TechSpot

8 Step Complete: Congratulations, You Won! Audio

By Twiggyskulls
Feb 4, 2011
  1. Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5677

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    2/4/2011 12:13:32 PM
    mbam-log-2011-02-04 (12-13-32).txt

    Scan type: Quick scan
    Objects scanned: 164761
    Time elapsed: 1 minute(s), 58 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)




    ========================================


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-02-04 12:21:36
    Windows 6.1.7600
    Running: 7cesb1hr.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0x84 0xC1 0x6B ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0x84 0xC1 0x6B ...

    ---- EOF - GMER 1.0.15 ----



    ========================================



    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by Brian at 11:52:03.77 on Fri 02/04/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4087.2709 [GMT -5:00]

    AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
    C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
    C:\Windows\system32\mfevtps.exe
    C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
    C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
    C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
    C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Users\Brian\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Users\Brian\AppData\Local\Apps\2.0\AVZHOJYN.37A\EA5GLQGW.RRZ\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe
    C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
    C:\Program Files (x86)\Razer\Naga\NagaTray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Brian\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [Google Update] "C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [Adobe.exe] C:\Users\Brian\AppData\Roaming\Adobe.exe
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
    mRun: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
    mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\NagaTray.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
    mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    StartupFolder: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    AppInit_DLLs: {DLL_Str}
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    AppInit_DLLs-X64: {DLL_Str}
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\2g6ao8s6.default\
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Users\Brian\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Windows\system32\npOGPPlugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    P2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2010-3-25 180968]
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-1-19 469400]
    R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-3-25 20792]
    R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2009-8-25 103744]
    R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2010-3-25 66880]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-1-19 79504]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-1-19 120096]
    R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]
    R3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision\RTCore64.sys [2010-8-10 14440]
    R3 RzSynapse;Razer Naga Driver;C:\Windows\System32\drivers\RzSynapse.sys [2010-4-21 73216]
    R3 skfiltv;skfiltv;C:\Windows\System32\drivers\skfiltv.sys [2008-8-14 24064]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-1-19 78896]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
    S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2009-6-19 20992]
    S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2009-1-29 9216]
    S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2010-4-1 26624]
    S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2010-1-25 10240]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-29 1255736]

    =============== Created Last 30 ================

    2011-02-03 15:41:24 -------- d-----w- C:\Users\Brian\AppData\Roaming\RIFT
    2011-02-03 15:41:08 -------- d-----w- C:\Program Files (x86)\RIFT Beta
    2011-01-31 02:46:36 -------- d-----w- C:\Users\Brian\AppData\Local\Divinity 2
    2011-01-31 02:46:36 -------- d-----w- C:\PROGRA~3\Divinity 2
    2011-01-29 02:09:53 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-01-21 04:31:58 -------- d-----w- C:\Program Files (x86)\Stunlock Studios
    2011-01-21 04:30:47 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
    2011-01-20 03:19:59 23864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
    2011-01-20 03:19:58 78896 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
    2011-01-20 03:19:56 97576 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
    2011-01-20 03:19:56 120096 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
    2011-01-20 03:19:55 84424 ----a-w- C:\Windows\System32\drivers\mfetdik.sys
    2011-01-20 03:19:54 79504 ----a-w- C:\Windows\System32\mfevtps.exe
    2011-01-20 03:19:54 469400 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
    2011-01-20 03:18:28 -------- d-----w- C:\Program Files (x86)\Common Files\Cisco Systems
    2011-01-20 03:18:25 -------- d-----w- C:\Program Files (x86)\McAfee
    2011-01-20 03:18:25 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
    2011-01-20 03:07:36 -------- d-----w- C:\Users\Brian\AppData\Roaming\Malwarebytes
    2011-01-20 03:06:31 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-01-20 03:06:31 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-01-20 03:06:28 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-01-20 03:06:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-01-18 11:17:31 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{A737006A-BA3C-4DAA-97E3-991531DE6B87}\mpengine.dll
    2011-01-11 22:58:20 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
    2011-01-11 22:58:20 720896 ----a-w- C:\Windows\System32\odbc32.dll
    2011-01-11 22:58:20 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
    2011-01-11 22:58:20 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
    2011-01-11 22:58:20 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
    2011-01-11 22:58:20 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
    2011-01-11 22:58:20 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
    2011-01-11 22:58:20 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
    2011-01-11 22:58:20 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
    2011-01-11 22:58:20 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
    2011-01-09 18:01:27 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2011-01-09 17:40:52 -------- d-----w- C:\Program Files (x86)\Motorola
    2011-01-09 17:40:22 -------- d-----w- C:\Program Files\Common Files\Motorola Shared
    2011-01-08 01:49:34 795752 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll
    2011-01-08 01:49:28 6143080 ----a-w- C:\Windows\System32\nvcpl.dll
    2011-01-08 01:49:10 3156072 ----a-w- C:\Windows\System32\nvsvc64.dll
    2011-01-08 01:48:58 61032 ----a-w- C:\Windows\System32\nvshext.dll
    2011-01-08 01:48:58 117864 ----a-w- C:\Windows\System32\nvmctray.dll
    2011-01-08 01:48:58 1005160 ----a-w- C:\Windows\System32\nvvsvc.exe

    ==================== Find3M ====================

    2010-12-11 11:05:43 327680 ----a-w- C:\Users\Brian\AppData\Roaming\Adobe.exe
    2010-11-18 02:01:07 464 ----a-w- C:\Windows\SysWow64\ealregsnapshot1.reg
    2010-11-12 23:53:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

    ============= FINISH: 11:52:18.54 ===============


    ===========================================================


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/27/2010 4:38:35 PM
    System Uptime: 2/4/2011 11:36:31 AM (0 hours ago)

    Motherboard: EVGA | | EVGA P55 SLI LE E653
    Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz | CPU 1 | 3362/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 466 GiB total, 363.551 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP120: 1/30/2011 9:46:40 PM - Installed DirectX
    RP121: 2/3/2011 10:40:46 AM - Installed RIFT
    RP122: 2/4/2011 11:27:55 AM - Removed MotoConnect

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.1
    Alien Swarm
    Bloodline Champions
    Brother HL-2170W
    Curse Client
    Definition update for Microsoft Office 2010 (KB982726)
    Disciples III: Renaissance
    Divinity II - The Dragon Knight Saga
    DivX Setup
    eReg
    EVGA Precision 1.9.6
    Global Agenda - Demo
    Google Chrome
    Java Auto Updater
    Java(TM) 6 Update 23
    League of Legends
    Malwarebytes' Anti-Malware
    McAfee Agent
    McAfee AntiSpyware Enterprise Module
    McAfee VirusScan Enterprise
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft XNA Framework Redistributable 3.1
    Monday Night Combat
    Mozilla Firefox (3.6.8)
    Mozilla Thunderbird (3.1.7)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NJStar Japanese WP
    NVIDIA Performance
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    NVIDIA System Monitor
    NVIDIA System Update
    OpenAL
    Pando Media Booster
    Pidgin
    Razer Naga
    RIFT
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft Publisher 2010 (KB2409055)
    Security Update for Microsoft Word 2010 (KB2345000)
    Steam
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2413186)
    Update for Microsoft OneNote 2010 (KB2433299)
    Update for Microsoft Outlook Social Connector (KB2289116)
    VC80CRTRedist - 8.0.50727.4053
    Ventrilo Client
    Visual C++ 8.0 Runtime Setup Package (x64)
    World of Warcraft
    Z Engine

    ==== Event Viewer Messages From Past Week ========

    2/4/2011 11:35:06 AM, Error: Service Control Manager [7034] - The McAfee Framework Service service terminated unexpectedly. It has done this 1 time(s).
    2/4/2011 11:28:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MotoConnect Service service.
    2/1/2011 9:01:38 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    1/28/2011 7:55:27 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    1/28/2011 7:52:02 PM, Error: Application Popup [1060] - \??\C:\Users\Brian\AppData\Local\Temp\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    1/28/2011 7:35:52 PM, Error: Service Control Manager [7034] - The McAfee Engine Service service terminated unexpectedly. It has done this 1 time(s).
    1/28/2011 5:01:44 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    1/28/2011 5:01:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/28/2011 5:01:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    1/28/2011 5:01:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    1/28/2011 5:01:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    1/28/2011 5:01:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/28/2011 5:01:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    1/28/2011 5:01:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache mfehidk mfetdik NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
    1/28/2011 5:01:29 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/28/2011 5:01:28 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/28/2011 5:01:28 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/28/2011 5:01:28 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    1/28/2011 5:01:28 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/28/2011 5:01:28 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/28/2011 5:01:28 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    1/28/2011 5:01:28 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/28/2011 5:01:28 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/28/2011 5:01:28 PM, Error: Service Control Manager [7001] - The MotoConnect Service service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
    1/28/2011 5:01:28 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
    1/28/2011 5:01:28 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/28/2011 5:01:28 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/28/2011 5:01:28 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/28/2011 5:01:08 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .

