processor - ok
13:43:19.0801 0892 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:43:19.0801 0892 Psched - ok
13:43:19.0856 0892 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:43:19.0887 0892 ql2300 - ok
13:43:19.0903 0892 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:43:19.0903 0892 ql40xx - ok
13:43:19.0918 0892 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:43:19.0926 0892 QWAVEdrv - ok
13:43:19.0934 0892 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:43:19.0934 0892 RasAcd - ok
13:43:19.0958 0892 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:43:19.0958 0892 RasAgileVpn - ok
13:43:20.0090 0892 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:43:20.0090 0892 Rasl2tp - ok
13:43:20.0106 0892 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:43:20.0106 0892 RasPppoe - ok
13:43:20.0122 0892 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:43:20.0122 0892 RasSstp - ok
13:43:20.0161 0892 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:43:20.0161 0892 rdbss - ok
13:43:20.0176 0892 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:43:20.0176 0892 rdpbus - ok
13:43:20.0184 0892 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:43:20.0184 0892 RDPCDD - ok
13:43:20.0223 0892 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
13:43:20.0223 0892 RDPDR - ok
13:43:20.0247 0892 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:43:20.0247 0892 RDPENCDD - ok
13:43:20.0254 0892 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:43:20.0254 0892 RDPREFMP - ok
13:43:20.0301 0892 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:43:20.0301 0892 RDPWD - ok
13:43:20.0357 0892 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:43:20.0357 0892 rdyboost - ok
13:43:20.0388 0892 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:43:20.0396 0892 rspndr - ok
13:43:20.0427 0892 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
13:43:20.0427 0892 s3cap - ok
13:43:20.0451 0892 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:43:20.0451 0892 sbp2port - ok
13:43:20.0490 0892 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:43:20.0490 0892 scfilter - ok
13:43:20.0505 0892 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:43:20.0505 0892 secdrv - ok
13:43:20.0529 0892 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:43:20.0529 0892 Serenum - ok
13:43:20.0544 0892 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:43:20.0544 0892 Serial - ok
13:43:20.0568 0892 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:43:20.0568 0892 sermouse - ok
13:43:20.0607 0892 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:43:20.0607 0892 sffdisk - ok
13:43:20.0623 0892 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:43:20.0623 0892 sffp_mmc - ok
13:43:20.0630 0892 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:43:20.0630 0892 sffp_sd - ok
13:43:20.0654 0892 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:43:20.0654 0892 sfloppy - ok
13:43:20.0685 0892 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:43:20.0685 0892 SiSRaid2 - ok
13:43:20.0708 0892 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:43:20.0708 0892 SiSRaid4 - ok
13:43:20.0740 0892 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:43:20.0740 0892 Smb - ok
13:43:20.0771 0892 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:43:20.0771 0892 spldr - ok
13:43:20.0818 0892 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:43:20.0818 0892 srv - ok
13:43:20.0865 0892 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:43:20.0865 0892 srv2 - ok
13:43:20.0880 0892 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:43:20.0880 0892 srvnet - ok
13:43:20.0935 0892 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:43:20.0935 0892 stexstor - ok
13:43:20.0974 0892 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
13:43:20.0974 0892 StillCam - ok
13:43:21.0021 0892 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
13:43:21.0021 0892 storflt - ok
13:43:21.0037 0892 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
13:43:21.0037 0892 storvsc - ok
13:43:21.0052 0892 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:43:21.0052 0892 swenum - ok
13:43:21.0123 0892 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:43:21.0154 0892 Tcpip - ok
13:43:21.0201 0892 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:43:21.0208 0892 TCPIP6 - ok
13:43:21.0263 0892 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:43:21.0263 0892 tcpipreg - ok
13:43:21.0287 0892 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:43:21.0287 0892 TDPIPE - ok
13:43:21.0310 0892 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:43:21.0310 0892 TDTCP - ok
13:43:21.0341 0892 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:43:21.0341 0892 tdx - ok
13:43:21.0376 0892 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:43:21.0376 0892 TermDD - ok
13:43:21.0423 0892 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:43:21.0423 0892 tssecsrv - ok
13:43:21.0470 0892 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:43:21.0470 0892 TsUsbFlt - ok
13:43:21.0509 0892 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:43:21.0509 0892 tunnel - ok
13:43:21.0533 0892 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:43:21.0533 0892 uagp35 - ok
13:43:21.0564 0892 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:43:21.0564 0892 udfs - ok
13:43:21.0587 0892 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:43:21.0587 0892 uliagpkx - ok
13:43:21.0619 0892 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:43:21.0619 0892 umbus - ok
13:43:21.0642 0892 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:43:21.0642 0892 UmPass - ok
13:43:21.0681 0892 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
13:43:21.0681 0892 USBAAPL64 - ok
13:43:21.0697 0892 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
13:43:21.0697 0892 usbccgp - ok
13:43:21.0744 0892 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:43:21.0744 0892 usbcir - ok
13:43:21.0759 0892 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:43:21.0759 0892 usbehci - ok
13:43:21.0814 0892 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:43:21.0814 0892 usbhub - ok
13:43:21.0822 0892 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
13:43:21.0822 0892 usbohci - ok
13:43:21.0845 0892 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:43:21.0845 0892 usbprint - ok
13:43:21.0861 0892 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:43:21.0861 0892 USBSTOR - ok
13:43:21.0876 0892 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:43:21.0876 0892 usbuhci - ok
13:43:21.0916 0892 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:43:21.0916 0892 vdrvroot - ok
13:43:21.0923 0892 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:43:21.0923 0892 vga - ok
13:43:21.0931 0892 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:43:21.0939 0892 VgaSave - ok
13:43:21.0970 0892 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:43:21.0978 0892 vhdmp - ok
13:43:21.0986 0892 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:43:21.0986 0892 viaide - ok
13:43:22.0009 0892 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
13:43:22.0009 0892 vmbus - ok
13:43:22.0033 0892 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
13:43:22.0033 0892 VMBusHID - ok
13:43:22.0048 0892 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:43:22.0048 0892 volmgr - ok
13:43:22.0080 0892 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:43:22.0087 0892 volmgrx - ok
13:43:22.0103 0892 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:43:22.0111 0892 volsnap - ok
13:43:22.0150 0892 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:43:22.0150 0892 vsmraid - ok
13:43:22.0166 0892 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:43:22.0166 0892 vwifibus - ok
13:43:22.0197 0892 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:43:22.0197 0892 vwififlt - ok
13:43:22.0220 0892 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
13:43:22.0220 0892 vwifimp - ok
13:43:22.0259 0892 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:43:22.0259 0892 WacomPen - ok
13:43:22.0283 0892 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:43:22.0283 0892 WANARP - ok
13:43:22.0283 0892 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:43:22.0283 0892 Wanarpv6 - ok
13:43:22.0314 0892 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:43:22.0314 0892 Wd - ok
13:43:22.0337 0892 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:43:22.0345 0892 Wdf01000 - ok
13:43:22.0370 0892 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:43:22.0370 0892 WfpLwf - ok
13:43:22.0393 0892 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:43:22.0393 0892 WIMMount - ok
13:43:22.0432 0892 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:43:22.0432 0892 WinUsb - ok
13:43:22.0456 0892 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:43:22.0456 0892 WmiAcpi - ok
13:43:22.0487 0892 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:43:22.0487 0892 ws2ifsl - ok
13:43:22.0518 0892 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
13:43:22.0518 0892 WSDPrintDevice - ok
13:43:22.0549 0892 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:43:22.0549 0892 WudfPf - ok
13:43:22.0596 0892 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:43:22.0596 0892 WUDFRd - ok
13:43:22.0643 0892 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:43:22.0698 0892 \Device\Harddisk0\DR0 - ok
13:43:22.0698 0892 Boot (0x1200) (2fc7370283ab6875e5f3feb9a96f38cf) \Device\Harddisk0\DR0\Partition0
13:43:22.0698 0892 \Device\Harddisk0\DR0\Partition0 - ok
13:43:22.0706 0892 Boot (0x1200) (466c17533e7b6981ce6764d7c27d657d) \Device\Harddisk0\DR0\Partition1
13:43:22.0706 0892 \Device\Harddisk0\DR0\Partition1 - ok
13:43:22.0706 0892 ============================================================
13:43:22.0706 0892 Scan finished
13:43:22.0706 0892 ============================================================
13:43:22.0713 4720 Detected object count: 0
13:43:22.0713 4720 Actual detected object count: 0


