tkatavic

Infected (I sometimes see Happili.com re-directs on Google searches)

46 posts in this topic

Hi all,

So, I was noticing these weird 'happili' re-directs while browsing some search results the other day. After running both MBAM and AntiVir scans, the following was found:

TR/Crypt.ZPACK.Gen8

TR/Medfos.A.101

I allowed MBAM to quarantine its findings.

Since then, I've run both scans again and they've reported 0 malicious results. Unfortunately, I am still experiencing the 'happili' re-direct.

Also, I can't run DDS and have never been able to (despite turning _Everything_ on my system off [internet, a/v, etc.]) -- it always stops 3/4 of the way.

What should I do next?

Thank you for your time!

Thomas

Share this post


Link to post
Share on other sites

Hi all,

Please forgive me if I'm not supposed to be re-pinging a ticket but do let me know if anyone help me out with this.

Thanks for your time!

Thomas

Share this post


Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste". typically C:\ For example, Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Share this post


Link to post
Share on other sites

Hi there!

Thanks for helping me. The link you provided to TDDSKiller.exe wasn't working, so I grabbed it from here: http://support.kaspersky.com/viruses/utility. Below is the log of the scan I ran with it:

***

18:31:04.0406 3080 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

18:31:04.0546 3080 ============================================================

18:31:04.0546 3080 Current date / time: 2012/04/12 18:31:04.0546

18:31:04.0546 3080 SystemInfo:

18:31:04.0546 3080

18:31:04.0546 3080 OS Version: 5.1.2600 ServicePack: 3.0

18:31:04.0546 3080 Product type: Workstation

18:31:04.0546 3080 ComputerName: COMPUTER

18:31:04.0546 3080 Windows directory: C:\WINDOWS

18:31:04.0546 3080 System windows directory: C:\WINDOWS

18:31:04.0546 3080 Processor architecture: Intel x86

18:31:04.0546 3080 Number of processors: 2

18:31:04.0546 3080 Page size: 0x1000

18:31:04.0546 3080 Boot type: Normal boot

18:31:04.0562 3080 ============================================================

18:31:06.0062 3080 Drive \Device\Harddisk0\DR0 - Size: 0x12A2480000 (74.54 Gb), SectorSize: 0x200, Cylinders: 0x2602, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

18:31:06.0078 3080 \Device\Harddisk0\DR0:

18:31:06.0078 3080 MBR used

18:31:06.0078 3080 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9512343

18:31:06.0109 3080 Initialize success

18:31:06.0109 3080 ============================================================

18:31:27.0906 2292 ============================================================

18:31:27.0906 2292 Scan started

18:31:27.0906 2292 Mode: Manual;

18:31:27.0906 2292 ============================================================

18:31:28.0156 2292 Abiosdsk - ok

18:31:28.0187 2292 abp480n5 - ok

18:31:28.0234 2292 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

18:31:28.0250 2292 ac97intc - ok

18:31:28.0296 2292 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:31:28.0296 2292 ACPI - ok

18:31:28.0312 2292 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

18:31:28.0328 2292 ACPIEC - ok

18:31:28.0343 2292 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

18:31:28.0375 2292 adpu160m - ok

18:31:28.0406 2292 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys

18:31:28.0437 2292 adpu320 - ok

18:31:28.0484 2292 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys

18:31:28.0500 2292 aeaudio - ok

18:31:28.0531 2292 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

18:31:28.0546 2292 aec - ok

18:31:28.0609 2292 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys

18:31:28.0625 2292 AegisP - ok

18:31:28.0671 2292 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

18:31:28.0671 2292 AFD - ok

18:31:28.0796 2292 Aha154x - ok

18:31:28.0843 2292 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

18:31:28.0859 2292 aic78u2 - ok

18:31:28.0875 2292 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

18:31:28.0890 2292 aic78xx - ok

18:31:28.0921 2292 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

18:31:28.0937 2292 Alerter - ok

18:31:28.0953 2292 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

18:31:28.0953 2292 ALG - ok

18:31:28.0968 2292 AliIde - ok

18:31:28.0984 2292 amsint - ok

18:31:29.0109 2292 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files\Avira\AntiVir Desktop\sched.exe

18:31:29.0125 2292 AntiVirSchedulerService - ok

18:31:29.0171 2292 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

18:31:29.0171 2292 AntiVirService - ok

18:31:29.0265 2292 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

18:31:29.0281 2292 Apple Mobile Device - ok

18:31:29.0328 2292 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

18:31:29.0343 2292 AppMgmt - ok

18:31:29.0359 2292 asc - ok

18:31:29.0359 2292 asc3350p - ok

18:31:29.0375 2292 asc3550 - ok

18:31:29.0484 2292 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

18:31:29.0515 2292 aspnet_state - ok

18:31:29.0656 2292 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:31:29.0671 2292 AsyncMac - ok

18:31:29.0687 2292 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

18:31:29.0687 2292 atapi - ok

18:31:29.0703 2292 Atdisk - ok

18:31:29.0750 2292 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:31:29.0765 2292 Atmarpc - ok

18:31:29.0812 2292 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

18:31:29.0828 2292 AudioSrv - ok

18:31:29.0875 2292 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

18:31:29.0890 2292 audstub - ok

18:31:30.0000 2292 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

18:31:30.0015 2292 avgio - ok

18:31:30.0015 2292 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

18:31:30.0031 2292 avgntflt - ok

18:31:30.0062 2292 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

18:31:30.0109 2292 avipbb - ok

18:31:30.0156 2292 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

18:31:30.0171 2292 b57w2k - ok

18:31:30.0203 2292 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

18:31:30.0218 2292 Beep - ok

18:31:30.0343 2292 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

18:31:30.0468 2292 BITS - ok

18:31:30.0578 2292 Blfp (9976971b7092f5bff20073ab31ba1598) C:\WINDOWS\system32\DRIVERS\baspxp32.sys

18:31:30.0593 2292 Blfp - ok

18:31:30.0671 2292 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files\Bonjour\mDNSResponder.exe

18:31:30.0734 2292 Bonjour Service - ok

18:31:30.0765 2292 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

18:31:30.0781 2292 Browser - ok

18:31:30.0828 2292 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

18:31:30.0843 2292 cbidf2k - ok

18:31:30.0890 2292 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

18:31:30.0906 2292 CCDECODE - ok

18:31:30.0921 2292 cd20xrnt - ok

18:31:30.0953 2292 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

18:31:30.0984 2292 Cdaudio - ok

18:31:31.0078 2292 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

18:31:31.0093 2292 Cdfs - ok

18:31:31.0109 2292 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:31:31.0140 2292 Cdrom - ok