    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. Twiggyskulls

    Twiggyskulls TS Rookie Topic Starter Posts: 26

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Ultimate Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: EVGA
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer:
    System Product Name:
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 155):
    0x02A53000 \SystemRoot\system32\ntoskrnl.exe
    0x02A0A000 \SystemRoot\system32\hal.dll
    0x00BD0000 \SystemRoot\system32\kdcom.dll
    0x00CB9000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00CFD000 \SystemRoot\system32\PSHED.dll
    0x00D11000 \SystemRoot\system32\CLFS.SYS
    0x00E5B000 \SystemRoot\system32\CI.dll
    0x00F1B000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00FBF000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x01048000 \SystemRoot\System32\Drivers\spqj.sys
    0x0116E000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x01177000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x011A6000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x01000000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x0100A000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
    0x01017000 \SystemRoot\System32\drivers\partmgr.sys
    0x0102C000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00D6F000 \SystemRoot\System32\drivers\volmgrx.sys
    0x01041000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x00E33000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00FCE000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00FE8000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x00DCB000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x00FF1000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x00C00000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00E43000 \SystemRoot\system32\drivers\fileinfo.sys
    0x0121C000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x00C4C000 \SystemRoot\System32\Drivers\msrpc.sys
    0x013BF000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01401000 \SystemRoot\System32\Drivers\cng.sys
    0x01474000 \SystemRoot\System32\drivers\pcw.sys
    0x01485000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x0148F000 \SystemRoot\system32\drivers\ndis.sys
    0x01581000 \SystemRoot\system32\drivers\NETIO.SYS
    0x016DA000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01803000 \SystemRoot\System32\drivers\tcpip.sys
    0x01705000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x0174F000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x0175F000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x017AB000 \SystemRoot\System32\Drivers\spldr.sys
    0x017B3000 \SystemRoot\System32\drivers\rdyboost.sys
    0x017ED000 \SystemRoot\System32\Drivers\mup.sys
    0x01600000 \SystemRoot\system32\drivers\mfehidk.sys
    0x01671000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x0167A000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x016B4000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01AD5000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x01B3B000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x01B65000 \SystemRoot\System32\Drivers\Null.SYS
    0x01B6E000 \SystemRoot\System32\Drivers\Beep.SYS
    0x01B75000 \SystemRoot\System32\drivers\vga.sys
    0x01B83000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x01BA8000 \SystemRoot\System32\drivers\watchdog.sys
    0x01BB8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x01BC1000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x01BCA000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x01BD3000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x01BDE000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x01A00000 \SystemRoot\system32\drivers\mfetdik.sys
    0x01A13000 \SystemRoot\system32\drivers\TDI.SYS
    0x01A20000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x01A3E000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02EEF000 \SystemRoot\system32\drivers\afd.sys
    0x02F79000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02F82000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02FA8000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x02FB7000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x02FD2000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x02E00000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x02E51000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x02E5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x02E68000 \SystemRoot\System32\drivers\discache.sys
    0x03E2A000 \SystemRoot\system32\drivers\csc.sys
    0x03EAD000 \SystemRoot\System32\Drivers\dfsc.sys
    0x03ECB000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x03EDC000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x03F02000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x10053000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x10CAE000 \SystemRoot\System32\Drivers\nvBridge.kmd
    0x10CB0000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x10DA4000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x10DEA000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03F18000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x10000000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x03F6E000 \SystemRoot\system32\DRIVERS\yk62x64.sys
    0x02E77000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x10024000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x1002D000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x1003D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x03FD1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x03E00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x02EB5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x03E0C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x01A83000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x02FE6000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x03FF5000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x01AA4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x01AB3000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x10DFB000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x046EB000 \SystemRoot\system32\DRIVERS\ks.sys
    0x0472E000 \SystemRoot\system32\DRIVERS\nvoclk64.sys
    0x0473E000 \SystemRoot\system32\drivers\WmBEnum.sys
    0x04743000 \SystemRoot\system32\drivers\WmXlCore.sys
    0x04755000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x04767000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x047C1000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x04600000 \SystemRoot\system32\drivers\HdAudio.sys
    0x0465C000 \SystemRoot\system32\drivers\portcls.sys
    0x04699000 \SystemRoot\system32\drivers\drmk.sys
    0x046BB000 \SystemRoot\system32\drivers\ksthunk.sys
    0x046C1000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x046CF000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x046DB000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x047D6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x01B05000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x047E9000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x015E1000 \SystemRoot\system32\drivers\usbaudio.sys
    0x047EB000 \SystemRoot\system32\drivers\skfiltv.sys
    0x01B22000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x013D9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x02EE4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x01BEF000 \SystemRoot\system32\DRIVERS\Alpham164.sys
    0x047F8000 \SystemRoot\system32\DRIVERS\Alpham264.sys
    0x01AC2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x016CA000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x01200000 \SystemRoot\system32\DRIVERS\RzSynapse.sys
    0x000A0000 \SystemRoot\System32\win32k.sys
    0x013F2000 \SystemRoot\System32\drivers\Dxapi.sys
    0x00CAA000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x005B0000 \SystemRoot\System32\TSDDD.dll
    0x00740000 \SystemRoot\System32\cdd.dll
    0x05C60000 \SystemRoot\system32\drivers\luafv.sys
    0x05C83000 \SystemRoot\system32\drivers\WudfPf.sys
    0x05CA4000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x05CB9000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x05CD1000 \SystemRoot\system32\drivers\HTTP.sys
    0x05D99000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x05DB7000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x05DCF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x05C00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x064E2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x06505000 \SystemRoot\system32\drivers\peauth.sys
    0x065AB000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x065B6000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x065E3000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x06400000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x06C2C000 \SystemRoot\System32\DRIVERS\srv.sys
    0x06CD9000 \SystemRoot\system32\drivers\mfeavfk.sys
    0x06CF5000 \??\C:\Program Files (x86)\EVGA Precision\RTCore64.sys
    0x06D6C000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x77B70000 \Windows\System32\ntdll.dll
    0x47630000 \Windows\System32\smss.exe
    0xFFE90000 \Windows\System32\apisetschema.dll
    0xFF4D0000 \Windows\System32\autochk.exe

    Processes (total 65):
    0 System Idle Process
    4 System
    340 C:\Windows\System32\smss.exe
    432 csrss.exe
    508 C:\Windows\System32\wininit.exe
    536 csrss.exe
    568 C:\Windows\System32\services.exe
    596 C:\Windows\System32\lsass.exe
    604 C:\Windows\System32\lsm.exe
    720 C:\Windows\System32\winlogon.exe
    740 C:\Windows\System32\svchost.exe
    816 C:\Windows\System32\nvvsvc.exe
    856 C:\Windows\System32\svchost.exe
    960 C:\Windows\System32\svchost.exe
    992 C:\Windows\System32\svchost.exe
    136 C:\Windows\System32\svchost.exe
    524 C:\Windows\System32\svchost.exe
    1084 C:\Windows\System32\svchost.exe
    1204 C:\Windows\System32\spoolsv.exe
    1232 C:\Windows\System32\svchost.exe
    1352 C:\Windows\System32\svchost.exe
    1376 C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
    1416 C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
    1588 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    1600 C:\Windows\System32\nvvsvc.exe
    1756 C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
    1824 C:\Windows\System32\mfevtps.exe
    1872 naPrdMgr.exe
    1960 C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
    2020 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    1040 C:\Windows\System32\svchost.exe
    1436 C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
    1664 C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
    1476 mfeann.exe
    1516 C:\Windows\System32\conhost.exe
    2480 C:\Windows\System32\taskhost.exe
    2528 C:\Windows\System32\dwm.exe
    2544 C:\Windows\System32\taskeng.exe
    2612 C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
    2636 C:\Windows\explorer.exe
    3068 C:\Users\Brian\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    2732 C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
    2876 C:\Program Files (x86)\Razer\Naga\NagaTray.exe
    2928 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    1440 C:\Users\Brian\AppData\Local\Apps\2.0\AVZHOJYN.37A\EA5GLQGW.RRZ\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe
    3044 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    348 C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
    368 C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
    3276 C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe

    ========================================================


    ComboFix 11-01-31.02 - Brian 02/04/2011 14:16:44.4.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4087.2661 [GMT -5:00]
    Running from: c:\users\Brian\Desktop\ComboFix.exe
    AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2011-01-04 to 2011-02-04 )))))))))))))))))))))))))))))))
    .

    2011-02-04 19:20 . 2011-02-04 19:20 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-03 15:41 . 2011-02-04 17:59 -------- d-----w- c:\users\Brian\AppData\Roaming\RIFT
    2011-02-03 15:41 . 2011-02-04 17:46 -------- d-----w- c:\program files (x86)\RIFT Beta
    2011-01-31 02:47 . 2011-01-31 02:47 -------- d--h--r- c:\users\Brian\AppData\Roaming\SecuROM
    2011-01-31 02:46 . 2011-01-31 02:49 -------- d-----w- c:\users\Brian\AppData\Local\Divinity 2
    2011-01-31 02:46 . 2011-01-31 02:46 -------- d-----w- c:\programdata\Divinity 2
    2011-01-21 04:31 . 2011-01-21 04:31 -------- d-----w- c:\program files (x86)\Stunlock Studios
    2011-01-21 04:30 . 2011-01-21 04:30 -------- d-----w- c:\program files (x86)\Microsoft XNA
    2011-01-20 03:19 . 2010-03-26 01:07 23864 ----a-w- c:\program files (x86)\Mozilla Firefox\components\Scriptff.dll
    2011-01-20 03:19 . 2010-03-26 01:07 78896 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-01-20 03:19 . 2010-03-26 01:07 97576 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-01-20 03:19 . 2010-03-26 01:07 120096 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-01-20 03:19 . 2010-03-26 01:07 84424 ----a-w- c:\windows\system32\drivers\mfetdik.sys
    2011-01-20 03:19 . 2010-03-26 01:07 79504 ----a-w- c:\windows\system32\mfevtps.exe
    2011-01-20 03:19 . 2010-03-26 01:07 469400 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-01-20 03:18 . 2011-01-20 03:18 -------- d-----w- c:\program files (x86)\Common Files\Cisco Systems
    2011-01-20 03:18 . 2011-01-20 03:19 -------- d-----w- c:\programdata\McAfee
    2011-01-20 03:18 . 2011-01-20 03:18 -------- d-----w- c:\program files (x86)\McAfee
    2011-01-20 03:18 . 2011-01-20 03:18 -------- d-----w- c:\program files (x86)\Common Files\McAfee
    2011-01-20 03:07 . 2011-01-20 03:07 -------- d-----w- c:\users\Brian\AppData\Roaming\Malwarebytes
    2011-01-20 03:06 . 2011-01-20 03:06 -------- d-----w- c:\programdata\Malwarebytes
    2011-01-20 03:06 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-01-20 03:06 . 2011-01-20 03:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-01-20 03:06 . 2010-12-20 23:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-18 11:17 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A737006A-BA3C-4DAA-97E3-991531DE6B87}\mpengine.dll
    2011-01-11 22:58 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
    2011-01-11 22:58 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
    2011-01-11 22:58 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
    2011-01-11 22:58 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2011-01-11 22:58 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
    2011-01-11 22:58 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
    2011-01-11 22:58 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
    2011-01-11 22:58 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
    2011-01-11 22:58 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
    2011-01-11 22:58 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
    2011-01-09 18:01 . 2011-01-09 18:01 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2011-01-09 17:40 . 2011-01-09 17:40 -------- d-----w- c:\program files (x86)\Motorola
    2011-01-09 17:40 . 2011-01-09 17:40 -------- d-----w- c:\program files\Common Files\Motorola Shared
    2011-01-08 01:49 . 2011-01-08 01:49 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
    2011-01-08 01:49 . 2011-01-08 01:49 6143080 ----a-w- c:\windows\system32\nvcpl.dll
    2011-01-08 01:49 . 2011-01-08 01:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll
    2011-01-08 01:48 . 2011-01-08 01:48 61032 ----a-w- c:\windows\system32\nvshext.dll
    2011-01-08 01:48 . 2011-01-08 01:48 117864 ----a-w- c:\windows\system32\nvmctray.dll
    2011-01-08 01:48 . 2011-01-08 01:48 1005160 ----a-w- c:\windows\system32\nvvsvc.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-11 11:05 . 2010-12-11 11:05 327680 ----a-w- c:\users\Brian\AppData\Roaming\Adobe.exe
    2010-11-18 02:01 . 2010-11-18 02:01 464 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
    2010-11-12 23:53 . 2010-09-23 01:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-27 136176]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2010-11-16 1242448]
    "Adobe.exe"="c:\users\Brian\AppData\Roaming\Adobe.exe" [2010-12-11 327680]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "Zboard"="c:\program files (x86)\Ideazon\ZEngine\Zboard.exe" [2009-06-04 57344]
    "BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
    "Razer Naga Driver"="c:\program files (x86)\Razer\Naga\NagaTray.exe" [2010-05-11 810880]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
    "McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
    "ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-03-26 124224]

    c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CurseClientStartup.ccip [2010-9-3 0]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
    @="Service"

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
    R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\Legend of Edda\GameGuard\dump_wmimmc.sys [x]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-03-26 78896]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 20992]
    R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
    R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
    R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-26 10240]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-29 1255736]
    R3 X6va002;X6va002;c:\users\Brian\AppData\Local\Temp\002F52C.tmp [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-11 834544]
    S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-03-26 20792]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-03-26 79504]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
    S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
    S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys [2010-08-11 14440]
    S3 RzSynapse;Razer Naga Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2010-04-21 73216]
    S3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-08-14 24064]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1365112199-3682941248-1621301289-1001Core.job
    - c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-27 20:46]

    2011-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1365112199-3682941248-1621301289-1001UA.job
    - c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-27 20:46]
    .