#################################################################################


RogueKiller V7.3.1 [03/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Tim [Admin rights]
Mode: Scan -- Date: 03/18/2012 13:46:57
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
67.215.245.19 www.google-analytics.com.
67.215.245.19 ad-emea.doubleclick.net.
67.215.245.19 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD32 00AAKS-00UU3 SCSI Disk Device +++++
--- User ---
[MBR] 299ac603133df34fd43bc0e929759288
[BSP] 49dd0c4d50a4c4d7f01a67f585d61b92 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt


################################################################################

ComboFix 12-03-17.01 - Tim 03/18/2012 13:53:50.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6143.4336 [GMT -5:00]
Running from: c:\users\Tim\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-18 to 2012-03-18 )))))))))))))))))))))))))))))))
.
.
2012-03-18 18:58 . 2012-03-18 18:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-18 18:58 . 2012-03-18 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-18 04:57 . 2012-03-18 04:57 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F5BD689-2EA2-43E1-B7A0-32ED75CB17C9}\offreg.dll
2012-03-18 00:27 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F5BD689-2EA2-43E1-B7A0-32ED75CB17C9}\mpengine.dll
2012-03-17 21:25 . 2012-03-17 21:25 -------- d-----w- c:\users\Tim\AppData\Roaming\QuickScan
2012-03-17 21:02 . 2012-03-17 21:15 -------- d-----w- C:\rsit
2012-03-17 21:02 . 2012-03-17 21:15 -------- d-----w- c:\program files\trend micro
2012-03-17 20:57 . 2012-03-17 20:57 -------- d-----w- c:\program files (x86)\ERUNT
2012-03-14 08:04 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 08:04 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 08:04 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 01:41 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 01:41 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 01:41 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 01:39 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 01:39 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 01:39 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 01:39 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 01:39 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 01:39 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 01:39 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 00:22 . 2012-03-13 00:22 -------- d-----w- c:\users\Tim\AppData\Local\My Games
2012-03-11 14:17 . 2012-03-11 14:31 -------- d-----w- c:\program files (x86)\PC Tools
2012-03-11 13:53 . 2012-02-24 15:36 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-03-11 13:53 . 2012-03-11 14:31 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-03-11 13:52 . 2012-03-11 14:29 -------- d-----w- c:\programdata\PC Tools
2012-03-11 13:52 . 2012-03-11 13:52 -------- d-----w- c:\users\Tim\AppData\Roaming\TestApp
2012-03-10 01:42 . 2012-03-16 00:21 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-10 01:42 . 2012-03-16 00:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-08 23:03 . 2012-03-08 23:03 -------- d-----w- c:\program files\CCleaner
2012-03-03 21:49 . 2012-03-03 21:49 -------- d-----w- c:\program files (x86)\Setup Files
2012-03-03 21:44 . 2012-03-03 21:44 -------- d-----w- c:\program files (x86)\MSI
2012-03-03 01:06 . 2012-03-03 01:06 -------- d-----w- c:\users\Tim\AppData\Roaming\Malwarebytes
2012-03-03 01:06 . 2012-03-03 01:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-03 01:06 . 2012-03-03 01:06 -------- d-----w- c:\programdata\Malwarebytes
2012-03-03 01:06 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-02 23:20 . 2012-03-02 23:20 778736 ----a-w- c:\programdata\Microsoft\Windows\DRM\install_flashplayer.exe
2012-03-02 23:20 . 2012-03-02 23:20 148480 ----a-w- c:\programdata\Microsoft\Windows\DRM\ncrypt.dll
2012-03-02 23:20 . 2012-03-02 23:20 148480 ----a-w- c:\programdata\Microsoft\Windows\DRM\55D7.tmp
2012-03-02 23:20 . 2012-03-02 23:20 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\5559.tmp
2012-03-02 23:20 . 2012-03-02 23:20 148480 ----a-w- c:\programdata\Microsoft\Windows\DRM\5558.tmp.dat
2012-02-29 18:26 . 2012-02-29 18:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-02-28 02:56 . 2012-03-14 08:23 -------- d-----w- c:\users\UpdatusUser
2012-02-28 02:56 . 2012-03-16 00:21 -------- d-----w- c:\programdata\NVIDIA
2012-02-28 02:56 . 2012-02-29 21:00 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-28 02:56 . 2012-02-29 21:00 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-28 02:56 . 2012-02-29 20:59 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-28 02:56 . 2012-02-29 20:59 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-28 02:56 . 2012-02-29 20:59 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-28 02:55 . 2012-02-28 02:55 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-02-28 02:44 . 2012-03-01 00:02 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-02-28 02:44 . 2012-03-01 00:02 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-02-28 02:44 . 2012-03-01 00:02 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-02-28 02:44 . 2012-03-01 00:02 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-02-28 02:44 . 2012-03-01 00:02 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-02-28 02:44 . 2012-03-01 00:02 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-02-28 02:44 . 2012-03-01 00:02 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-02-28 01:52 . 2012-02-28 01:53 -------- d-----w- c:\program files\iTunes
2012-02-28 01:52 . 2012-02-28 01:52 -------- d-----w- c:\program files\iPod
2012-02-21 20:39 . 2012-02-21 20:39 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-02-21 20:28 . 2012-03-17 20:55 -------- d-----w- c:\programdata\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-10 09:16 . 2012-02-10 09:16 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{30514EBE-9ED3-4E34-AE45-6EEF2EF9E7AF}\gapaengine.dll
2012-02-08 07:13 . 2010-08-11 02:29 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2010-08-05 21:06 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 10:44 . 2012-02-14 19:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-14 19:44 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-14 19:44 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-14 19:44 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-14 19:44 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-10_21.19.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-14 01:25 . 2012-03-01 00:02 61248 c:\windows\SysWOW64\OpenCL.dll
- 2012-02-28 02:44 . 2012-02-10 04:13 61248 c:\windows\SysWOW64\OpenCL.dll