18:31:31.0140 2292 Changer - ok

18:31:31.0171 2292 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

18:31:31.0171 2292 CiSvc - ok

18:31:31.0203 2292 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

18:31:31.0218 2292 ClipSrv - ok

18:31:31.0296 2292 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:31:31.0328 2292 clr_optimization_v2.0.50727_32 - ok

18:31:31.0390 2292 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

18:31:31.0406 2292 clr_optimization_v4.0.30319_32 - ok

18:31:31.0453 2292 CmdIde - ok

18:31:31.0468 2292 COMSysApp - ok

18:31:31.0484 2292 Cpqarray - ok

18:31:31.0531 2292 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

18:31:31.0546 2292 CryptSvc - ok

18:31:31.0562 2292 dac2w2k - ok

18:31:31.0562 2292 dac960nt - ok

18:31:31.0609 2292 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

18:31:31.0625 2292 DcomLaunch - ok

18:31:31.0687 2292 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

18:31:31.0687 2292 Dhcp - ok

18:31:31.0765 2292 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

18:31:31.0765 2292 Disk - ok

18:31:31.0781 2292 dmadmin - ok

18:31:31.0828 2292 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

18:31:31.0890 2292 dmboot - ok

18:31:31.0937 2292 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

18:31:31.0937 2292 dmio - ok

18:31:31.0968 2292 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

18:31:31.0968 2292 dmload - ok

18:31:32.0000 2292 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

18:31:32.0015 2292 dmserver - ok

18:31:32.0031 2292 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

18:31:32.0046 2292 DMusic - ok

18:31:32.0093 2292 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

18:31:32.0093 2292 Dnscache - ok

18:31:32.0156 2292 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

18:31:32.0187 2292 Dot3svc - ok

18:31:32.0234 2292 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

18:31:32.0250 2292 dpti2o - ok

18:31:32.0281 2292 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

18:31:32.0296 2292 drmkaud - ok

18:31:32.0312 2292 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

18:31:32.0328 2292 E100B - ok

18:31:32.0421 2292 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

18:31:32.0437 2292 EapHost - ok

18:31:32.0453 2292 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

18:31:32.0484 2292 ERSvc - ok

18:31:32.0531 2292 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

18:31:32.0531 2292 Eventlog - ok

18:31:32.0593 2292 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

18:31:32.0609 2292 EventSystem - ok

18:31:32.0640 2292 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

18:31:32.0640 2292 Fastfat - ok

18:31:32.0703 2292 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

18:31:32.0703 2292 FastUserSwitchingCompatibility - ok

18:31:32.0750 2292 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

18:31:32.0765 2292 Fdc - ok

18:31:32.0812 2292 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

18:31:32.0828 2292 Fips - ok

18:31:32.0843 2292 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

18:31:32.0859 2292 Flpydisk - ok

18:31:32.0890 2292 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

18:31:32.0890 2292 FltMgr - ok

18:31:32.0984 2292 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

18:31:33.0000 2292 FontCache3.0.0.0 - ok

18:31:33.0078 2292 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:31:33.0109 2292 Fs_Rec - ok

18:31:33.0109 2292 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:31:33.0125 2292 Ftdisk - ok

18:31:33.0140 2292 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

18:31:33.0171 2292 GEARAspiWDM - ok

18:31:33.0234 2292 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:31:33.0250 2292 Gpc - ok

18:31:33.0296 2292 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

18:31:33.0328 2292 helpsvc - ok

18:31:33.0343 2292 HidServ - ok

18:31:33.0406 2292 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:31:33.0421 2292 HidUsb - ok

18:31:33.0468 2292 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

18:31:33.0500 2292 hkmsvc - ok

18:31:33.0500 2292 hpn - ok

18:31:33.0562 2292 hpqwmi (e7e0cf2e13994dab2ce10dfef25bf610) C:\Program Files\HPQ\Shared\hpqwmi.exe

18:31:33.0578 2292 hpqwmi - ok

18:31:33.0625 2292 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

18:31:33.0640 2292 HTTP - ok

18:31:33.0687 2292 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

18:31:33.0703 2292 HTTPFilter - ok

18:31:33.0765 2292 i2omgmt - ok

18:31:33.0765 2292 i2omp - ok

18:31:33.0812 2292 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

18:31:33.0843 2292 i8042prt - ok

18:31:33.0890 2292 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

18:31:33.0921 2292 i81x - ok

18:31:33.0968 2292 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

18:31:33.0984 2292 iAimFP0 - ok

18:31:34.0000 2292 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

18:31:34.0015 2292 iAimFP1 - ok

18:31:34.0031 2292 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

18:31:34.0046 2292 iAimFP2 - ok

18:31:34.0062 2292 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

18:31:34.0093 2292 iAimFP3 - ok

18:31:34.0156 2292 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

18:31:34.0171 2292 iAimFP4 - ok

18:31:34.0187 2292 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys

18:31:34.0203 2292 iAimFP5 - ok

18:31:34.0203 2292 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys

18:31:34.0218 2292 iAimFP6 - ok

18:31:34.0234 2292 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys

18:31:34.0234 2292 iAimFP7 - ok

18:31:34.0250 2292 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

18:31:34.0265 2292 iAimTV0 - ok

18:31:34.0281 2292 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

18:31:34.0296 2292 iAimTV1 - ok

18:31:34.0312 2292 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

18:31:34.0328 2292 iAimTV3 - ok

18:31:34.0359 2292 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

18:31:34.0375 2292 iAimTV4 - ok

18:31:34.0406 2292 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys

18:31:34.0421 2292 iAimTV5 - ok

18:31:34.0437 2292 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys

18:31:34.0453 2292 iAimTV6 - ok

18:31:34.0500 2292 ialm (16f8de7a7f9023aac04dec6a8a264441) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

18:31:34.0546 2292 ialm - ok

18:31:34.0687 2292 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

18:31:34.0828 2292 idsvc - ok

18:31:34.0937 2292 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

18:31:34.0953 2292 Imapi - ok

18:31:35.0000 2292 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

18:31:35.0000 2292 ImapiService - ok

18:31:35.0031 2292 ini910u - ok

18:31:35.0062 2292 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

18:31:35.0078 2292 IntelIde - ok

18:31:35.0093 2292 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

18:31:35.0109 2292 intelppm - ok

18:31:35.0140 2292 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

18:31:35.0140 2292 Ip6Fw - ok

18:31:35.0171 2292 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:31:35.0203 2292 IpFilterDriver - ok