    --------- x86-64 -----------

    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\2g6ao8s6.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va002]
    "ImagePath"="\??\c:\users\Brian\AppData\Local\Temp\002F52C.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1365112199-3682941248-1621301289-1001\Software\SecuROM\License information*]
    "datasecu"=hex:c1,c2,95,f4,84,74,2b,12,2e,63,e2,8c,51,ae,dc,00,9d,3b,56,79,0b,
    71,3e,e2,58,79,42,b7,c8,3b,5c,29,72,b5,02,82,3f,cc,92,78,99,c9,c8,e8,ac,79,\
    "rkeysecu"=hex:de,1d,29,57,c9,b2,ae,42,dc,39,15,5a,ea,4e,5b,3d

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

    [HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-02-04 14:21:26
    ComboFix-quarantined-files.txt 2011-02-04 19:21

    Pre-Run: 389,955,592,192 bytes free
    Post-Run: 389,925,294,080 bytes free

    - - End Of File - - 8F76472291D4A495970D580C089613CE
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    MBRCheck log is incomplete.
    Please, repost it.
     
  5. Twiggyskulls

    Twiggyskulls TS Rookie Topic Starter Posts: 26

    Sorry, here is the completed file. I wasn't sure if it had ran through cause it was just sitting at a screen without a prompt for a while the first time.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Ultimate Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: EVGA
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer:
    System Product Name:
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 156):
    0x02A53000 \SystemRoot\system32\ntoskrnl.exe
    0x02A0A000 \SystemRoot\system32\hal.dll
    0x00BD0000 \SystemRoot\system32\kdcom.dll
    0x00CB9000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00CFD000 \SystemRoot\system32\PSHED.dll
    0x00D11000 \SystemRoot\system32\CLFS.SYS
    0x00E5B000 \SystemRoot\system32\CI.dll
    0x00F1B000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00FBF000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x01048000 \SystemRoot\System32\Drivers\spqj.sys
    0x0116E000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x01177000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x011A6000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x01000000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x0100A000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
    0x01017000 \SystemRoot\System32\drivers\partmgr.sys
    0x0102C000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00D6F000 \SystemRoot\System32\drivers\volmgrx.sys
    0x01041000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x00E33000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00FCE000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00FE8000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x00DCB000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x00FF1000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x00C00000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00E43000 \SystemRoot\system32\drivers\fileinfo.sys
    0x0121C000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x00C4C000 \SystemRoot\System32\Drivers\msrpc.sys
    0x013BF000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01401000 \SystemRoot\System32\Drivers\cng.sys
    0x01474000 \SystemRoot\System32\drivers\pcw.sys
    0x01485000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x0148F000 \SystemRoot\system32\drivers\ndis.sys
    0x01581000 \SystemRoot\system32\drivers\NETIO.SYS
    0x016DA000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01803000 \SystemRoot\System32\drivers\tcpip.sys
    0x01705000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x0174F000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x0175F000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x017AB000 \SystemRoot\System32\Drivers\spldr.sys
    0x017B3000 \SystemRoot\System32\drivers\rdyboost.sys
    0x017ED000 \SystemRoot\System32\Drivers\mup.sys
    0x01600000 \SystemRoot\system32\drivers\mfehidk.sys
    0x01671000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x0167A000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x016B4000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01AD5000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x01B3B000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x01B65000 \SystemRoot\System32\Drivers\Null.SYS
    0x01B6E000 \SystemRoot\System32\Drivers\Beep.SYS
    0x01B75000 \SystemRoot\System32\drivers\vga.sys
    0x01B83000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x01BA8000 \SystemRoot\System32\drivers\watchdog.sys
    0x01BB8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x01BC1000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x01BCA000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x01BD3000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x01BDE000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x01A00000 \SystemRoot\system32\drivers\mfetdik.sys
    0x01A13000 \SystemRoot\system32\drivers\TDI.SYS
    0x01A20000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x01A3E000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02EEF000 \SystemRoot\system32\drivers\afd.sys
    0x02F79000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02F82000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02FA8000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x02FB7000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x02FD2000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x02E00000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x02E51000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x02E5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x02E68000 \SystemRoot\System32\drivers\discache.sys
    0x03E2A000 \SystemRoot\system32\drivers\csc.sys
    0x03EAD000 \SystemRoot\System32\Drivers\dfsc.sys
    0x03ECB000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x03EDC000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x03F02000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x10053000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x10CAE000 \SystemRoot\System32\Drivers\nvBridge.kmd
    0x10CB0000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x10DA4000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x10DEA000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03F18000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x10000000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x03F6E000 \SystemRoot\system32\DRIVERS\yk62x64.sys
    0x02E77000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x10024000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x1002D000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x1003D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x03FD1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x03E00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x02EB5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x03E0C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x01A83000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x02FE6000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x03FF5000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x01AA4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x01AB3000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x10DFB000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x046EB000 \SystemRoot\system32\DRIVERS\ks.sys
    0x0472E000 \SystemRoot\system32\DRIVERS\nvoclk64.sys
    0x0473E000 \SystemRoot\system32\drivers\WmBEnum.sys
    0x04743000 \SystemRoot\system32\drivers\WmXlCore.sys
    0x04755000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x04767000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x047C1000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x04600000 \SystemRoot\system32\drivers\HdAudio.sys
    0x0465C000 \SystemRoot\system32\drivers\portcls.sys
    0x04699000 \SystemRoot\system32\drivers\drmk.sys
    0x046BB000 \SystemRoot\system32\drivers\ksthunk.sys
    0x046C1000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x046CF000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x046DB000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x047D6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x01B05000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x047E9000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x015E1000 \SystemRoot\system32\drivers\usbaudio.sys
    0x047EB000 \SystemRoot\system32\drivers\skfiltv.sys
    0x01B22000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x013D9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x02EE4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x01BEF000 \SystemRoot\system32\DRIVERS\Alpham164.sys
    0x047F8000 \SystemRoot\system32\DRIVERS\Alpham264.sys
    0x01AC2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x016CA000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x01200000 \SystemRoot\system32\DRIVERS\RzSynapse.sys
    0x000A0000 \SystemRoot\System32\win32k.sys
    0x013F2000 \SystemRoot\System32\drivers\Dxapi.sys
    0x00CAA000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x005B0000 \SystemRoot\System32\TSDDD.dll
    0x00740000 \SystemRoot\System32\cdd.dll
    0x05C60000 \SystemRoot\system32\drivers\luafv.sys
    0x05C83000 \SystemRoot\system32\drivers\WudfPf.sys
    0x05CA4000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x05CB9000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x05CD1000 \SystemRoot\system32\drivers\HTTP.sys
    0x05D99000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x05DB7000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x05DCF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x05C00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x064E2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x06505000 \SystemRoot\system32\drivers\peauth.sys
    0x065AB000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x065B6000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x065E3000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x06400000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x06C2C000 \SystemRoot\System32\DRIVERS\srv.sys
    0x06CD9000 \SystemRoot\system32\drivers\mfeavfk.sys
    0x06CF5000 \??\C:\Program Files (x86)\EVGA Precision\RTCore64.sys
    0x06D6C000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x06D77000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
    0x77B70000 \Windows\System32\ntdll.dll
    0x47630000 \Windows\System32\smss.exe
    0xFFE90000 \Windows\System32\apisetschema.dll
    0xFF4D0000 \Windows\System32\autochk.exe

    Processes (total 62):
    0 System Idle Process
    4 System
    340 C:\Windows\System32\smss.exe
    432 csrss.exe
    508 C:\Windows\System32\wininit.exe
    536 csrss.exe
    568 C:\Windows\System32\services.exe
    596 C:\Windows\System32\lsass.exe
    604 C:\Windows\System32\lsm.exe
    720 C:\Windows\System32\winlogon.exe
    740 C:\Windows\System32\svchost.exe
    816 C:\Windows\System32\nvvsvc.exe
    856 C:\Windows\System32\svchost.exe
    960 C:\Windows\System32\svchost.exe
    992 C:\Windows\System32\svchost.exe
    136 C:\Windows\System32\svchost.exe
    524 C:\Windows\System32\svchost.exe
    1084 C:\Windows\System32\svchost.exe
    1204 C:\Windows\System32\spoolsv.exe
    1232 C:\Windows\System32\svchost.exe
    1352 C:\Windows\System32\svchost.exe
    1376 C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
    1416 C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
    1588 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    1600 C:\Windows\System32\nvvsvc.exe
    1756 C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
    1824 C:\Windows\System32\mfevtps.exe
    1872 naPrdMgr.exe
    1960 C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
    2020 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    1040 C:\Windows\System32\svchost.exe
    1436 C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
    1664 C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
    1476 mfeann.exe
    1516 C:\Windows\System32\conhost.exe
    2480 C:\Windows\System32\taskhost.exe
    2528 C:\Windows\System32\dwm.exe
    2544 C:\Windows\System32\taskeng.exe
    2612 C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
    2636 C:\Windows\explorer.exe
    3068 C:\Users\Brian\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    2732 C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
    2928 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    1440 C:\Users\Brian\AppData\Local\Apps\2.0\AVZHOJYN.37A\EA5GLQGW.RRZ\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe
    3044 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    348 C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
    368 C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
    3428 C:\Windows\System32\SearchIndexer.exe
    3800 C:\Windows\System32\svchost.exe
    4360 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4964 C:\Windows\System32\svchost.exe
    4624 C:\Windows\System32\taskhost.exe
    4488 C:\Windows\System32\audiodg.exe
    4460 C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
    3668 C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
    440 C:\Program Files (x86)\Pidgin\pidgin.exe
    3420 C:\Program Files (x86)\Ventrilo\Ventrilo.exe
    3412 C:\Windows\SysWOW64\dllhost.exe
    2760 C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
    940 C:\Users\Brian\Desktop\MBRCheck.exe
    1424 C:\Windows\System32\conhost.exe
    1564 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD5000AAKS-00V1A0, Rev: 05.01D05

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!
     