- 2009-07-14 04:54 . 2012-03-09 20:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-16 19:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-09 20:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-16 19:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-16 19:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-09 20:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-05 21:25 . 2012-03-16 00:23 38032 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-16 00:23 39830 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-05 20:50 . 2012-03-16 00:23 10898 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1083885131-3927673959-2532517918-1000_UserData.bin
- 2012-02-28 02:44 . 2012-02-10 04:13 68928 c:\windows\system32\OpenCL.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 68928 c:\windows\system32\OpenCL.dll
- 2009-07-14 05:30 . 2012-02-28 02:56 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-03-14 01:29 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-03-14 01:25 . 2012-03-01 00:02 68928 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\OpenCL64.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 61248 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\OpenCL.dll
+ 2010-08-05 22:16 . 2012-03-16 00:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-05 22:16 . 2012-03-10 21:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-05 22:16 . 2012-03-10 21:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-05 22:16 . 2012-03-16 00:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-10 21:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-16 00:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-10 09:02 . 2012-03-10 09:02 16384 c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2012-03-18 08:01 . 2012-03-18 08:01 16384 c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
- 2012-03-10 09:02 . 2012-03-10 09:02 66936 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2012-03-18 08:01 . 2012-03-18 08:01 66936 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2012-03-18 08:01 . 2012-03-18 08:01 22928 c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
- 2012-03-10 09:02 . 2012-03-10 09:02 22928 c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
- 2012-03-10 09:02 . 2012-03-10 09:02 38304 c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2012-03-18 08:01 . 2012-03-18 08:01 38304 c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
- 2012-03-10 09:02 . 2012-03-10 09:02 91488 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2012-03-18 08:01 . 2012-03-18 08:01 91488 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2012-03-13 00:21 . 2012-03-13 00:21 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2011-12-07 15:42 . 2011-12-07 15:42 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2011-12-07 15:42 . 2011-12-07 15:42 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2012-03-13 00:21 . 2012-03-13 00:21 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2012-03-10 09:02 . 2012-03-10 09:02 65536 c:\windows\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\DAO.DLL
+ 2012-03-18 08:01 . 2012-03-18 08:01 65536 c:\windows\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\DAO.DLL
+ 2012-03-14 01:25 . 2012-03-01 00:02 4096 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvdetx.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 4096 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvdet.dll
- 2012-03-08 21:52 . 2012-03-08 21:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-16 00:21 . 2012-03-16 00:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-08 21:52 . 2012-03-08 21:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-16 00:21 . 2012-03-16 00:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-18 08:01 . 2012-03-18 08:01 4096 c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
- 2012-03-10 09:02 . 2012-03-10 09:02 4096 c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
- 2009-07-14 02:36 . 2012-02-28 09:02 635030 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-16 10:15 635030 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-02-28 09:02 111564 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-16 10:15 111564 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:45 . 2012-03-14 08:20 417920 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2012-02-19 02:17 417920 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 05:30 . 2012-03-14 01:29 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-02-28 02:56 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-02-28 02:56 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-03-14 01:29 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-03-14 01:25 . 2012-02-29 23:57 398144 c:\windows\system32\DriverStore\FileRepository\nvstusb.inf_amd64_neutral_3a11d6301ac5e6e6\nvstusb64.sys
+ 2012-03-14 01:25 . 2012-03-01 00:02 962368 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvumdshimx.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 812352 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvumdshim.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 310592 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvml.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 260416 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvinitx.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 215360 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvinit.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 201024 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvidia-smi.exe
+ 2012-03-14 01:25 . 2012-03-01 00:02 202752 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvdxgiwrapx.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 182080 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvdxgiwrap.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 325888 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvdrsdb.bin
+ 2012-03-14 01:25 . 2012-03-01 00:02 301376 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvdecodemft32.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 364352 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvdecodemft.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 261120 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\Nvd3d9wrapx.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 236352 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\Nvd3d9wrap.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 224064 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\dbInstaller.exe
+ 2009-07-14 04:46 . 2012-03-17 20:58 107744 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2012-03-08 21:46 387412 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-16 00:20 387412 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2008-08-08 19:46 . 2008-08-08 19:46 242176 c:\windows\Installer\ddb89d0.msi
+ 2008-08-08 19:11 . 2008-08-08 19:11 232960 c:\windows\Installer\696be0b.msi