18:31:35.0218 2292 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:31:35.0250 2292 IpInIp - ok

18:31:35.0281 2292 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:31:35.0281 2292 IpNat - ok

18:31:35.0375 2292 iPod Service (b84a28b3984185eda8867541af14cddb) C:\Program Files\iPod\bin\iPodService.exe

18:31:35.0390 2292 iPod Service - ok

18:31:35.0406 2292 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:31:35.0437 2292 IPSec - ok

18:31:35.0453 2292 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

18:31:35.0453 2292 IRENUM - ok

18:31:35.0500 2292 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:31:35.0515 2292 isapnp - ok

18:31:35.0640 2292 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe

18:31:35.0656 2292 JavaQuickStarterService - ok

18:31:35.0718 2292 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:31:35.0734 2292 Kbdclass - ok

18:31:35.0796 2292 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

18:31:35.0828 2292 kmixer - ok

18:31:35.0859 2292 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

18:31:35.0859 2292 KSecDD - ok

18:31:35.0890 2292 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

18:31:35.0890 2292 lanmanserver - ok

18:31:35.0921 2292 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

18:31:35.0921 2292 lanmanworkstation - ok

18:31:35.0937 2292 lbrtfdc - ok

18:31:35.0984 2292 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

18:31:36.0000 2292 LmHosts - ok

18:31:36.0031 2292 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys

18:31:36.0031 2292 mbamchameleon - ok

18:31:36.0062 2292 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

18:31:36.0078 2292 Messenger - ok

18:31:36.0125 2292 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

18:31:36.0140 2292 mnmdd - ok

18:31:36.0171 2292 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

18:31:36.0203 2292 mnmsrvc - ok

18:31:36.0234 2292 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

18:31:36.0250 2292 Modem - ok

18:31:36.0281 2292 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:31:36.0281 2292 Mouclass - ok

18:31:36.0390 2292 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:31:36.0421 2292 mouhid - ok

18:31:36.0484 2292 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

18:31:36.0500 2292 MountMgr - ok

18:31:36.0500 2292 mraid35x - ok

18:31:36.0546 2292 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:31:36.0546 2292 MRxDAV - ok

18:31:36.0609 2292 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:31:36.0609 2292 MRxSmb - ok

18:31:36.0671 2292 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

18:31:36.0687 2292 MSDTC - ok

18:31:36.0703 2292 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

18:31:36.0718 2292 Msfs - ok

18:31:36.0718 2292 MSIServer - ok

18:31:36.0765 2292 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:31:36.0781 2292 MSKSSRV - ok

18:31:36.0812 2292 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:31:36.0828 2292 MSPCLOCK - ok

18:31:36.0859 2292 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

18:31:36.0890 2292 MSPQM - ok

18:31:36.0921 2292 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:31:36.0921 2292 mssmbios - ok

18:31:36.0968 2292 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

18:31:37.0000 2292 MSTEE - ok

18:31:37.0015 2292 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

18:31:37.0031 2292 Mup - ok

18:31:37.0046 2292 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

18:31:37.0078 2292 NABTSFEC - ok

18:31:37.0156 2292 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

18:31:37.0218 2292 napagent - ok

18:31:37.0296 2292 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

18:31:37.0296 2292 NDIS - ok

18:31:37.0328 2292 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

18:31:37.0343 2292 NdisIP - ok

18:31:37.0375 2292 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:31:37.0375 2292 NdisTapi - ok

18:31:37.0406 2292 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:31:37.0421 2292 Ndisuio - ok

18:31:37.0468 2292 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:31:37.0484 2292 NdisWan - ok

18:31:37.0515 2292 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

18:31:37.0531 2292 NDProxy - ok

18:31:37.0546 2292 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

18:31:37.0546 2292 NetBIOS - ok

18:31:37.0562 2292 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

18:31:37.0593 2292 NetBT - ok

18:31:37.0640 2292 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

18:31:37.0656 2292 NetDDE - ok

18:31:37.0671 2292 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

18:31:37.0671 2292 NetDDEdsdm - ok

18:31:37.0718 2292 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:31:37.0718 2292 Netlogon - ok

18:31:37.0812 2292 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

18:31:37.0828 2292 Netman - ok

18:31:37.0937 2292 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

18:31:37.0953 2292 NetTcpPortSharing - ok

18:31:38.0015 2292 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

18:31:38.0031 2292 Nla - ok

18:31:38.0125 2292 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

18:31:38.0125 2292 Npfs - ok

18:31:38.0171 2292 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

18:31:38.0171 2292 Ntfs - ok

18:31:38.0187 2292 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:31:38.0187 2292 NtLmSsp - ok

18:31:38.0234 2292 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

18:31:38.0265 2292 NtmsSvc - ok

18:31:38.0312 2292 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

18:31:38.0328 2292 Null - ok

18:31:38.0343 2292 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:31:38.0359 2292 NwlnkFlt - ok

18:31:38.0375 2292 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:31:38.0390 2292 NwlnkFwd - ok

18:31:38.0562 2292 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

18:31:38.0593 2292 odserv - ok

18:31:38.0640 2292 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

18:31:38.0656 2292 ose - ok

18:31:38.0734 2292 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

18:31:38.0734 2292 P3 - ok

18:31:38.0765 2292 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

18:31:38.0781 2292 Parport - ok

18:31:38.0843 2292 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

18:31:38.0843 2292 PartMgr - ok

18:31:38.0875 2292 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

18:31:38.0890 2292 ParVdm - ok

18:31:38.0921 2292 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

18:31:38.0921 2292 PCI - ok

18:31:38.0937 2292 PCIDump - ok

18:31:38.0953 2292 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

18:31:38.0953 2292 PCIIde - ok

18:31:38.0984 2292 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

18:31:39.0000 2292 Pcmcia - ok

18:31:39.0015 2292 PDCOMP - ok

18:31:39.0031 2292 PDFRAME - ok

18:31:39.0046 2292 PDRELI - ok

18:31:39.0062 2292 PDRFRAME - ok

18:31:39.0062 2292 perc2 - ok

18:31:39.0078 2292 perc2hib - ok

18:31:39.0125 2292 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

18:31:39.0140 2292 PlugPlay - ok

18:31:39.0171 2292 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:31:39.0187 2292 PolicyAgent - ok