  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Both logs look fine.

    Still same issue?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  7. Twiggyskulls

    Twiggyskulls TS Rookie Topic Starter Posts: 26

    After running OTL, the problem still persists...

    OTL logfile created on: 2/4/2011 5:26:11 PM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Brian\Desktop
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
    8.00 Gb Paging File | 7.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): c:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 363.19 Gb Free Space | 77.99% Space Free | Partition Type: NTFS

    Computer Name: BRIAN-PC | User Name: Brian | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/02/04 16:09:50 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
    PRC - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2010/10/17 14:52:06 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Brian\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    PRC - [2010/09/16 15:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/08/10 20:55:22 | 000,302,184 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
    PRC - [2010/03/25 20:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
    PRC - [2010/03/25 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
    PRC - [2009/08/25 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
    PRC - [2009/08/25 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
    PRC - [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
    PRC - [2009/06/04 17:56:20 | 000,057,344 | ---- | M] (Ideazon, Inc.) -- C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/02/04 16:09:50 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
    MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/03/25 20:07:00 | 000,079,504 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2011/01/10 22:36:35 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/03/25 20:07:00 | 000,180,968 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield)
    SRV - [2010/03/25 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
    SRV - [2010/03/25 20:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe -- (McAfeeEngineService)
    SRV - [2010/03/22 08:17:24 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/19 14:59:00 | 003,595,660 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
    SRV - [2009/11/06 12:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
    SRV - [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2010/12/11 05:44:00 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2010/04/27 15:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
    DRV:64bit: - [2010/04/27 15:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
    DRV:64bit: - [2010/04/27 13:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
    DRV:64bit: - [2010/04/27 13:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
    DRV:64bit: - [2010/04/21 14:59:16 | 000,073,216 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
    DRV:64bit: - [2010/04/01 14:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
    DRV:64bit: - [2010/03/25 20:07:00 | 000,469,400 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
    DRV:64bit: - [2010/03/25 20:07:00 | 000,120,096 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
    DRV:64bit: - [2010/03/25 20:07:00 | 000,097,576 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
    DRV:64bit: - [2010/03/25 20:07:00 | 000,084,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
    DRV:64bit: - [2010/03/25 20:07:00 | 000,078,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
    DRV:64bit: - [2010/03/18 04:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2010/03/18 04:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2010/01/25 19:57:54 | 000,010,240 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
    DRV:64bit: - [2009/10/27 12:10:18 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
    DRV:64bit: - [2009/09/15 13:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/19 17:07:44 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
    DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/01/29 17:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
    DRV:64bit: - [2009/01/29 17:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
    DRV:64bit: - [2008/08/14 05:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv)
    DRV:64bit: - [2007/11/02 15:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
    DRV:64bit: - [2007/07/23 09:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham164.sys -- (Alpham1)
    DRV:64bit: - [2007/03/20 11:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham264.sys -- (Alpham2)
    DRV - [2010/08/10 20:55:22 | 000,014,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\EVGA Precision\RTCore64.sys -- (RTCore64)
    DRV - [2004/12/29 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1365112199-3682941248-1621301289-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-1365112199-3682941248-1621301289-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 E1 18 93 54 BF CB 01 [binary data]
    IE - HKU\S-1-5-21-1365112199-3682941248-1621301289-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/01/19 22:19:59 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/19 23:44:01 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/12/09 21:26:47 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010/11/19 23:44:01 | 000,000,000 | ---D | M]

    [2010/07/27 17:44:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Extensions
    [2010/07/27 16:03:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2011/01/28 19:30:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\2g6ao8s6.default\extensions
    [2011/01/28 20:08:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/09/22 20:40:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/03 16:21:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/01/27 22:39:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2010/03/25 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
    [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
    O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
    O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\NagaTray.exe (Razer USA Ltd)
    O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
    O4 - HKLM..\Run: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.)
    O4 - HKU\S-1-5-21-1365112199-3682941248-1621301289-1001..\Run: [Adobe.exe] C:\Users\Brian\AppData\Roaming\Adobe.exe (Adobe Corporation)
    O4 - HKU\S-1-5-21-1365112199-3682941248-1621301289-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O4 - Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1365112199-3682941248-1621301289-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1365112199-3682941248-1621301289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1365112199-3682941248-1621301289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.200.1
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
    Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/02/04 16:09:47 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
    [2011/02/04 14:59:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/02/04 14:21:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/02/04 14:16:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/02/04 14:16:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/02/04 14:16:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/02/04 14:15:59 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/02/04 14:15:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/02/04 11:33:07 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Brian\Desktop\TFC.exe
    [2011/02/04 11:21:42 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
    [2011/02/04 11:21:42 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
    [2011/02/04 10:45:47 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    [2011/02/03 10:41:24 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\RIFT
    [2011/02/03 10:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIFT
    [2011/02/03 10:41:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RIFT Beta
    [2011/01/30 21:47:45 | 000,000,000 | RH-D | C] -- C:\Users\Brian\AppData\Roaming\SecuROM
    [2011/01/30 21:46:36 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\Divinity 2
    [2011/01/30 21:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Divinity 2
    [2011/01/27 22:24:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/01/20 23:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodline Champions
    [2011/01/20 23:31:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stunlock Studios
    [2011/01/20 23:30:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
    [2011/01/19 22:19:58 | 000,078,896 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
    [2011/01/19 22:19:56 | 000,120,096 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
    [2011/01/19 22:19:56 | 000,097,576 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeapfk.sys
    [2011/01/19 22:19:55 | 000,084,424 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfetdik.sys
    [2011/01/19 22:19:54 | 000,469,400 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfehidk.sys
    [2011/01/19 22:19:54 | 000,079,504 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
    [2011/01/19 22:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2011/01/19 22:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco Systems
    [2011/01/19 22:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2011/01/19 22:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
    [2011/01/19 22:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
    [2011/01/19 22:07:36 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\Malwarebytes
    [2011/01/19 22:06:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/01/19 22:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/01/19 22:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/01/19 22:06:28 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/01/19 22:06:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/01/09 13:01:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
    [2011/01/09 12:40:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola
    [2011/01/09 12:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
    [2010/12/11 06:05:43 | 000,327,680 | ---- | C] (Adobe Corporation) -- C:\Users\Brian\AppData\Roaming\Adobe.exe

    ========== Files - Modified Within 30 Days ==========

    [2011/02/04 16:57:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1365112199-3682941248-1621301289-1001UA.job
    [2011/02/04 16:09:50 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
    [2011/02/04 15:57:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1365112199-3682941248-1621301289-1001Core.job
    [2011/02/04 14:11:52 | 004,263,406 | R--- | M] () -- C:\Users\Brian\Desktop\ComboFix.exe
    [2011/02/04 12:06:33 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/02/04 12:06:33 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/02/04 12:05:22 | 000,730,384 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/02/04 12:05:22 | 000,626,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/02/04 12:05:22 | 000,107,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/02/04 11:58:47 | 000,000,105 | ---- | M] () -- C:\Windows\Brownie.ini
    [2011/02/04 11:58:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/02/04 11:58:27 | 3214,237,696 | -HS- | M] () -- C:\hiberfil.sys
    [2011/02/04 11:40:34 | 000,624,128 | ---- | M] () -- C:\Users\Brian\Desktop\dds.scr
    [2011/02/04 11:34:15 | 000,296,448 | ---- | M] () -- C:\Users\Brian\Desktop\7cesb1hr.exe
    [2011/02/04 11:33:09 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\TFC.exe
    [2011/02/04 11:31:05 | 000,080,384 | ---- | M] () -- C:\Users\Brian\Desktop\MBRCheck.exe
    [2011/02/03 10:42:09 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\Play RIFT Beta.lnk
    [2011/01/24 12:43:47 | 000,013,280 | ---- | M] () -- C:\Users\Brian\Desktop\Previous Employers.docx
    [2011/01/19 22:06:31 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/01/14 17:17:47 | 000,378,368 | ---- | M] () -- C:\Users\Brian\Desktop\HelpDesk Winter Schedule 2010-2011.xls
    [2011/01/09 12:42:49 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
    [2011/01/09 12:42:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
    [2011/01/09 12:42:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motmodem_01007.Wdf
    [2011/01/09 12:41:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
    [2011/01/09 12:41:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
    [2011/01/09 12:41:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motusbdevice_01007.Wdf
    [2011/01/07 22:27:00 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
    [2011/01/07 22:27:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
    [2011/01/07 22:27:00 | 000,007,621 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb

    ========== Files Created - No Company Name ==========

    [2011/02/04 14:16:09 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/02/04 14:16:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/02/04 14:16:09 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/02/04 14:16:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/02/04 14:16:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/02/04 14:11:38 | 004,263,406 | R--- | C] () -- C:\Users\Brian\Desktop\ComboFix.exe
    [2011/02/04 11:40:29 | 000,624,128 | ---- | C] () -- C:\Users\Brian\Desktop\dds.scr
    [2011/02/04 11:34:13 | 000,296,448 | ---- | C] () -- C:\Users\Brian\Desktop\7cesb1hr.exe
    [2011/02/04 11:31:04 | 000,080,384 | ---- | C] () -- C:\Users\Brian\Desktop\MBRCheck.exe
    [2011/02/03 10:42:09 | 000,001,935 | ---- | C] () -- C:\Users\Public\Desktop\Play RIFT Beta.lnk
    [2011/01/19 22:06:31 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/01/14 17:17:40 | 000,378,368 | ---- | C] () -- C:\Users\Brian\Desktop\HelpDesk Winter Schedule 2010-2011.xls
    [2011/01/09 12:42:49 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
    [2011/01/09 12:42:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
    [2011/01/09 12:42:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motmodem_01007.Wdf
    [2011/01/09 12:41:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
    [2011/01/09 12:41:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
    [2011/01/09 12:41:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motusbdevice_01007.Wdf
    [2010/12/27 14:02:03 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2010/11/30 10:53:33 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/09/14 10:39:29 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2010/09/14 10:39:27 | 000,000,152 | ---- | C] () -- C:\Windows\BRVIDEO.INI
    [2010/09/14 10:39:27 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
    [2010/09/14 10:39:26 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2170W.INI
    [2010/09/14 10:39:26 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
    [2010/09/14 10:38:35 | 000,000,105 | ---- | C] () -- C:\Windows\Brownie.ini
    [2010/07/27 17:42:25 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2008/09/19 00:49:26 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini
    [2008/09/19 00:49:24 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini

    ========== LOP Check ==========

    [2011/02/04 17:25:44 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\.purple
    [2010/12/11 05:50:30 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\DAEMON Tools Lite
    [2011/01/01 16:54:36 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\gtk-2.0
    [2010/10/10 16:46:19 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Hi-Rez Studios
    [2010/07/27 18:27:48 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Ideazon
    [2010/09/02 12:28:50 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Leadertech
    [2010/07/27 18:35:12 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\LolClient
    [2010/11/06 15:19:55 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\NJStar
    [2011/02/04 12:59:10 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\RIFT
    [2010/07/27 16:03:17 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Thunderbird
    [2010/12/01 01:34:56 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Trillian
    [2009/07/14 00:08:49 | 000,020,120 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2011/02/04 14:21:26 | 000,017,028 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2011/02/04 11:58:27 | 3214,237,696 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2011/02/04 11:58:27 | 4285,652,992 | -HS- | M] () -- C:\pagefile.sys
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/07/27 15:45:59 | 000,000,221 | -HS- | M] () -- C:\Users\Brian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/02/04 10:56:41 | 138,895,096 | ---- | M] (NVIDIA Corporation) -- C:\Users\Brian\Desktop\266.58_desktop_win7_winvista_64bit_english_whql.exe
    [2011/02/04 11:34:15 | 000,296,448 | ---- | M] () -- C:\Users\Brian\Desktop\7cesb1hr.exe
    [2011/02/04 14:11:52 | 004,263,406 | R--- | M] () -- C:\Users\Brian\Desktop\ComboFix.exe
    [2011/02/04 11:31:05 | 000,080,384 | ---- | M] () -- C:\Users\Brian\Desktop\MBRCheck.exe
    [2011/02/04 16:09:50 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
    [2011/02/04 11:33:09 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/02/04 11:23:39 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2011/02/04 11:23:39 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2010/07/27 16:30:04 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2010/07/27 16:30:04 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2011/02/04 11:23:39 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/03 15:38:58 | 000,000,402 | -HS- | M] () -- C:\Users\Brian\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  8. Twiggyskulls

    Twiggyskulls TS Rookie Topic Starter Posts: 26

    OTL Extras logfile created on: 2/4/2011 5:26:11 PM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Brian\Desktop
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
    8.00 Gb Paging File | 7.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): c:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 363.19 Gb Free Space | 77.99% Space Free | Partition Type: NTFS

    Computer Name: BRIAN-PC | User Name: Brian | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1365112199-3682941248-1621301289-1001\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Drivers" = NVIDIA Drivers
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
    "{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{64E47A5F-B3C4-476A-9100-2D006BD1FFB4}" = Z Engine
    "{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
    "{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9F64A0D3-B0D2-4EE1-9A9D-452BD4459D09}" = Razer Naga
    "{AA951B10-7089-4D60-B288-516E641F48E6}" = McAfee Agent
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{BBCD7C60-5996-4C0A-AC3C-DBA334270B1F}" = Brother HL-2170W
    "{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "DivX Setup.divx.com" = DivX Setup
    "InstallShield_{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
    "InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
    "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
    "InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
    "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
    "Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
    "NJStar Japanese WP" = NJStar Japanese WP
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "OpenAL" = OpenAL
    "Pidgin" = Pidgin
    "Precision" = EVGA Precision 1.9.6
    "Steam App 17050" = Global Agenda - Demo
    "Steam App 33670" = Disciples III: Renaissance
    "Steam App 58540" = Divinity II - The Dragon Knight Saga
    "Steam App 630" = Alien Swarm
    "Steam App 63200" = Monday Night Combat
    "World of Warcraft" = World of Warcraft

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1365112199-3682941248-1621301289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "090215de958f1060" = Curse Client
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/9/2011 1:22:38 AM | Computer Name = Brian-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: mnc.exe, version: 1.0.5694.0, time stamp:
    0x4d12a447 Faulting module name: steam_api.dll, version: 0.89.39.43, time stamp:
    0x4c44851a Exception code: 0xc0000005 Fault offset: 0x000018ea Faulting process id:
    0xee8 Faulting application start time: 0x01cbafae1fd6d834 Faulting application path:
    c:\program files (x86)\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe
    Faulting
    module path: c:\program files (x86)\steam\steamapps\common\monday night combat\binaries\win32\steam_api.dll
    Report
    Id: 79086588-1bb0-11e0-afb8-001fbc0891bf

    Error - 1/9/2011 3:13:03 AM | Computer Name = Brian-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: mnc.exe, version: 1.0.5694.0, time stamp:
    0x4d12a447 Faulting module name: steam_api.dll, version: 0.89.39.43, time stamp:
    0x4c44851a Exception code: 0xc0000005 Fault offset: 0x000018ea Faulting process id:
    0x344 Faulting application start time: 0x01cbafbd5ac88a4b Faulting application path:
    c:\program files (x86)\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe
    Faulting
    module path: c:\program files (x86)\steam\steamapps\common\monday night combat\binaries\win32\steam_api.dll
    Report
    Id: e5b3dedc-1bbf-11e0-afb8-001fbc0891bf

    Error - 1/9/2011 4:21:35 AM | Computer Name = Brian-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: mnc.exe, version: 1.0.5694.0, time stamp:
    0x4d12a447 Faulting module name: steam_api.dll, version: 0.89.39.43, time stamp:
    0x4c44851a Exception code: 0xc0000005 Fault offset: 0x000018ea Faulting process id:
    0x390 Faulting application start time: 0x01cbafccbb6d22e0 Faulting application path:
    c:\program files (x86)\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe
    Faulting
    module path: c:\program files (x86)\steam\steamapps\common\monday night combat\binaries\win32\steam_api.dll
    Report
    Id: 78a651e4-1bc9-11e0-afb8-001fbc0891bf

    Error - 1/20/2011 1:07:33 AM | Computer Name = Brian-PC | Source = McLogEvent | ID = 259
    Description = The scan found detections. Scan engine version 5400.1158 DAT version
    6231.

    Error - 1/24/2011 5:31:37 PM | Computer Name = Brian-PC | Source = Wininit | ID = 1015
    Description = A critical system process, C:\Windows\system32\lsass.exe, failed with
    status code 1. The machine must now be restarted.

    Error - 1/28/2011 8:19:01 PM | Computer Name = Brian-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
    0x4d27c1b0 Faulting module name: chrome.dll, version: 8.0.552.237, time stamp: 0x4d27c173
    Exception
    code: 0x80000003 Fault offset: 0x000d069a Faulting process id: 0x71c Faulting application
    start time: 0x01cbbf4a169dedc8 Faulting application path: C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
    Faulting
    module path: C:\Users\Brian\AppData\Local\Google\Chrome\Application\8.0.552.237\chrome.dll
    Report
    Id: 5ed55f9a-2b3d-11e0-85f8-b174331f748c

    Error - 1/28/2011 8:30:21 PM | Computer Name = Brian-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
    0x4d27c1b0 Faulting module name: chrome.dll, version: 8.0.552.237, time stamp: 0x4d27c173
    Exception
    code: 0x80000003 Fault offset: 0x000d069a Faulting process id: 0x364 Faulting application
    start time: 0x01cbbf4bad725116 Faulting application path: C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
    Faulting
    module path: C:\Users\Brian\AppData\Local\Google\Chrome\Application\8.0.552.237\chrome.dll
    Report
    Id: f45c45fb-2b3e-11e0-85f8-b174331f748c

    Error - 1/28/2011 8:31:39 PM | Computer Name = Brian-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
    0x4d27c1b0 Faulting module name: chrome.dll, version: 8.0.552.237, time stamp: 0x4d27c173
    Exception
    code: 0x80000003 Fault offset: 0x000d069a Faulting process id: 0x470 Faulting application
    start time: 0x01cbbf4bdba6dbc6 Faulting application path: C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
    Faulting
    module path: C:\Users\Brian\AppData\Local\Google\Chrome\Application\8.0.552.237\chrome.dll
    Report
    Id: 225e72fe-2b3f-11e0-85f8-b174331f748c

    Error - 1/28/2011 8:34:55 PM | Computer Name = Brian-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
    0x4d27c1b0 Faulting module name: chrome.dll, version: 8.0.552.237, time stamp: 0x4d27c173
    Exception
    code: 0x80000003 Fault offset: 0x000d069a Faulting process id: 0x2b4 Faulting application
    start time: 0x01cbbf4c50e09ae4 Faulting application path: C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
    Faulting
    module path: C:\Users\Brian\AppData\Local\Google\Chrome\Application\8.0.552.237\chrome.dll
    Report
    Id: 9782bcf2-2b3f-11e0-85f8-b174331f748c

    Error - 2/4/2011 10:39:56 AM | Computer Name = Brian-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: Divinity2.exe, version: 1.4.9.70, time
    stamp: 0x4d060e3a Faulting module name: Divinity2.exe, version: 1.4.9.70, time stamp:
    0x4d060e3a Exception code: 0xc0000005 Fault offset: 0x00b86dfa Faulting process id:
    0x11c8 Faulting application start time: 0x01cbc4795836f01d Faulting application path:
    c:\program files (x86)\steam\steamapps\common\divinity ii - dragon knight saga\bin\Divinity2.exe
    Faulting
    module path: c:\program files (x86)\steam\steamapps\common\divinity ii - dragon
    knight saga\bin\Divinity2.exe Report Id: a22e4fbc-306c-11e0-9cd7-001fbc0891bf

    [ System Events ]
    Error - 1/28/2011 6:01:44 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 1/28/2011 8:35:52 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7034
    Description = The McAfee Engine Service service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 1/28/2011 8:39:24 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 1/28/2011 8:52:02 PM | Computer Name = Brian-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\Users\Brian\AppData\Local\Temp\catchme.sys has been blocked
    from loading due to incompatibility with this system. Please contact your software
    vendor for a compatible version of the driver.

    Error - 1/28/2011 8:55:27 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 2/1/2011 10:01:37 PM | Computer Name = Brian-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 2/1/2011 10:01:38 PM | Computer Name = Brian-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 2/4/2011 12:28:53 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the MotoConnect Service service.

    Error - 2/4/2011 12:35:06 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7034
    Description = The McAfee Framework Service service terminated unexpectedly. It
    has done this 1 time(s).

    Error - 2/4/2011 3:20:20 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.


    < End of report >
     
  9. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    OTL is just a scan. It doesn't fix anything.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
      O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
      O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
      O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Now, we'll reset your router...

    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Turn the computer off.

    On your router, you'll find a pinhole marked "Reset".
    Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
    NOTE. Simple router disconnecting from a power source will NOT do.
    Restart computer and check for redirections.

    NOTE. You may need to re-check your router security settings, as described HERE

    Still same issue?
     
  10. Twiggyskulls

    Twiggyskulls TS Rookie Topic Starter Posts: 26

    Still the same issue...


    All processes killed
    Error: Unable to interpret <O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found> in the current context!
    Error: Unable to interpret <O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found> in the current context!
    Error: Unable to interpret <O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)> in the current context!
    Error: Unable to interpret <O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found> in the current context!
    Error: Unable to interpret <O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found> in the current context!
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Brian
    ->Temp folder emptied: 222634 bytes
    ->Temporary Internet Files folder emptied: 10941660 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 120725384 bytes
    ->Flash cache emptied: 2625 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 126.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Brian
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.20.6 log created on 02042011_180630

    Files\Folders moved on Reboot...
    C:\Users\Brian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
     
  11. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    You didn't run OTL fix correctly.
    Most likely, you didn't copy my whole script, especially "a colon" in front of "OTL (1st line).
    Please, redo.