+ 2011-04-19 09:21 . 2011-04-19 09:21 235520 c:\windows\Installer\310d336.msi
+ 2012-03-17 20:57 . 2005-10-20 17:02 163328 c:\windows\ERDNT\3-17-2012\ERDNT.EXE
+ 2012-03-14 20:47 . 2012-03-14 20:47 710304 c:\windows\Downloaded Program Files\qsax.dll
- 2012-03-10 09:02 . 2012-03-10 09:02 226656 c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2012-03-18 08:01 . 2012-03-18 08:01 226656 c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
- 2012-03-10 09:02 . 2012-03-10 09:02 229376 c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2012-03-18 08:01 . 2012-03-18 08:01 229376 c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
- 2012-03-10 09:02 . 2012-03-10 09:02 374152 c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2012-03-18 08:01 . 2012-03-18 08:01 374152 c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2012-03-18 08:01 . 2012-03-18 08:01 664968 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
- 2012-03-10 09:02 . 2012-03-10 09:02 664968 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2012-03-18 08:01 . 2012-03-18 08:01 214424 c:\windows\assembly\GAC\Microsoft.Office.Interop.Publisher\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
- 2012-03-10 09:02 . 2012-03-10 09:02 214424 c:\windows\assembly\GAC\Microsoft.Office.Interop.Publisher\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
- 2012-03-10 09:02 . 2012-03-10 09:02 226712 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2012-03-18 08:01 . 2012-03-18 08:01 226712 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
- 2012-03-10 09:02 . 2012-03-10 09:02 477056 c:\windows\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
+ 2012-03-18 08:01 . 2012-03-18 08:01 477056 c:\windows\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
+ 2012-03-18 08:01 . 2012-03-18 08:01 411024 c:\windows\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
- 2012-03-10 09:02 . 2012-03-10 09:02 411024 c:\windows\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2012-03-18 08:01 . 2012-03-18 08:01 111624 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
- 2012-03-10 09:02 . 2012-03-10 09:02 111624 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
+ 2012-03-18 08:01 . 2012-03-18 08:01 144784 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
- 2012-03-10 09:02 . 2012-03-10 09:02 144784 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2012-03-13 00:21 . 2012-03-13 00:21 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-12-07 15:42 . 2011-12-07 15:42 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-12-07 15:42 . 2011-12-07 15:42 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2012-03-13 00:21 . 2012-03-13 00:21 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2012-03-13 00:21 . 2012-03-13 00:21 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2011-12-07 15:42 . 2011-12-07 15:42 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2012-03-13 00:21 . 2012-03-13 00:21 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-12-07 15:42 . 2011-12-07 15:42 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2012-03-13 00:21 . 2012-03-13 00:21 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-12-07 15:42 . 2011-12-07 15:42 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2012-03-13 00:21 . 2012-03-13 00:21 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-07 15:42 . 2011-12-07 15:42 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-07 15:42 . 2011-12-07 15:42 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-13 00:21 . 2012-03-13 00:21 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-13 00:21 . 2012-03-13 00:21 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-07 15:42 . 2011-12-07 15:42 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-13 00:21 . 2012-03-13 00:21 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-07 15:42 . 2011-12-07 15:42 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-13 00:21 . 2012-03-13 00:21 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-07 15:42 . 2011-12-07 15:42 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-13 00:21 . 2012-03-13 00:21 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-07 15:42 . 2011-12-07 15:42 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-13 00:21 . 2012-03-13 00:21 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-07 15:42 . 2011-12-07 15:42 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-07 15:42 . 2011-12-07 15:42 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-13 00:21 . 2012-03-13 00:21 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-07 15:42 . 2011-12-07 15:42 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2012-03-13 00:21 . 2012-03-13 00:21 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2012-03-18 08:01 . 2012-03-18 08:01 110592 c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
- 2012-03-10 09:02 . 2012-03-10 09:02 110592 c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
- 2012-02-28 02:44 . 2012-02-10 04:13 2517312 c:\windows\SysWOW64\nvcuvid.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 2517312 c:\windows\SysWOW64\nvcuvid.dll
- 2012-02-28 02:44 . 2012-02-10 04:13 2437440 c:\windows\SysWOW64\nvcuvenc.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 2437440 c:\windows\SysWOW64\nvcuvenc.dll
- 2012-02-28 02:44 . 2012-02-10 04:13 5892928 c:\windows\SysWOW64\nvcuda.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 5892928 c:\windows\SysWOW64\nvcuda.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 2672448 c:\windows\system32\nvcuvid.dll
- 2012-02-28 02:44 . 2012-02-10 04:13 2672448 c:\windows\system32\nvcuvid.dll
- 2012-02-28 02:44 . 2012-02-10 04:13 2872640 c:\windows\system32\nvcuvenc.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 2872640 c:\windows\system32\nvcuvenc.dll
- 2012-02-28 02:44 . 2012-02-10 04:13 8008000 c:\windows\system32\nvcuda.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 8008000 c:\windows\system32\nvcuda.dll
+ 2012-03-14 01:25 . 2012-02-29 23:57 1466176 c:\windows\system32\DriverStore\FileRepository\nvstusb.inf_amd64_neutral_3a11d6301ac5e6e6\nvgenco64.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 9717568 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvwgf2umx.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 7713088 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvwgf2um.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 1466176 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvgenco64.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 1737536 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvdispco64.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 2517312 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvcuvid32.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 2672448 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvcuvid.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 2872640 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvcuvenc64.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 2437440 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvcuvenc.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 5892928 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvcuda32.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 8008000 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvcuda.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 2660160 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvapi64.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 2301248 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvapi.dll