18:31:39.0218 2292 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:31:39.0234 2292 PptpMiniport - ok

18:31:39.0250 2292 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:31:39.0250 2292 ProtectedStorage - ok

18:31:39.0265 2292 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

18:31:39.0296 2292 PSched - ok

18:31:39.0343 2292 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:31:39.0359 2292 Ptilink - ok

18:31:39.0375 2292 ql1080 - ok

18:31:39.0390 2292 Ql10wnt - ok

18:31:39.0406 2292 ql12160 - ok

18:31:39.0406 2292 ql1240 - ok

18:31:39.0421 2292 ql1280 - ok

18:31:39.0546 2292 RalinkRegistryWriter (cb6849a0f18a49e694762e93a58a853b) C:\Program Files\TP-LINK\TWCU\COMMON\RegistryWriter.exe

18:31:39.0562 2292 RalinkRegistryWriter - ok

18:31:39.0609 2292 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:31:39.0625 2292 RasAcd - ok

18:31:39.0671 2292 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

18:31:39.0703 2292 RasAuto - ok

18:31:39.0718 2292 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:31:39.0750 2292 Rasl2tp - ok

18:31:39.0796 2292 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

18:31:39.0812 2292 RasMan - ok

18:31:39.0875 2292 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:31:39.0890 2292 RasPppoe - ok

18:31:39.0906 2292 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

18:31:39.0921 2292 Raspti - ok

18:31:39.0937 2292 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:31:39.0937 2292 Rdbss - ok

18:31:39.0968 2292 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:31:39.0984 2292 RDPCDD - ok

18:31:40.0031 2292 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

18:31:40.0062 2292 rdpdr - ok

18:31:40.0109 2292 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

18:31:40.0109 2292 RDPWD - ok

18:31:40.0187 2292 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

18:31:40.0218 2292 RDSessMgr - ok

18:31:40.0265 2292 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

18:31:40.0281 2292 redbook - ok

18:31:40.0328 2292 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

18:31:40.0343 2292 RemoteAccess - ok

18:31:40.0406 2292 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

18:31:40.0437 2292 RemoteRegistry - ok

18:31:40.0468 2292 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

18:31:40.0484 2292 RpcLocator - ok

18:31:40.0546 2292 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

18:31:40.0546 2292 RpcSs - ok

18:31:40.0578 2292 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

18:31:40.0609 2292 RSVP - ok

18:31:40.0703 2292 rt2870 (f1fcf23c4a2c777fe77e3e703654eb66) C:\WINDOWS\system32\DRIVERS\rt2870.sys

18:31:40.0718 2292 rt2870 - ok

18:31:40.0750 2292 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:31:40.0750 2292 SamSs - ok

18:31:40.0765 2292 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

18:31:40.0796 2292 SCardSvr - ok

18:31:40.0875 2292 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

18:31:40.0906 2292 Schedule - ok

18:31:40.0937 2292 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:31:40.0968 2292 Secdrv - ok

18:31:41.0015 2292 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

18:31:41.0031 2292 seclogon - ok

18:31:41.0078 2292 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

18:31:41.0078 2292 SENS - ok

18:31:41.0093 2292 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

18:31:41.0109 2292 serenum - ok

18:31:41.0140 2292 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

18:31:41.0156 2292 Serial - ok

18:31:41.0187 2292 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

18:31:41.0203 2292 Sfloppy - ok

18:31:41.0265 2292 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

18:31:41.0281 2292 SharedAccess - ok

18:31:41.0328 2292 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

18:31:41.0328 2292 ShellHWDetection - ok

18:31:41.0375 2292 Simbad - ok

18:31:41.0437 2292 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

18:31:41.0453 2292 SLIP - ok

18:31:41.0531 2292 smwdm (86d17b6760dd2b09e932ff101714e0dc) C:\WINDOWS\system32\drivers\smwdm.sys

18:31:41.0562 2292 smwdm - ok

18:31:41.0640 2292 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

18:31:41.0656 2292 SoundMAX Agent Service (default) - ok

18:31:41.0687 2292 Sparrow - ok

18:31:41.0718 2292 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

18:31:41.0734 2292 splitter - ok

18:31:41.0765 2292 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

18:31:41.0781 2292 Spooler - ok

18:31:41.0796 2292 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

18:31:41.0828 2292 sr - ok

18:31:41.0875 2292 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

18:31:41.0890 2292 srservice - ok

18:31:41.0937 2292 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

18:31:41.0953 2292 Srv - ok

18:31:42.0000 2292 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

18:31:42.0000 2292 SSDPSRV - ok

18:31:42.0062 2292 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

18:31:42.0078 2292 ssmdrv - ok

18:31:42.0093 2292 Steam Client Service - ok

18:31:42.0156 2292 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

18:31:42.0218 2292 stisvc - ok

18:31:42.0515 2292 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

18:31:42.0578 2292 streamip - ok

18:31:42.0656 2292 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

18:31:42.0671 2292 swenum - ok

18:31:42.0781 2292 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

18:31:42.0828 2292 SwitchBoard - ok

18:31:42.0843 2292 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

18:31:42.0859 2292 swmidi - ok

18:31:42.0875 2292 SwPrv - ok

18:31:42.0921 2292 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

18:31:42.0937 2292 symc810 - ok

18:31:42.0937 2292 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

18:31:42.0953 2292 symc8xx - ok

18:31:42.0984 2292 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys

18:31:43.0015 2292 Symmpi - ok

18:31:43.0046 2292 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

18:31:43.0078 2292 sym_hi - ok

18:31:43.0093 2292 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

18:31:43.0109 2292 sym_u3 - ok

18:31:43.0125 2292 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

18:31:43.0140 2292 sysaudio - ok

18:31:43.0203 2292 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

18:31:43.0218 2292 SysmonLog - ok

18:31:43.0265 2292 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

18:31:43.0281 2292 TapiSrv - ok

18:31:43.0359 2292 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:31:43.0359 2292 Tcpip - ok