    Have you reset router yet?
     
  12. Twiggyskulls

    Twiggyskulls TS Rookie Topic Starter Posts: 26

    Here is a re-post of the script ran again. Could you explain what restarting the router might do in this case?


    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
    C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Brian
    ->Temp folder emptied: 222636 bytes
    ->Temporary Internet Files folder emptied: 13653002 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 8700223 bytes
    ->Flash cache emptied: 2418 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4713188 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 26.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Brian
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.20.6 log created on 02062011_130203

    Files\Folders moved on Reboot...
    C:\Users\Brian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
     
  13. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    That's resetting router, not restarting.
    Sometimes, router may get infected as well and it needs to be reset.
     
  14. Twiggyskulls

    Twiggyskulls TS Rookie Topic Starter Posts: 26

    Yes, i had meant resetting, not actually power cycling the router. After resetting the settings, it's still around.
     
  15. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  16. Twiggyskulls

    Twiggyskulls TS Rookie Topic Starter Posts: 26

    2011/02/06 16:14:08.0836 0724 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
    2011/02/06 16:14:09.0139 0724 ================================================================================
    2011/02/06 16:14:09.0139 0724 SystemInfo:
    2011/02/06 16:14:09.0139 0724
    2011/02/06 16:14:09.0139 0724 OS Version: 6.1.7600 ServicePack: 0.0
    2011/02/06 16:14:09.0139 0724 Product type: Workstation
    2011/02/06 16:14:09.0139 0724 ComputerName: BRIAN-PC
    2011/02/06 16:14:09.0139 0724 UserName: Brian
    2011/02/06 16:14:09.0139 0724 Windows directory: C:\Windows
    2011/02/06 16:14:09.0139 0724 System windows directory: C:\Windows
    2011/02/06 16:14:09.0139 0724 Running under WOW64
    2011/02/06 16:14:09.0139 0724 Processor architecture: Intel x64
    2011/02/06 16:14:09.0139 0724 Number of processors: 8
    2011/02/06 16:14:09.0139 0724 Page size: 0x1000
    2011/02/06 16:14:09.0139 0724 Boot type: Normal boot
    2011/02/06 16:14:09.0139 0724 ================================================================================
    2011/02/06 16:14:09.0389 0724 Initialize success
    2011/02/06 16:14:17.0805 4268 ================================================================================
    2011/02/06 16:14:17.0805 4268 Scan started
    2011/02/06 16:14:17.0805 4268 Mode: Manual;
    2011/02/06 16:14:17.0805 4268 ================================================================================
    2011/02/06 16:14:18.0841 4268 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/02/06 16:14:18.0869 4268 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/02/06 16:14:18.0887 4268 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/02/06 16:14:18.0907 4268 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/02/06 16:14:18.0933 4268 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/02/06 16:14:18.0966 4268 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/02/06 16:14:19.0005 4268 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
    2011/02/06 16:14:19.0037 4268 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    2011/02/06 16:14:19.0062 4268 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    2011/02/06 16:14:19.0103 4268 Alpham1 (b3e801135e0c81733542c14d9aa8120a) C:\Windows\system32\DRIVERS\Alpham164.sys
    2011/02/06 16:14:19.0161 4268 Alpham2 (6493983fedbc49d9112703ece9b251fe) C:\Windows\system32\DRIVERS\Alpham264.sys
    2011/02/06 16:14:19.0226 4268 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    2011/02/06 16:14:19.0241 4268 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/02/06 16:14:19.0251 4268 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/02/06 16:14:19.0267 4268 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/02/06 16:14:19.0287 4268 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/02/06 16:14:19.0310 4268 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/02/06 16:14:19.0326 4268 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    2011/02/06 16:14:19.0371 4268 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/02/06 16:14:19.0391 4268 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/02/06 16:14:19.0458 4268 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/02/06 16:14:19.0474 4268 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    2011/02/06 16:14:19.0510 4268 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/02/06 16:14:19.0544 4268 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/02/06 16:14:19.0575 4268 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/02/06 16:14:19.0613 4268 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/02/06 16:14:19.0634 4268 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    2011/02/06 16:14:19.0645 4268 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/02/06 16:14:19.0660 4268 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/02/06 16:14:19.0684 4268 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/02/06 16:14:19.0698 4268 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/02/06 16:14:19.0708 4268 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/02/06 16:14:19.0718 4268 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/02/06 16:14:19.0769 4268 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
    2011/02/06 16:14:19.0799 4268 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/02/06 16:14:19.0903 4268 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/02/06 16:14:19.0935 4268 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/02/06 16:14:19.0958 4268 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/02/06 16:14:19.0981 4268 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/02/06 16:14:20.0005 4268 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/02/06 16:14:20.0023 4268 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/02/06 16:14:20.0047 4268 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    2011/02/06 16:14:20.0071 4268 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/02/06 16:14:20.0108 4268 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/02/06 16:14:20.0131 4268 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/02/06 16:14:20.0172 4268 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
    2011/02/06 16:14:20.0218 4268 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
    2011/02/06 16:14:20.0241 4268 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/02/06 16:14:20.0256 4268 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/02/06 16:14:20.0298 4268 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/02/06 16:14:20.0371 4268 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/02/06 16:14:20.0486 4268 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/02/06 16:14:20.0555 4268 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/02/06 16:14:20.0572 4268 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    2011/02/06 16:14:20.0590 4268 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/02/06 16:14:20.0611 4268 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/02/06 16:14:20.0635 4268 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/02/06 16:14:20.0660 4268 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/02/06 16:14:20.0677 4268 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/02/06 16:14:20.0688 4268 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/02/06 16:14:20.0709 4268 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    2011/02/06 16:14:20.0731 4268 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/02/06 16:14:20.0745 4268 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/02/06 16:14:20.0799 4268 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/02/06 16:14:20.0863 4268 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/02/06 16:14:20.0878 4268 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/02/06 16:14:20.0916 4268 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    2011/02/06 16:14:20.0941 4268 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/02/06 16:14:20.0950 4268 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/02/06 16:14:20.0959 4268 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/02/06 16:14:20.0976 4268 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/02/06 16:14:20.0999 4268 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/02/06 16:14:21.0022 4268 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/02/06 16:14:21.0061 4268 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    2011/02/06 16:14:21.0080 4268 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    2011/02/06 16:14:21.0092 4268 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/02/06 16:14:21.0120 4268 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/02/06 16:14:21.0162 4268 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/02/06 16:14:21.0183 4268 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    2011/02/06 16:14:21.0203 4268 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/02/06 16:14:21.0225 4268 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/02/06 16:14:21.0233 4268 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/02/06 16:14:21.0249 4268 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/02/06 16:14:21.0280 4268 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/02/06 16:14:21.0306 4268 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/02/06 16:14:21.0337 4268 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/02/06 16:14:21.0357 4268 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/02/06 16:14:21.0374 4268 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/02/06 16:14:21.0389 4268 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    2011/02/06 16:14:21.0430 4268 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/02/06 16:14:21.0494 4268 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/02/06 16:14:21.0541 4268 LHidFilt (0a7d6ed578d85f0c35353424ee3f5245) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    2011/02/06 16:14:21.0616 4268 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/02/06 16:14:21.0636 4268 LMouFilt (6542e2e6db58118fbb1b82a68ce3aff9) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    2011/02/06 16:14:21.0714 4268 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/02/06 16:14:21.0737 4268 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/02/06 16:14:21.0756 4268 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/02/06 16:14:21.0771 4268 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/02/06 16:14:21.0793 4268 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/02/06 16:14:21.0868 4268 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/02/06 16:14:21.0889 4268 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/02/06 16:14:21.0922 4268 mfeapfk (12ad015f8c2c109c6a74d25da94607fe) C:\Windows\system32\drivers\mfeapfk.sys
    2011/02/06 16:14:21.0993 4268 mfeavfk (dd17753ad5fa52f3bcd3b512934690c4) C:\Windows\system32\drivers\mfeavfk.sys
    2011/02/06 16:14:22.0064 4268 mfehidk (3ba96b0584ad024f03eb9835d45619c2) C:\Windows\system32\drivers\mfehidk.sys
    2011/02/06 16:14:22.0111 4268 mferkdet (158c24a8ed5f2cab71a86fd775bc1727) C:\Windows\system32\drivers\mferkdet.sys
    2011/02/06 16:14:22.0154 4268 mfetdik (6cfff53e82808268dd61ab4790a36426) C:\Windows\system32\drivers\mfetdik.sys
    2011/02/06 16:14:22.0226 4268 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/02/06 16:14:22.0254 4268 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/02/06 16:14:22.0305 4268 motccgp (338ba6b7170111edc2e43b5b4eaf17df) C:\Windows\system32\DRIVERS\motccgp.sys
    2011/02/06 16:14:22.0358 4268 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
    2011/02/06 16:14:22.0413 4268 motmodem (e90aba3c6f01be2c456c4aa857b28646) C:\Windows\system32\DRIVERS\motmodem.sys
    2011/02/06 16:14:22.0456 4268 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
    2011/02/06 16:14:22.0537 4268 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
    2011/02/06 16:14:22.0625 4268 motusbdevice (307727f9829fb46ff4be0e4d1dac5002) C:\Windows\system32\DRIVERS\motusbdevice.sys
    2011/02/06 16:14:22.0692 4268 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/02/06 16:14:22.0713 4268 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/02/06 16:14:22.0732 4268 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    2011/02/06 16:14:22.0750 4268 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    2011/02/06 16:14:22.0767 4268 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/02/06 16:14:22.0792 4268 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    2011/02/06 16:14:22.0828 4268 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/02/06 16:14:22.0884 4268 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/02/06 16:14:22.0951 4268 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/02/06 16:14:23.0018 4268 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    2011/02/06 16:14:23.0038 4268 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/02/06 16:14:23.0064 4268 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/02/06 16:14:23.0080 4268 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/02/06 16:14:23.0094 4268 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/02/06 16:14:23.0129 4268 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/02/06 16:14:23.0143 4268 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/02/06 16:14:23.0155 4268 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/02/06 16:14:23.0178 4268 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    2011/02/06 16:14:23.0199 4268 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/02/06 16:14:23.0208 4268 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/02/06 16:14:23.0235 4268 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/02/06 16:14:23.0271 4268 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/02/06 16:14:23.0308 4268 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/02/06 16:14:23.0347 4268 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    2011/02/06 16:14:23.0384 4268 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/02/06 16:14:23.0403 4268 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/02/06 16:14:23.0419 4268 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/02/06 16:14:23.0442 4268 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/02/06 16:14:23.0462 4268 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    2011/02/06 16:14:23.0481 4268 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2011/02/06 16:14:23.0507 4268 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    2011/02/06 16:14:23.0554 4268 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/02/06 16:14:23.0585 4268 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/02/06 16:14:23.0650 4268 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2011/02/06 16:14:23.0689 4268 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    2011/02/06 16:14:23.0740 4268 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/02/06 16:14:23.0990 4268 nvlddmkm (f12c5f17d48d9f5c70e4408b3ccb5443) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/02/06 16:14:24.0205 4268 nvoclk64 (8c1d181480796d7d3366a9381fd7782d) C:\Windows\system32\DRIVERS\nvoclk64.sys
    2011/02/06 16:14:24.0262 4268 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/02/06 16:14:24.0280 4268 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/02/06 16:14:24.0313 4268 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/02/06 16:14:24.0326 4268 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/02/06 16:14:24.0350 4268 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/02/06 16:14:24.0369 4268 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    2011/02/06 16:14:24.0386 4268 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    2011/02/06 16:14:24.0407 4268 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    2011/02/06 16:14:24.0419 4268 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/02/06 16:14:24.0433 4268 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/02/06 16:14:24.0458 4268 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/02/06 16:14:24.0518 4268 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/02/06 16:14:24.0542 4268 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/02/06 16:14:24.0576 4268 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    2011/02/06 16:14:24.0633 4268 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/02/06 16:14:24.0665 4268 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/02/06 16:14:24.0688 4268 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/02/06 16:14:24.0708 4268 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/02/06 16:14:24.0740 4268 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/02/06 16:14:24.0758 4268 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/02/06 16:14:24.0784 4268 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/02/06 16:14:24.0807 4268 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/02/06 16:14:24.0829 4268 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/02/06 16:14:24.0845 4268 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/02/06 16:14:24.0861 4268 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/02/06 16:14:24.0895 4268 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
    2011/02/06 16:14:24.0922 4268 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/02/06 16:14:24.0940 4268 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/02/06 16:14:24.0963 4268 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    2011/02/06 16:14:24.0986 4268 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    2011/02/06 16:14:25.0024 4268 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/02/06 16:14:25.0090 4268 RTCore64 (b971b79bdca77e8755e615909a1c7a9f) C:\Program Files (x86)\EVGA Precision\RTCore64.sys
    2011/02/06 16:14:25.0198 4268 RzSynapse (d2ceff3befe9c468717b6bb7fa4a5e44) C:\Windows\system32\DRIVERS\RzSynapse.sys
    2011/02/06 16:14:25.0277 4268 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
    2011/02/06 16:14:25.0309 4268 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/02/06 16:14:25.0333 4268 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/02/06 16:14:25.0359 4268 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/02/06 16:14:25.0381 4268 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/02/06 16:14:25.0406 4268 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/02/06 16:14:25.0416 4268 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/02/06 16:14:25.0436 4268 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/02/06 16:14:25.0447 4268 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/02/06 16:14:25.0458 4268 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/02/06 16:14:25.0469 4268 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/02/06 16:14:25.0494 4268 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/02/06 16:14:25.0517 4268 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/02/06 16:14:25.0537 4268 skfiltv (01acb9228c303de1fff82b807d28b2b0) C:\Windows\system32\drivers\skfiltv.sys
    2011/02/06 16:14:25.0592 4268 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/02/06 16:14:25.0622 4268 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/02/06 16:14:25.0670 4268 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
    2011/02/06 16:14:25.0670 4268 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
    2011/02/06 16:14:25.0673 4268 sptd - detected Locked file (1)
    2011/02/06 16:14:25.0702 4268 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
    2011/02/06 16:14:25.0774 4268 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
    2011/02/06 16:14:25.0855 4268 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/02/06 16:14:25.0935 4268 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/02/06 16:14:25.0965 4268 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
    2011/02/06 16:14:25.0985 4268 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
    2011/02/06 16:14:26.0006 4268 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    2011/02/06 16:14:26.0061 4268 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
    2011/02/06 16:14:26.0130 4268 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/02/06 16:14:26.0165 4268 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    2011/02/06 16:14:26.0200 4268 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/02/06 16:14:26.0211 4268 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/02/06 16:14:26.0222 4268 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    2011/02/06 16:14:26.0234 4268 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    2011/02/06 16:14:26.0259 4268 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/02/06 16:14:26.0271 4268 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/02/06 16:14:26.0284 4268 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/02/06 16:14:26.0367 4268 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    2011/02/06 16:14:26.0448 4268 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/02/06 16:14:26.0468 4268 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    2011/02/06 16:14:26.0488 4268 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/02/06 16:14:26.0534 4268 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
    2011/02/06 16:14:26.0557 4268 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/02/06 16:14:26.0582 4268 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/02/06 16:14:26.0603 4268 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/02/06 16:14:26.0625 4268 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/02/06 16:14:26.0640 4268 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/02/06 16:14:26.0664 4268 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/02/06 16:14:26.0684 4268 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/02/06 16:14:26.0703 4268 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/02/06 16:14:26.0718 4268 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/02/06 16:14:26.0733 4268 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/02/06 16:14:26.0748 4268 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/02/06 16:14:26.0760 4268 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/02/06 16:14:26.0783 4268 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    2011/02/06 16:14:26.0814 4268 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
    2011/02/06 16:14:26.0828 4268 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
    2011/02/06 16:14:26.0845 4268 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/02/06 16:14:26.0867 4268 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    2011/02/06 16:14:26.0900 4268 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/02/06 16:14:26.0923 4268 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/02/06 16:14:26.0947 4268 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    2011/02/06 16:14:26.0979 4268 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/02/06 16:14:27.0017 4268 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/02/06 16:14:27.0035 4268 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/02/06 16:14:27.0085 4268 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/02/06 16:14:27.0114 4268 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/02/06 16:14:27.0154 4268 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/02/06 16:14:27.0177 4268 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/02/06 16:14:27.0245 4268 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/02/06 16:14:27.0289 4268 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
    2011/02/06 16:14:27.0361 4268 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
    2011/02/06 16:14:27.0425 4268 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/02/06 16:14:27.0448 4268 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
    2011/02/06 16:14:27.0516 4268 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
    2011/02/06 16:14:27.0556 4268 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/02/06 16:14:27.0578 4268 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    2011/02/06 16:14:27.0601 4268 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/02/06 16:14:27.0690 4268 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
    2011/02/06 16:14:27.0712 4268 ================================================================================
    2011/02/06 16:14:27.0712 4268 Scan finished
    2011/02/06 16:14:27.0712 4268 ================================================================================
    2011/02/06 16:14:27.0717 4476 Detected object count: 1
    2011/02/06 16:14:33.0083 4476 Locked file(sptd) - User select action: Skip
    2011/02/06 16:14:47.0543 3668 Deinitialize success
     