- 2009-07-14 04:45 . 2012-03-08 01:31 7378914 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-03-17 20:58 7378914 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-09-29 08:15 . 2012-03-16 00:20 4746700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1083885131-3927673959-2532517918-1000-8192.dat
+ 2011-05-11 08:19 . 2012-03-14 08:20 7423460 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1083885131-3927673959-2532517918-1000-12288.dat
- 2011-05-11 08:19 . 2012-03-03 20:07 7423460 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1083885131-3927673959-2532517918-1000-12288.dat
+ 2012-03-17 20:57 . 2012-03-17 20:57 2473984 c:\windows\ERDNT\3-17-2012\Users\00000002\UsrClass.dat
+ 2012-03-17 20:57 . 2012-03-17 20:57 2813952 c:\windows\ERDNT\3-17-2012\Users\00000001\NTUSER.DAT
- 2012-03-10 09:02 . 2012-03-10 09:02 1103248 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2012-03-18 08:01 . 2012-03-18 08:01 1103248 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
- 2012-03-10 09:02 . 2012-03-10 09:02 1000848 c:\windows\assembly\GAC\Microsoft.Office.Interop.Access\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
+ 2012-03-18 08:01 . 2012-03-18 08:01 1000848 c:\windows\assembly\GAC\Microsoft.Office.Interop.Access\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
- 2011-12-07 15:42 . 2011-12-07 15:42 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-13 00:21 . 2012-03-13 00:21 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-12-07 15:42 . 2011-12-07 15:42 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-13 00:21 . 2012-03-13 00:21 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 19444544 c:\windows\SysWOW64\nvoglv32.dll
- 2012-02-28 02:44 . 2012-02-10 04:13 17543488 c:\windows\SysWOW64\nvcompiler.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 17543488 c:\windows\SysWOW64\nvcompiler.dll
+ 2009-07-14 02:34 . 2012-03-14 08:19 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-03-02 01:35 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-03-14 01:25 . 2012-03-01 00:02 25543488 c:\windows\system32\nvoglv64.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 17642816 c:\windows\system32\nvd3dumx.dll
- 2012-02-28 02:44 . 2012-02-10 04:13 17642816 c:\windows\system32\nvd3dumx.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 25222976 c:\windows\system32\nvcompiler.dll
- 2012-02-28 02:44 . 2012-02-10 04:13 25222976 c:\windows\system32\nvcompiler.dll
+ 2010-08-05 22:14 . 2012-03-14 08:02 56297240 c:\windows\system32\MRT.exe
+ 2012-03-14 01:25 . 2012-03-01 00:02 25543488 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvoglv64.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 19444544 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvoglv32.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 13626688 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvlddmkm.sys
+ 2012-03-14 01:25 . 2012-03-01 00:02 17642816 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvd3dumx.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 15009600 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvd3dum.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 30741136 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\NvCplSetupEng.exe
+ 2012-03-14 01:25 . 2012-03-01 00:02 17543488 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvcompiler32.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 25222976 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvcompiler.dll
+ 2012-03-14 01:25 . 2012-03-01 00:02 13626688 c:\windows\system32\drivers\nvlddmkm.sys
+ 2011-04-17 08:22 . 2012-03-16 00:20 60189512 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1083885131-3927673959-2532517918-1000-4096.dat
+ 2012-02-13 16:57 . 2012-02-13 16:57 30412800 c:\windows\Installer\bfbf25f.msi
+ 2012-03-17 20:57 . 2012-03-17 20:57 10756096 c:\windows\ERDNT\3-17-2012\SCHEMA.DAT
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-10 1242448]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-20 3077528]
"igndlm.exe"="c:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Live Update 5"="c:\program files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe" [2012-01-30 315392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-08-05 79360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-10 33592]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136]
R3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files (x86)\Setup Files\Ms7380v140\NTIOLib_X64.sys [2011-01-06 11888]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-04-30 517632]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 01862315
*NewlyCreated* - ASWMBR
*Deregistered* - 01862315
*Deregistered* - aswMBR
*Deregistered* - Lavasoft Kernexplorer
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1083885131-3927673959-2532517918-1000Core.job
- c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-18 13:46]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1083885131-3927673959-2532517918-1000UA.job
- c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-18 13:46]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://us.mg204.mail.yahoo.com/dc/launch?.partner=sbc&.gx=1&.rand=bvnkkbjfn8b7s
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1083885131-3927673959-2532517918-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:fa,cc,6c,9e,5f,af,2d,28,a0,15,6b,fb,df,d0,d4,02,ff,43,cb,fb,8d,15,4d,
e5,15,cc,44,a7,c4,3c,c4,9c,8d,30,d5,6c,f2,0c,c4,39,6c,fa,8a,8e,ec,fc,ab,bc,\
"??"=hex:ce,24,ef,5a,23,59,f2,a4,87,a8,db,ad,69,50,39,cf
.
[HKEY_USERS\S-1-5-21-1083885131-3927673959-2532517918-1000\Software\SecuROM\License information*]
"datasecu"=hex:fa,6a,6d,ed,55,89,c7,df,b2,72,e1,6a,35,d1,13,5d,b6,e4,d0,09,14,
fa,15,1a,d9,74,8d,c7,bf,bb,33,e9,79,92,91,fc,77,9a,05,3a,f0,ee,5e,f1,d7,d1,\
"rkeysecu"=hex:ba,a1,c8,b0,12,0f,5e,8e,d7,de,d5,b8,e8,41,26,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-18 13:59:48
ComboFix-quarantined-files.txt 2012-03-18 18:59
ComboFix2.txt 2012-03-10 21:19
.
Pre-Run: 115,454,287,872 bytes free
Post-Run: 115,097,915,392 bytes free
.