18:31:43.0578 2292 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

18:31:43.0593 2292 TDPIPE - ok

18:31:43.0671 2292 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

18:31:43.0687 2292 TDTCP - ok

18:31:43.0718 2292 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

18:31:43.0734 2292 TermDD - ok

18:31:43.0796 2292 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

18:31:43.0812 2292 TermService - ok

18:31:43.0859 2292 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

18:31:43.0859 2292 Themes - ok

18:31:43.0906 2292 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

18:31:43.0921 2292 TlntSvr - ok

18:31:43.0937 2292 TosIde - ok

18:31:43.0968 2292 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

18:31:43.0984 2292 TrkWks - ok

18:31:44.0031 2292 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

18:31:44.0046 2292 Udfs - ok

18:31:44.0078 2292 ultra - ok

18:31:44.0093 2292 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

18:31:44.0140 2292 Update - ok

18:31:44.0171 2292 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

18:31:44.0218 2292 upnphost - ok

18:31:44.0250 2292 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

18:31:44.0265 2292 UPS - ok

18:31:44.0328 2292 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

18:31:44.0343 2292 USBAAPL - ok

18:31:44.0421 2292 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

18:31:44.0468 2292 usbaudio - ok

18:31:44.0515 2292 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

18:31:44.0531 2292 usbccgp - ok

18:31:44.0578 2292 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:31:44.0609 2292 usbehci - ok

18:31:44.0640 2292 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:31:44.0656 2292 usbhub - ok

18:31:44.0703 2292 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:31:44.0734 2292 usbscan - ok

18:31:44.0765 2292 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:31:44.0796 2292 USBSTOR - ok

18:31:44.0812 2292 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

18:31:44.0843 2292 usbuhci - ok

18:31:44.0859 2292 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

18:31:44.0890 2292 usbvideo - ok

18:31:44.0921 2292 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

18:31:44.0937 2292 VgaSave - ok

18:31:44.0968 2292 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

18:31:44.0968 2292 ViaIde - ok

18:31:45.0000 2292 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

18:31:45.0000 2292 VolSnap - ok

18:31:45.0062 2292 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

18:31:45.0109 2292 VSS - ok

18:31:45.0187 2292 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

18:31:45.0218 2292 W32Time - ok

18:31:45.0296 2292 wampapache (53ea061ecc67223a430f153c3682ad54) c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe

18:31:45.0296 2292 wampapache - ok

18:31:45.0343 2292 wampmysqld - ok

18:31:45.0390 2292 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:31:45.0421 2292 Wanarp - ok

18:31:45.0421 2292 WDICA - ok

18:31:45.0453 2292 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

18:31:45.0468 2292 wdmaud - ok

18:31:45.0500 2292 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

18:31:45.0515 2292 WebClient - ok

18:31:45.0609 2292 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

18:31:45.0625 2292 winmgmt - ok

18:31:45.0703 2292 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll

18:31:45.0718 2292 WmdmPmSN - ok

18:31:45.0781 2292 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

18:31:45.0796 2292 Wmi - ok

18:31:45.0843 2292 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

18:31:45.0875 2292 WmiAcpi - ok

18:31:45.0906 2292 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

18:31:45.0937 2292 WmiApSrv - ok

18:31:46.0078 2292 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

18:31:46.0156 2292 WPFFontCache_v0400 - ok

18:31:46.0203 2292 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

18:31:46.0218 2292 wscsvc - ok

18:31:46.0265 2292 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

18:31:46.0281 2292 WSTCODEC - ok

18:31:46.0343 2292 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

18:31:46.0375 2292 wuauserv - ok

18:31:46.0421 2292 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

18:31:46.0468 2292 WZCSVC - ok

18:31:46.0515 2292 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

18:31:46.0562 2292 xmlprov - ok

18:31:46.0609 2292 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

18:31:46.0750 2292 \Device\Harddisk0\DR0 - ok

18:31:46.0750 2292 Boot (0x1200) (75c511d092483384b37846ac3c1e6821) \Device\Harddisk0\DR0\Partition0

18:31:46.0750 2292 \Device\Harddisk0\DR0\Partition0 - ok

18:31:46.0750 2292 ============================================================

18:31:46.0750 2292 Scan finished

18:31:46.0765 2292 ============================================================

18:31:46.0765 0152 Detected object count: 0

18:31:46.0765 0152 Actual detected object count: 0

Share this post


Link to post
Share on other sites

Thanks for the link. It looks like they moved it again.

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

Hi there,

Again, thanks for your help. I tried running CF multiple times to no avail. It always freezes out while it's scanning. I disconnected myself from the internet, disabled Antivir, etc., etc... no luck. Tried this about 3 times and manually shut down the computer after the 1 hour mark of scanning.

What should I do next?

Thanks,

Thomas

Share this post


Link to post
Share on other sites

Restart in Safe Mode and Try running it in Safe Mode

Share this post


Link to post
Share on other sites

Hello,

I rebooted in safe mode (twice) and tried running it.. same thing! :\

Thomas

Share this post


Link to post
Share on other sites

Hi there,

Still no good. Should I try starting in safe mode + running it from the chameleon folder, then?

Thomas

Share this post


Link to post
Share on other sites

Click the StartBtn.gif button. > Run - copy and paste this command in the box ComboFix /nombr then click OK.

Share this post


Link to post
Share on other sites

Okay, that seems to have worked! Here's the log I get at the end:

---

ComboFix 12-04-12.03 - Administrator 04/15/2012 20:54:52.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1532 [GMT -4:00]

Running from: c:\program files\Malwarebytes' Anti-Malware\Chameleon\ComboFix.exe

Command switches used :: /nombr

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\msssc.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))))

.

.

2012-04-12 22:30 . 2012-04-15 15:31 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-03-30 06:14 . 2012-03-30 06:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{A0A1B70A-7A2F-11E1-826D-B8AC6F996F26}

2012-03-24 22:42 . 2012-03-24 22:42 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe

2012-03-24 22:42 . 2012-03-24 22:42 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys

2012-03-24 22:42 . 2012-03-24 22:42 -------- d-----w- c:\program files\TP-LINK

2012-03-24 22:42 . 2009-06-17 13:40 650624 ----a-w- c:\windows\system32\drivers\rt2870.sys

2012-03-24 22:42 . 2009-06-17 13:40 221184 ----a-w- c:\windows\system32\RaCoInst.dll

2012-03-24 22:42 . 2012-03-24 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\TP-LINK Driver

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-01 11:01 . 2004-08-04 07:56 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-03-01 11:01 . 2004-08-04 07:56 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2004-08-04 07:56 43520 ------w- c:\windows\system32\licmgr10.dll

2012-02-29 14:10 . 2010-12-10 18:26 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 14:10 . 2004-08-04 07:56 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 12:17 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec

2012-02-03 09:22 . 2004-08-04 06:17 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-03-16 03:40 . 2011-04-01 23:12 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\Steam\Steam.exe" [2011-08-03 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-01 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-01 118784]

"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]

"LayoutM"="KLayMgr.exe" [2004-08-17 45056]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]

"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

TP-LINK Wireless Utility.lnk - c:\program files\TP-LINK\TWCU\COMMON\TWCU.exe [2012-3-24 1298432]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\wamp\\bin\\apache\\Apache2.2.17\\bin\\httpd.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\football manager 2011\\fm.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

.