  17. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Nothing there.

    Let's try to reset your MBR.

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, check for the issue.

    **Important note to Dell users - fixing the MBR may prevent access to the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. If this is Dell computer, let me know before proceeding.
     
  18. Twiggyskulls

    Twiggyskulls TS Rookie Topic Starter Posts: 26

    Printed out the directions and followed them word for word, problem is still persistent. I would assume it lies somewhere in the Startup configuration since it only occurs upon booting into the OS.
     
  19. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please, delete your Combofix file, download fresh one and post new log.
     
  20. Twiggyskulls

    Twiggyskulls TS Rookie Topic Starter Posts: 26

    Should I run Combofix Uninstall?
     
  21. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    No..............
     
  22. Twiggyskulls

    Twiggyskulls TS Rookie Topic Starter Posts: 26

    ComboFix 11-02-05.01 - Brian 02/06/2011 17:56:28.5.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4087.2884 [GMT -5:00]
    Running from: c:\users\Brian\Desktop\ComboFix.exe
    AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2011-01-06 to 2011-02-06 )))))))))))))))))))))))))))))))
    .

    2011-02-06 23:00 . 2011-02-06 23:00 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-04 23:06 . 2011-02-04 23:06 -------- d-----w- C:\_OTL
    2011-02-03 15:41 . 2011-02-04 17:59 -------- d-----w- c:\users\Brian\AppData\Roaming\RIFT
    2011-02-03 15:41 . 2011-02-06 22:24 -------- d-----w- c:\program files (x86)\RIFT Beta
    2011-01-31 02:47 . 2011-01-31 02:47 -------- d--h--r- c:\users\Brian\AppData\Roaming\SecuROM
    2011-01-31 02:46 . 2011-01-31 02:49 -------- d-----w- c:\users\Brian\AppData\Local\Divinity 2
    2011-01-31 02:46 . 2011-01-31 02:46 -------- d-----w- c:\programdata\Divinity 2
    2011-01-21 04:31 . 2011-01-21 04:31 -------- d-----w- c:\program files (x86)\Stunlock Studios
    2011-01-21 04:30 . 2011-01-21 04:30 -------- d-----w- c:\program files (x86)\Microsoft XNA
    2011-01-20 03:19 . 2010-03-26 01:07 23864 ----a-w- c:\program files (x86)\Mozilla Firefox\components\Scriptff.dll
    2011-01-20 03:19 . 2010-03-26 01:07 78896 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-01-20 03:19 . 2010-03-26 01:07 97576 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-01-20 03:19 . 2010-03-26 01:07 120096 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-01-20 03:19 . 2010-03-26 01:07 84424 ----a-w- c:\windows\system32\drivers\mfetdik.sys
    2011-01-20 03:19 . 2010-03-26 01:07 79504 ----a-w- c:\windows\system32\mfevtps.exe
    2011-01-20 03:19 . 2010-03-26 01:07 469400 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-01-20 03:18 . 2011-01-20 03:18 -------- d-----w- c:\program files (x86)\Common Files\Cisco Systems
    2011-01-20 03:18 . 2011-01-20 03:19 -------- d-----w- c:\programdata\McAfee
    2011-01-20 03:18 . 2011-01-20 03:18 -------- d-----w- c:\program files (x86)\McAfee
    2011-01-20 03:18 . 2011-01-20 03:18 -------- d-----w- c:\program files (x86)\Common Files\McAfee
    2011-01-20 03:07 . 2011-01-20 03:07 -------- d-----w- c:\users\Brian\AppData\Roaming\Malwarebytes
    2011-01-20 03:06 . 2011-01-20 03:06 -------- d-----w- c:\programdata\Malwarebytes
    2011-01-20 03:06 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-01-20 03:06 . 2011-01-20 03:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-01-20 03:06 . 2010-12-20 23:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-18 11:17 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A737006A-BA3C-4DAA-97E3-991531DE6B87}\mpengine.dll
    2011-01-11 22:58 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
    2011-01-11 22:58 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
    2011-01-11 22:58 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
    2011-01-11 22:58 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2011-01-11 22:58 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
    2011-01-11 22:58 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
    2011-01-11 22:58 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
    2011-01-11 22:58 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
    2011-01-11 22:58 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
    2011-01-11 22:58 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
    2011-01-09 18:01 . 2011-01-09 18:01 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2011-01-09 17:40 . 2011-01-09 17:40 -------- d-----w- c:\program files (x86)\Motorola
    2011-01-09 17:40 . 2011-01-09 17:40 -------- d-----w- c:\program files\Common Files\Motorola Shared
    2011-01-08 01:49 . 2011-01-08 01:49 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
    2011-01-08 01:49 . 2011-01-08 01:49 6143080 ----a-w- c:\windows\system32\nvcpl.dll
    2011-01-08 01:49 . 2011-01-08 01:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll
    2011-01-08 01:48 . 2011-01-08 01:48 61032 ----a-w- c:\windows\system32\nvshext.dll
    2011-01-08 01:48 . 2011-01-08 01:48 117864 ----a-w- c:\windows\system32\nvmctray.dll
    2011-01-08 01:48 . 2011-01-08 01:48 1005160 ----a-w- c:\windows\system32\nvvsvc.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-11 11:05 . 2010-12-11 11:05 327680 ----a-w- c:\users\Brian\AppData\Roaming\Adobe.exe
    2010-11-18 02:01 . 2010-11-18 02:01 464 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
    2010-11-12 23:53 . 2010-09-23 01:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-27 136176]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2010-11-16 1242448]
    "Adobe.exe"="c:\users\Brian\AppData\Roaming\Adobe.exe" [2010-12-11 327680]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "Zboard"="c:\program files (x86)\Ideazon\ZEngine\Zboard.exe" [2009-06-04 57344]
    "BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
    "Razer Naga Driver"="c:\program files (x86)\Razer\Naga\NagaTray.exe" [2010-05-11 810880]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
    "McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
    "ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-03-26 124224]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
    @="Service"