#8 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,551 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 18 March 2012 - 03:29 PM

Download OTL by OldTimer & SAVE to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Please double-click OTL.exe Posted Image to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    *****************************************************************
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]

    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

NEXT

Step 2
Posted Image
Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of >> Windows 7/XP/Vista/2000/2003/2008 Offline << from here and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u31-windows-i586-s.exe to install the newest version.
    ( jre-6u31-windows-x64.exe if this is a 64-bit Windows o.s.)
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) Posted Image
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH CheckedApplications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:
Click Advanced Tab. Expand the Miscellaneous item.
UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/...help/testvm.xml
When all is well, you should see Java Version: Java 6 Update 31 from Sun Microsystems Inc.

Step 3
You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.
Using Internet Explorer browser only, go to ESET Online Scanner website:
http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
  • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.
Look at contents of this file using Notepad or Wordpad.

The Frequently Asked Questions for ESET Online Scanner can be viewed here
http://go.eset.com/u...ine-scanner/faq

  • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
    (And the prompt re-enabling when finished.)
  • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
  • Do not use the system while the scan is running. Once the full scan is underway, go take a long break Posted ImagePosted Image

Re-enable the antivirus program.

Reply with copy of the Eset scan log & OTL MovedFiles log
and tell me, How is your browser redirect issue ?

There will be more to do later: The Adobe Reader is out-of-date & the Flash Player also.

Edited by Maurice Naggar, 18 March 2012 - 03:32 PM.

Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#9 timofjungle

timofjungle

    New Member

  • Members
  • Pip
  • 7 posts

Posted 20 March 2012 - 07:02 AM

I haven't had a browser redirect in a while, but it probably only occurs once every 20 times or so that i click on a link. I haven't had much time to do internet surfing since when I'm at my computer I'm running these scans, but I'll do some surfing and try it out. Here are the logs, and thank you for your continued help.

Eset found and removed four items, but this is all that was in the log file.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

####################################################################################
All processes killed
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Tim
->Temp folder emptied: 1554 bytes
->Temporary Internet Files folder emptied: 48978783 bytes
->Java cache emptied: 4409564 bytes
->Google Chrome cache emptied: 32082357 bytes
->Flash cache emptied: 56996 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16600 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 82.00 mb

Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Tim
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.1 log created on 03192012_120520
Files\Folders moved on Reboot...
C:\Users\Tim\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...

#10 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,551 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 20 March 2012 - 10:05 AM

You noted,

I haven't had a browser redirect in a while, but it probably only occurs once every 20 times or so that i click on a link.

That is way too often. Be not so quick to click. Be extremely careful in your selection. Before clicking, look at the actual web address shown on the status bar at bottom of your browser window.

Step 1
Save and close any work documents, close any apps that you started.
Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.


Step 2
Download and save the Flash Player uninstaller >> uninstall Flash Player for 32-bit Windows<<

If you have Windows 64-bit, use this Flash Player uninstaller >> uninstall Flash Player for 64-bit Windows<<

Close all browsers and instant messenger (IM) programs.
Run the uninstaller.

Go to http://www.adobe.com/go/getflash
and get the latest Flash Player

Un-Check any checkbox for McAfee Security Scan Plus, or any other widget or toolbar !!!


Reference: How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
http://support.microsoft.com/kb/827218


Step 3
Disable your antivirus program before this scan
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do not disable the firewall.

Please perform this online scan: F-Secure Online Scanner

The online scanner is on the bottom right of the page.
Follow the directions in the F-Secure page for proper Installation.
You may receive an alert on the address bar at this point to install the ActiveX control.
Click on that alert and then click "Install ActiveX component".
Read the license agreement and click "Accept".
Click "Custom Scan" and be sure the following are checked:
  • Scan whole System
  • Scan all files
  • Scan whole system for rootkits
  • Scan whole system for spyware
  • Use advanced heuristics
When the scan completes, click the "I want to decide item by item" button.
For each item found, Select "Disinfect" and click "Next".
When done, click the "Show Report" button, then copy and paste the entire report into your next reply

Step 4
RE-Enable your antivirus program.