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/16/2011 10:35 PM 136360]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/12/2012 6:30 PM 24064]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-274765018-2503423405-4002033684-500Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-25 05:31]

.

2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-274765018-2503423405-4002033684-500UA.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-25 05:31]

.

2011-09-30 c:\windows\Tasks\Lecture 12.job

- c:\documents and settings\Administrator\Desktop\School\Fall 2011\HCI521\Lecture Videos and Notes\Lecture 12.mov [2011-09-30 01:21]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.hp.com

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1f0zh2nm.default\

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-AdobeBridge - (no file)

AddRemove-Adobe Connect Add-in - c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-15 21:00

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-274765018-2503423405-4002033684-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c5,9f,9e,87,83,95,ad,4d,a8,dc,80,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c5,9f,9e,87,83,95,ad,4d,a8,dc,80,\

.

Completion time: 2012-04-15 21:02:44

ComboFix-quarantined-files.txt 2012-04-16 01:02

.

Pre-Run: 12,048,674,816 bytes free

Post-Run: 12,245,405,696 bytes free

.

- - End Of File - - 0512C702CAABB73FB129F206D3F49C75

Share this post


Link to post
Share on other sites

I tried running combofix directly from the chameleon folder following that and it froze out again (I let it run about 40 mins).

Thomas

Share this post


Link to post
Share on other sites

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Share this post


Link to post
Share on other sites

I updated and then ran the scan. As for my computer, I noticed the hapili re-direct while Google searching yesterday.

---

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.16.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Administrator :: COMPUTER [administrator]

4/16/2012 8:15:15 PM

mbam-log-2012-04-16 (20-15-15).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 285856

Time elapsed: 38 minute(s), 19 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

I'm not seeing it.

Please download DDS by sUBs from one of the following links and save it to your desktop.

[*]Disable any script blocking protection (How to Disable your Security Programs)

[*]Double click DDS icon to run the tool (may take up to 3 minutes to run)

[*]When done, DDS.txt will open.

[*]After a few moments, attach.txt will open in a second window.

[*]Save both reports to your desktop.

---------------------------------------------------

  • Post the contents of the DDS.txt report in your next reply

Share this post


Link to post
Share on other sites

Tried running it in both normal and safe mode with AntiVir guard disabled. Still freezing up like ComboFix. :\

Share this post


Link to post
Share on other sites

Do not reboot your computer after running rkill as the malware programs will start again.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 5 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

  1. rkill.exe
  2. rkill.com
  3. rkill.scr
  4. WiNlOgOn.exe
  5. uSeRiNiT.exe

Do not reboot your computer after running rkill as the malware programs will start again.

Now try DDS and Combofix while in Normal Mode

Share this post


Link to post
Share on other sites

I successfully rkill.exe. Its log showed that it didn't terminate any processes. I then tried to run ComboFix.exe and DDS again. Same problem.

Share this post


Link to post
Share on other sites

Download OTL to your desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Custom Scan box paste this in:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and include them in your next post.

Please include the following in your next post:

  • OTL and Extras logs

Share this post


Link to post
Share on other sites

OTL log:

===

OTL logfile created on: 4/18/2012 7:22:26 PM - Run 1

OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.14% Memory free

3.84 Gb Paging File | 3.47 Gb Available in Paging File | 90.30% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.54 Gb Total Space | 11.21 Gb Free Space | 15.04% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files\TP-LINK\TWCU\COMMON\TWCU.exe ()

PRC - C:\Program Files\TP-LINK\TWCU\COMMON\RegistryWriter.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)

PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\TortoiseSVN\bin\libsasl32.dll ()

MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()

MOD - C:\Program Files\TP-LINK\TWCU\COMMON\TWCU.exe ()

MOD - C:\Program Files\TP-LINK\TWCU\COMMON\acAuth.dll ()

MOD - C:\Program Files\TP-LINK\TWCU\COMMON\RegistryWriter.exe ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (PEVSystemStart) -- C:\ComboFix\pev.3XE ()

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (wampmysqld) -- c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe ()

SRV - (wampapache) -- c:\wamp\bin\apache\Apache2.2.17\bin\httpd.exe (Apache Software Foundation)

SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (RalinkRegistryWriter) -- C:\Program Files\TP-LINK\TWCU\COMMON\RegistryWriter.exe ()

SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found

DRV - (PDRFRAME) -- File not found

DRV - (PDRELI) -- File not found

DRV - (PDFRAME) -- File not found

DRV - (PDCOMP) -- File not found

DRV - (PCIDump) -- File not found

DRV - (lbrtfdc) -- File not found

DRV - (i2omgmt) -- File not found

DRV - (Changer) -- File not found

DRV - (catchme) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys File not found

DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys ()

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)

DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel® Corporation)

DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel® Corporation)

DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel® Corporation)

DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel® Corporation)

DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel® Corporation)

DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel® Corporation)

DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel® Corporation)

DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel® Corporation)

DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel® Corporation)

DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel® Corporation)

DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel® Corporation)

DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel® Corporation)

DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel® Corporation)

DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel® Corporation)

DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel® Corporation)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (Blfp) -- C:\WINDOWS\system32\drivers\baspxp32.sys (Broadcom Corporation)

DRV - (Symmpi) -- C:\WINDOWS\system32\drivers\symmpi.sys (LSI Logic)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files\Fiddler2\FiddlerHook [2012/03/15 00:26:04 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/15 23:40:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/18 18:29:16 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{A0A1B70A-7A2F-11E1-826D-B8AC6F996F26}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{A0A1B70A-7A2F-11E1-826D-B8AC6F996F26}\ [2012/03/30 02:14:38 | 000,000,000 | ---D | M]

[2011/01/24 20:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2012/03/25 20:22:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1f0zh2nm.default\extensions

[2011/12/23 09:32:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/06/12 23:58:13 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1F0ZH2NM.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI

[2012/03/30 02:14:38 | 000,000,000 | ---D | M] (Translate This!) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\{A0A1B70A-7A2F-11E1-826D-B8AC6F996F26}

[2012/03/15 23:40:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/11/27 19:08:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012/02/22 23:30:29 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/02/22 23:30:29 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\pdf.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\

CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\

CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/15 21:00:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (DebugBar BHO) - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll (Core Services)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll (Core Services)

O3 - HKCU\..\Toolbar\WebBrowser: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll (Core Services)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [LayoutM] C:\WINDOWS\KLayMgr.exe (Chicony)

O4 - HKLM..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)

O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TP-LINK Wireless Utility.lnk = C:\Program Files\TP-LINK\TWCU\COMMON\TWCU.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)

O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{823F4B8C-8DD6-4FC0-AD6E-DE74E77C9AC8}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2BEDC0C-A0AB-4D38-A202-734CDCB47899}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/18 19:20:18 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2012/04/18 18:16:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012/04/18 18:16:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012/04/18 18:16:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012/04/18 18:16:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012/04/18 18:16:41 | 000,000,000 | --SD | C] -- C:\ComboFix

[2012/04/16 17:57:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012/04/12 22:22:18 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/04/04 15:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2012/03/30 02:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{A0A1B70A-7A2F-11E1-826D-B8AC6F996F26}

[2012/03/24 18:43:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TP-LINK

[2012/03/24 18:42:56 | 000,000,000 | ---D | C] -- C:\Program Files\TP-LINK

[2012/03/24 18:42:13 | 000,650,624 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys

[2012/03/24 18:42:13 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll

[2012/03/24 18:42:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TP-LINK Driver

========== Files - Modified Within 30 Days ==========

[2012/04/18 19:20:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2012/04/18 19:17:01 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-274765018-2503423405-4002033684-500UA.job

[2012/04/18 19:15:20 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs

[2012/04/18 18:26:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/04/18 18:26:00 | 2138,574,848 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/18 18:26:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/04/18 06:17:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-274765018-2503423405-4002033684-500Core.job

[2012/04/16 20:14:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/15 21:00:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012/04/15 11:31:46 | 000,024,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys

[2012/04/14 21:19:38 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk

[2012/04/11 00:34:34 | 000,481,634 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/04/11 00:34:34 | 000,079,708 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/04/11 00:27:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/03/26 18:21:34 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Adobe PNG Format CS5 Prefs

[2012/03/24 18:43:04 | 000,001,839 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TP-LINK Wireless Utility.lnk

[2012/03/24 18:42:58 | 000,376,832 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe

========== Files Created - No Company Name ==========

[2012/04/18 18:16:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012/04/18 18:16:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012/04/18 18:16:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012/04/18 18:16:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012/04/18 18:16:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012/04/18 17:52:16 | 2138,574,848 | -HS- | C] () -- C:\hiberfil.sys

[2012/04/12 18:30:48 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys

[2012/03/24 18:43:04 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TP-LINK Wireless Utility.lnk

[2012/03/24 18:42:58 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe

[2012/03/24 18:42:10 | 000,015,312 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat

[2012/02/16 12:09:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/07/18 23:02:59 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Adobe IllExport Filter CS5 Prefs

[2011/06/12 23:59:50 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2011/06/08 00:56:59 | 007,988,838 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-274765018-2503423405-4002033684-500-0.dat

[2011/06/08 00:56:58 | 000,324,230 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2011/05/26 21:49:30 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2011/03/23 20:50:30 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Adobe PNG Format CS5 Prefs

[2011/03/06 21:04:32 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Adobe GIF Format CS5 Prefs

[2011/02/14 01:45:13 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND

[2011/02/12 18:14:22 | 000,021,184 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2011/01/30 13:52:48 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Adobe BMP Format CS5 Prefs

[2011/01/25 20:18:06 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs

[2011/01/24 20:10:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/12/10 14:45:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2010/12/10 14:43:27 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\std201mt.dll

[2010/12/10 14:41:17 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2010/12/10 14:41:17 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2010/12/10 14:41:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2010/12/10 14:41:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2010/12/10 14:41:17 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2010/12/10 14:41:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2010/12/10 14:27:18 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2010/12/10 14:26:53 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2010/12/10 14:26:48 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2010/12/10 14:26:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2010/12/10 14:25:17 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2010/12/10 14:16:13 | 000,001,065 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

========== LOP Check ==========

[2011/06/07 19:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Axure

[2011/05/27 19:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1

[2011/09/18 17:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Blender Foundation

[2011/01/29 04:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2012/04/18 18:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dropbox

[2012/04/17 22:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla

[2011/03/20 23:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo

[2011/02/04 21:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org

[2011/01/26 23:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera

[2011/07/17 22:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sports Interactive

[2011/01/29 02:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2012/01/02 19:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Subversion

[2011/04/07 19:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer

[2011/06/07 19:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Axure

[2011/01/24 20:25:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2011/07/12 17:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2012/04/18 19:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe

[2012/03/24 18:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TP-LINK Driver

[2011/01/30 20:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2011/06/20 12:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/06/07 19:07:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B4E81CDC-FC54-4176-962E-4391297C464F}

[2011/09/30 03:45:00 | 000,000,588 | ---- | M] () -- C:\WINDOWS\Tasks\Lecture 12.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2011/07/15 19:01:07 | 000,000,644 | ---- | M] () -- C:\bar.emf

[2010/12/10 12:01:01 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2011/07/11 18:12:43 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr

[2011/03/22 21:40:56 | 000,000,081 | ---- | M] () -- C:\DVDPATH.TXT

[2012/04/18 18:26:00 | 2138,574,848 | -HS- | M] () -- C:\hiberfil.sys

[2010/12/10 14:41:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/12/10 14:41:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2010/12/10 12:46:26 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2012/04/18 18:25:58 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

[2012/04/18 18:13:36 | 000,000,359 | ---- | M] () -- C:\rkill.log

[2012/04/12 18:34:43 | 000,082,786 | ---- | M] () -- C:\TDSSKiller.2.7.28.0_12.04.2012_18.31.04_log.txt

< %systemroot%\Fonts\*.com >

[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont

[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont

[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >

[2004/08/09 09:32:58 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

[2004/08/09 09:20:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2004/08/09 09:20:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2004/08/09 09:20:10 | 000,864,256 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

[2010/12/10 12:49:54 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

[2010/12/10 13:00:38 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

[2004/08/09 14:42:00 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >

[2012/04/18 19:20:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2011/08/15 22:14:50 | 000,139,264 | ---- | M] (Simon Tatham) -- C:\Documents and Settings\Administrator\Desktop\Pageant.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