Older versions of Adobe Reader pose a potential security risk.
De-install your Adobe Reader: Use Control Panel's Add-Remove programs, Remove Adobe Reader.
Get latest Adobe Reader version
http://get.adobe.com/reader/
Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )


Step 5
I would suggest you get the Web of Trust add-on for each of your browsers (Internet Explorer, Firefox, Google [as applicable]).
This will provide an added edge in reducing odds of browsing to bad sites.
http://www.mywot.com/en/download

Step 6
I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
See the FAQ page http://mvps.org/winh...02/hostsfaq.htm
That would help to keep your browser away from known spyware/malware sites.

Step 7
Reply with a copy of contents of the latest MBAM scan log and
the F-Secure scan log, and
tell me, How is your system now :excl:
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#11 timofjungle

timofjungle

    New Member

  • Members
  • Pip
  • 7 posts

Posted 23 March 2012 - 07:58 AM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.22.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tim :: TIM-PC [administrator]
3/22/2012 2:58:56 PM
mbam-log-2012-03-22 (14-58-56).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222846
Time elapsed: 2 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

##############################################################################################


, 22, 2012 15:39:43 - 16:54:33
TIM-PC
C:\

--------------------------------------------------------------------------------
Suspicious:W32/Malware!Gemini ()
C:\PROGRAM FILES (X86)\TURBINE\THE LORD OF THE RINGS ONLINE\LOTROCLIENT.EXE
Suspicious:W32/Malware!Gemini ()
C:\PROGRAM FILES (X86)\TURBINE\THE LORD OF THE RINGS ONLINE\BACKUP\LOTROCLIENT.EXE
--------------------------------------------------------------------------------
:
: 75773
: 6143
: 144
:
: 0
: 0
: 0
: 2
: 2
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\TEMP\TMP00000020E8783B869C220D34
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\B7E86C556DDDF859700A1D3581B6AA6D6CB6DDF5.HOMEGROUPCLASSIFIER\48F6335230E411DB92FDE5B219C5305C\GROUPING\DB.MDB
C:\USERS\TIM\APPDATA\LOCAL\TEMP\LOW\HSPERFDATA_TIM\4920
C:\USERS\TIM\APPDATA\LOCAL\TEMP\HSPERFDATA_TIM\4844
C:\SYSTEM VOLUME INFORMATION\{0A735DB2-7204-11E1-A6BD-002185155E99}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{0A735E44-7204-11E1-A6BD-002185155E99}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{0A735ED6-7204-11E1-A6BD-002185155E99}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{82779541-6DAE-11E1-9C22-8B459D939665}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{BDE016B0-7202-11E1-ABCB-002185155E99}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{D25D2205-71E5-11E1-9897-002185155E99}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{D2D03D55-6BA1-11E1-8513-002185155E99}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{E8BEFD8B-6EFD-11E1-9C7C-002185155E99}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{E8BEFE18-6EFD-11E1-9C7C-002185155E99}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{E8BEFE90-6EFD-11E1-9C7C-002185155E99}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{E8BEFF57-6EFD-11E1-9C7C-002185155E99}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{E8BEFFF9-6EFD-11E1-9C7C-002185155E99}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{E8BF001B-6EFD-11E1-9C7C-002185155E99}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\MPDIAG.BIN
C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\CACHEMANAGER\MPSCANCACHE-0.BIN
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\011443EB31ACBD7069F1DBB5B4D2ACA5_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\045BDEBEB1B33758ACE0B92D48E20678_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\04E0A66AEEDD32A3C1A49D1325952D7E_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\067733E50C20E9DDD406F39416105135_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0AF82A592E24CE7F0F67FEA65A3D01C8_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0D90C430AAC3178E5E91952FFF2EB0EC_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0FCA11F4E485F582CAD745C73EBEBFEA_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\14CCC6CB511A061DD3EB01F6E320A7AA_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\186748CC8F5B277A6709AF446F26721A_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1C38B7472E4DD4BD2E82AAABE04D150C_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1E5C4A9F341215A5015B4617122EF7A9_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1EF2F12A1BB1874D71B6890D85A44AA0_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2234C5CBA4B51BD1F72697A8BFF9BD4E_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\23CAF99179E7B233F259F24967A4BCF6_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\27FB2A91500F8FAD3983AB955B4A2D6B_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\28AB83510F4BE4583D1C4574F408CF23_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2B3DCF18B014C811E5679F3E72FAE466_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\301A28EFA0AD4662770068D2B5DAEC52_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\31F5E1E887561D6A10DB2BA3F96B59E4_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3A6949E14F3D08F514B04476D2A69D99_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3CC8EA9AAC549772719455B43FAB7626_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3218D4F40145635A7043C0DCB279E9C9_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\37FF6661235D15BEF94DE789F782E606_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\402A6C27FDCFE7472C1950AFE9643FB3_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\395ACC5B7C4F72460E6D6C74DE382F45_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\408C6A542F2B9E333619669D55F0B325_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\42CF05633FEF97895F439FB707830AE7_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\425BB0F879F1BE458FF4ADA8FCC00E70_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\43491FA3C77E01F0A56E65E695B0D6D3_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\47394F8D08B475F6D75A1D81B223A0CF_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\475EEBE0EC0B9F0AAC58A1C88ECBCC01_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\47C83DC34B7E88317D4C4C0324CEA9E8_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\486A289DF1C892118BE46F90DB60924C_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4546E6D4C59AB097B21B5568C5030F44_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4D040C1E676914C165EB8B8584AE0594_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4FE8DC9E1704865B335343E11EBC117B_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\503B27D75F26A68C920B37FA5235ADD1_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\517730A9ED545C51C67ADA56ACFEE61E_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\54633532C962990295DFB7179FC1F64B_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\63B199EBDFCA8CD462470C0F4D3807DD_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\679F123EA91A574437B29FBDDD6C2E7E_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\68C223552ADABD85A0A46E868191A37B_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6CA5EC4A5E29E944B04EB79987872E74_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\723045502B4E559C73C1CD82F75472F0_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\72BC8493D463C54DE0EB08A78787D7BE_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\73320B8787040A01A2360DF2B0CF8AF5_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\76DB1A82E37CB102BD8A5E6E8AA73DF2_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\78174FD7D944CFA189F6BE5E49EFE1C4_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7C6B2CC70743D0242916CFA072827739_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7D838D2404B870EF805B5E7A09DF55BB_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7FA5936145E52EC93400A219161F9A87_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\81B252EFE9F898844FEE2EBD3F3263CF_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8388C9DD1F356873D3DC3F0C2D6DE614_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\84A26D85BAC222B2D2B2AD525623823E_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8590BC8A643435FF05106D500069771A_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8C6F6299A50A1A676D39754B0D8B4CB3_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8D39DC44783BBBED72001DD1CC8D9781_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92AA0502D49282462CB4C1EB81C883E6_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\94D96768116EAC5E7CE5D0AD6965E182_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\95A29BC2BE4D23D8FFFA95F5C31EC81D_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\993ADAC6410C78B5DCCAEC43302D1C47_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\96D66B345CAC937B59C3AEBCF794CC99_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9AE6E7E68FC197D0EEF262FD87F04D4A_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A0093B4FFCE9290F8452DD27B5D24156_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A06B0FCA8DD7E823EE7323A8EC369930_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A2E2FB159AC8ECC4F661A6462A461353_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A4A76869ED7F556B9E8050259BF89CA4_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A4C9D40D4C8072E15F589DF4DE2513DC_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A65CD14D071900A9E41651D444D9C6B0_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AABA228B924D3392EF3F009416D910CC_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9B368E1F7EC460A0A03D78F4C916155A_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AAEC1922E5619DBFA9D6AA6B9CBF295F_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AC06684E3637CBDCBF07E7016DECA5A0_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AB74A9272B14EA2BC8416BF890E45F4C_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B3340BCF3DAF9303843214CBDCFCDC06_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B4F5CBB7E190824751FB36B268EFD02D_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B5DCF4BDCF99030B7E6CBF871EB8796D_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB1656E87BCA337DE53A2A1DB76019EC_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BCF058C7782655A5E31110B95B74DA35_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BDC95FBA858571EA72304AF7AED3CB46_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C0724FE8ED0A7D721557EC3762987561_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C40604441C59F94C9EBF5D572344545E_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C8271FD027FA552C7EBF16B776690848_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C830D2E5C10A6D627EAA51ACD10E300A_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CC9EA836A66EE0D0789851DAE67E51D0_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CDB204D07D7210F78E1794BCE47C3DE0_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CE6EA861F335E7AA3B106C7E1741D1C5_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D0F7AE117AEA85B44D9306853CE7164D_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D1072A2D01B1B2435B0135CC3A7ECB53_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D12201846BB1F642A96EB9DA731FBF63_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D170167C266BDC3A3823ED6191ABEE66_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D26BB40BF12A5111720F80A90F210571_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D443E7AEC429288BC2B7F6C145E49926_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D5A500608597BAF0FC667F63D8929717_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D63FD78D6B08BF96DD5A978D294BCE0A_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D76AA57BF23D51DB1C6FFCF0C51F5F4B_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D995B3FE8ECBEEAC126D2B205D9B2FF0_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DBE8D908215A72D0AF6B303509668D81_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DC03753AB3363D7C3C180A6213C16EE5_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DC6252FACC12D4F75B6C036433DA23C5_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DE0EC3180B18A63AE06B10274BF8AF11_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DFCA39A223ED5810A54268505F8ACC18_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E8A20A05E25ADC83EEFE4168214A7EA8_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E9141B3E145BC1B712FCDACBBD2D90C1_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E99333BD017F645312A262E5487D274D_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED220655326D5CD3DC655CD7FF519324_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F1EF6A706D21B71A899DA7E90B7FDB55_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F656B7A42783AD539F5F013CC0E8D4DF_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FB11BF0B4098A8D4BBF24DE5C87AF246_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FD2A8DC7DF790F25BF308A74427FD805_0AF11183-8CBB-41CA-A640-DFAFCD436EA3
--------------------------------------------------------------------------------
COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

--------------------------------------------------------------------------------
|


I haven't seen a redirect in quite a while. When they were happening, they weren't coming from bad links. I'd click on a valid link at something fairly secure (hulu.com for example) but it would redirect me to another IP address/search page. If I hit the back button on my browser and clicked on the same link again, it would take me to the correct place. I haven't had this happen in a week or so now.
Tim

#12 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,551 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 23 March 2012 - 11:10 AM

Hello Tim,
Very good to hear that the redirect issue is gone away. Please practice safer surfing (see below).

We can wrap this up now. I see that you are clear of your original issues.
If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it combofix Posted Image),
put that name in the RUN box stated just below.
The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.
Note the space before the slash mark.
The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.
  • Highlight the line in this CODEBOX.
    Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
    c:\users\Tim\Desktop\ComboFix /uninstall
  • Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.

    Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
    Then tap Enter
IF in the case Combofix un-install has an issue, skip that step.

NEXT
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
We are finished here. Best regards.

Edited by Maurice Naggar, 23 March 2012 - 11:15 AM.

Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users