[2011/01/24 20:09:53 | 004,622,344 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Administrator\My Documents\avg_free_stb_all_2011_1191_cnet.exe

[2011/01/24 20:09:01 | 008,582,536 | ---- | M] (Mozilla) -- C:\Documents and Settings\Administrator\My Documents\Firefox Setup 3.6.13.exe

< %USERPROFILE%\*.exe >

[2011/02/19 02:57:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\gosetup.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

[2010/12/10 13:00:38 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

[2012/04/18 18:26:05 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-04-11 04:36:28

< End of report >

===

Extras:

===

OTL Extras logfile created on: 4/18/2012 7:22:26 PM - Run 1

OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.14% Memory free

3.84 Gb Paging File | 3.47 Gb Available in Paging File | 90.30% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.54 Gb Total Space | 11.21 Gb Free Space | 15.04% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\wamp\bin\apache\Apache2.2.17\bin\httpd.exe" = C:\wamp\bin\apache\Apache2.2.17\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)

"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)

"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)

"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)

"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Program Files\Steam\steamapps\common\football manager 2011\fm.exe" = C:\Program Files\Steam\steamapps\common\football manager 2011\fm.exe:*:Enabled:Football Manager 2011 -- (Sports Interactive)

"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()

"C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0515803B-5068-4599-8666-963E143C7381}" = HP Smart Card Security for ProtectTools

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{23767F5D-A80C-4264-B8EA-ED4085FC332A}" = Adobe Illustrator CS5.1

"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29

"{2C65D0D7-2B7E-4788-ADB0-8693F344460B}" = Axure RP Pro 6

"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Management Programs

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3A504FB1-9593-48B4-81AE-D39F37EF7139}" = TortoiseSVN 1.7.3.22386 (32 bit)

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3

"{55559ABB-AB08-416F-A227-6319B545AF83}" = VitalSource Bookshelf

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{6151cf20-0bd8-4023-a4a0-6a86dcfe58e5}" = Python 2.6.6

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari

"{78E42E4F-021F-4E10-B1C2-09CA19487330}_is1" = SketchUp to OpenSceneGraph Exporter Plugin version 1.5.1

"{79770F05-E3B8-4DAA-BEDB-9EBF29EAF527}" = Keyboard Layout Management Application

"{7EF80615-639D-4BD0-B612-E347096452AD}" = TP-LINK Wireless Utility

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007

"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}" = HP ProtectTools Security Manager 1.00 C2

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support

"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F66CAE05-FA3A-EF04-DF5E-F11B9DD58B12}" = Balsamiq Mockups For Desktop

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Axure RP Pro 6" = Axure RP Pro 6

"BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1" = Balsamiq Mockups For Desktop

"Blender" = Blender

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"DebugBar" = DebugBar v5.4.1 for Internet Explorer (remove only)

"Fiddler2" = Fiddler2

"FileZilla Client" = FileZilla Client 3.3.5.1

"ie8" = Windows Internet Explorer 8

"IETester" = IETester v0.4.7 (remove only)

"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Management Programs

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"matplotlib-py2.6" = Python 2.6 matplotlib-1.0.1

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)

"numpy-py2.6" = Python 2.6 numpy-1.5.1

"Opera 11.60.1185" = Opera 11.60

"PIL-py2.6" = Python 2.6 PIL-1.1.7

"Software Setup" = Software Setup

"Steam App 34220" = Football Manager 2011

"TeamViewer 6" = TeamViewer 6

"uTorrent" = µTorrent

"Vim 7.3" = Vim 7.3 (self-installing)

"VISPRO" = Microsoft Office Visio Professional 2007

"VLC media player" = VLC media player 1.1.6

"WampServer 2_is1" = WampServer 2.1

"Windows XP Service Pack" = Windows XP Service Pack 3

"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{BD5F3A9C-22D5-4C1D-AEA0-ED1BE83A1E67}_is1" = Ruby 1.9.2-p290

"Dropbox" = Dropbox

"Google Chrome" = Google Chrome

"Layar3D Model Converter" = Layar3D Model Converter

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 12/27/2011 12:44:00 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978.

Error - 12/27/2011 12:44:11 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978.

Error - 12/27/2011 12:47:46 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978.

Error - 12/27/2011 12:48:11 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978.

Error - 12/27/2011 12:48:52 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978.

Error - 12/27/2011 12:48:58 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978.

Error - 12/27/2011 12:49:15 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978.

Error - 12/31/2011 11:08:13 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000

Description = Faulting application fm.exe, version 11.3.0.47461, faulting module

fm.exe, version 11.3.0.47461, fault address 0x0103f9c2.

Error - 1/6/2012 9:09:20 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000

Description = Faulting application photoshop.exe, version 12.0.0.0, faulting module

adobeswfl.dll, version 2.0.0.7489, fault address 0x00013db9.

Error - 1/16/2012 1:42:18 PM | Computer Name = COMPUTER | Source = .NET Runtime Optimization Service | ID = 1103

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

- Tried to start a service that wasn't the latest version of CLR Optimization service.

Will shutdown

[ System Events ]

Error - 4/15/2012 2:14:47 AM | Computer Name = COMPUTER | Source = Cdrom | ID = 262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 4/18/2012 8:11:04 AM | Computer Name = COMPUTER | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/18/2012 8:11:58 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7001

Description = The DHCP Client service depends on the NetBios over Tcpip service

which failed to start because of the following error: %%31

Error - 4/18/2012 8:11:58 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7001

Description = The DNS Client service depends on the TCP/IP Protocol Driver service

which failed to start because of the following error: %%31

Error - 4/18/2012 8:11:58 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7001

Description = The TCP/IP NetBIOS Helper service depends on the AFD service which

failed to start because of the following error: %%31

Error - 4/18/2012 8:11:58 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7001

Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver

service which failed to start because of the following error: %%31

Error - 4/18/2012 8:11:58 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7001

Description = The Bonjour Service service depends on the TCP/IP Protocol Driver

service which failed to start because of the following error: %%31

Error - 4/18/2012 8:11:58 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7001

Description = The IPSEC Services service depends on the IPSEC driver service which

failed to start because of the following error: %%31

Error - 4/18/2012 8:11:58 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip WS2IFSL

Error - 4/18/2012 8:14:50 AM | Computer Name = COMPUTER | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service netman with

arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

< End of report >

Share this post


Link to post
Share on other sites

OTL Fix

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL

    :Commands
    [EmptyFlash]
    [EmptyTemp]
    [RESETHOSTS]
    [purity]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.