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
    R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\Legend of Edda\GameGuard\dump_wmimmc.sys [x]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-03-26 78896]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 20992]
    R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
    R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
    R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-26 10240]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-29 1255736]
    R3 X6va002;X6va002;c:\users\Brian\AppData\Local\Temp\002F52C.tmp [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-11 834544]
    S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-03-26 20792]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-03-26 79504]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
    S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
    S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys [2010-08-11 14440]
    S3 RzSynapse;Razer Naga Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2010-04-21 73216]
    S3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-08-14 24064]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1365112199-3682941248-1621301289-1001Core.job
    - c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-27 20:46]

    2011-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1365112199-3682941248-1621301289-1001UA.job
    - c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-27 20:46]
    .

    --------- x86-64 -----------

    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\2g6ao8s6.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va002]
    "ImagePath"="\??\c:\users\Brian\AppData\Local\Temp\002F52C.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1365112199-3682941248-1621301289-1001\Software\SecuROM\License information*]
    "datasecu"=hex:c1,c2,95,f4,84,74,2b,12,2e,63,e2,8c,51,ae,dc,00,9d,3b,56,79,0b,
    71,3e,e2,58,79,42,b7,c8,3b,5c,29,72,b5,02,82,3f,cc,92,78,99,c9,c8,e8,ac,79,\
    "rkeysecu"=hex:de,1d,29,57,c9,b2,ae,42,dc,39,15,5a,ea,4e,5b,3d

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

    [HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-02-06 18:02:14
    ComboFix-quarantined-files.txt 2011-02-06 23:02
    ComboFix2.txt 2011-02-04 19:21

    Pre-Run: 399,594,196,992 bytes free
    Post-Run: 399,585,755,136 bytes free

    - - End Of File - - 745D497B2C1E3DF26B5958D208379480
     
  23. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Driver::
    dump_wmimmc
    npggsvc
    X6va002
    
    
    Registry::
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va002]
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  24. Twiggyskulls

    Twiggyskulls TS Rookie Topic Starter Posts: 26

    ComboFix 11-02-05.01 - Brian 02/06/2011 18:15:47.6.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4087.2645 [GMT -5:00]
    Running from: c:\users\Brian\Desktop\ComboFix.exe
    Command switches used :: c:\users\Brian\Desktop\CFScript.txt
    AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_X6VA002
    -------\Service_dump_wmimmc
    -------\Service_npggsvc
    -------\Service_X6va002


    ((((((((((((((((((((((((( Files Created from 2011-01-06 to 2011-02-06 )))))))))))))))))))))))))))))))
    .

    2011-02-06 23:18 . 2011-02-06 23:18 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-04 23:06 . 2011-02-04 23:06 -------- d-----w- C:\_OTL
    2011-02-03 15:41 . 2011-02-04 17:59 -------- d-----w- c:\users\Brian\AppData\Roaming\RIFT
    2011-02-03 15:41 . 2011-02-06 23:04 -------- d-----w- c:\program files (x86)\RIFT Beta
    2011-01-31 02:47 . 2011-01-31 02:47 -------- d--h--r- c:\users\Brian\AppData\Roaming\SecuROM
    2011-01-31 02:46 . 2011-01-31 02:49 -------- d-----w- c:\users\Brian\AppData\Local\Divinity 2
    2011-01-31 02:46 . 2011-01-31 02:46 -------- d-----w- c:\programdata\Divinity 2
    2011-01-21 04:31 . 2011-01-21 04:31 -------- d-----w- c:\program files (x86)\Stunlock Studios
    2011-01-21 04:30 . 2011-01-21 04:30 -------- d-----w- c:\program files (x86)\Microsoft XNA
    2011-01-20 03:19 . 2010-03-26 01:07 23864 ----a-w- c:\program files (x86)\Mozilla Firefox\components\Scriptff.dll
    2011-01-20 03:19 . 2010-03-26 01:07 78896 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-01-20 03:19 . 2010-03-26 01:07 97576 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-01-20 03:19 . 2010-03-26 01:07 120096 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-01-20 03:19 . 2010-03-26 01:07 84424 ----a-w- c:\windows\system32\drivers\mfetdik.sys
    2011-01-20 03:19 . 2010-03-26 01:07 79504 ----a-w- c:\windows\system32\mfevtps.exe
    2011-01-20 03:19 . 2010-03-26 01:07 469400 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-01-20 03:18 . 2011-01-20 03:18 -------- d-----w- c:\program files (x86)\Common Files\Cisco Systems
    2011-01-20 03:18 . 2011-01-20 03:19 -------- d-----w- c:\programdata\McAfee
    2011-01-20 03:18 . 2011-01-20 03:18 -------- d-----w- c:\program files (x86)\McAfee
    2011-01-20 03:18 . 2011-01-20 03:18 -------- d-----w- c:\program files (x86)\Common Files\McAfee
    2011-01-20 03:07 . 2011-01-20 03:07 -------- d-----w- c:\users\Brian\AppData\Roaming\Malwarebytes
    2011-01-20 03:06 . 2011-01-20 03:06 -------- d-----w- c:\programdata\Malwarebytes
    2011-01-20 03:06 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-01-20 03:06 . 2011-01-20 03:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-01-20 03:06 . 2010-12-20 23:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-18 11:17 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A737006A-BA3C-4DAA-97E3-991531DE6B87}\mpengine.dll
    2011-01-11 22:58 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
    2011-01-11 22:58 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
    2011-01-11 22:58 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
    2011-01-11 22:58 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2011-01-11 22:58 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
    2011-01-11 22:58 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
    2011-01-11 22:58 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
    2011-01-11 22:58 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
    2011-01-11 22:58 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
    2011-01-11 22:58 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
    2011-01-09 18:01 . 2011-01-09 18:01 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2011-01-09 17:40 . 2011-01-09 17:40 -------- d-----w- c:\program files (x86)\Motorola
    2011-01-09 17:40 . 2011-01-09 17:40 -------- d-----w- c:\program files\Common Files\Motorola Shared
    2011-01-08 01:49 . 2011-01-08 01:49 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
    2011-01-08 01:49 . 2011-01-08 01:49 6143080 ----a-w- c:\windows\system32\nvcpl.dll
    2011-01-08 01:49 . 2011-01-08 01:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll
    2011-01-08 01:48 . 2011-01-08 01:48 61032 ----a-w- c:\windows\system32\nvshext.dll
    2011-01-08 01:48 . 2011-01-08 01:48 117864 ----a-w- c:\windows\system32\nvmctray.dll
    2011-01-08 01:48 . 2011-01-08 01:48 1005160 ----a-w- c:\windows\system32\nvvsvc.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-11 11:05 . 2010-12-11 11:05 327680 ----a-w- c:\users\Brian\AppData\Roaming\Adobe.exe
    2010-11-18 02:01 . 2010-11-18 02:01 464 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
    2010-11-12 23:53 . 2010-09-23 01:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2011-02-06_23.01.06 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2011-02-06 22:17 . 2011-02-06 22:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-02-06 23:19 . 2011-02-06 23:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-02-06 22:17 . 2011-02-06 22:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-02-06 23:19 . 2011-02-06 23:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 05:01 . 2011-02-06 23:19 384036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2011-02-06 22:14 384036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2010-07-29 07:23 . 2011-02-06 22:14 724165 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1365112199-3682941248-1621301289-1001-12288.dat
    + 2010-07-29 07:23 . 2011-02-06 23:19 724165 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1365112199-3682941248-1621301289-1001-12288.dat
    + 2010-09-13 23:31 . 2011-02-06 23:19 1442624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2010-09-13 23:31 . 2011-02-04 16:18 1442624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-27 136176]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2010-11-16 1242448]
    "Adobe.exe"="c:\users\Brian\AppData\Roaming\Adobe.exe" [2010-12-11 327680]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "Zboard"="c:\program files (x86)\Ideazon\ZEngine\Zboard.exe" [2009-06-04 57344]
    "BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
    "Razer Naga Driver"="c:\program files (x86)\Razer\Naga\NagaTray.exe" [2010-05-11 810880]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
    "McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
    "ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-03-26 124224]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
    @="Service"

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-03-26 78896]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 20992]
    R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
    R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
    R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-26 10240]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-29 1255736]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-11 834544]
    S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-03-26 20792]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-03-26 79504]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
    S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
    S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys [2010-08-11 14440]
    S3 RzSynapse;Razer Naga Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2010-04-21 73216]
    S3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-08-14 24064]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1365112199-3682941248-1621301289-1001Core.job
    - c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-27 20:46]

    2011-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1365112199-3682941248-1621301289-1001UA.job
    - c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-27 20:46]
    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "combofix"="c:\combofix\CF8748.cfxxe" [X]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\2g6ao8s6.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1365112199-3682941248-1621301289-1001\Software\SecuROM\License information*]
    "datasecu"=hex:c1,c2,95,f4,84,74,2b,12,2e,63,e2,8c,51,ae,dc,00,9d,3b,56,79,0b,
    71,3e,e2,58,79,42,b7,c8,3b,5c,29,72,b5,02,82,3f,cc,92,78,99,c9,c8,e8,ac,79,\
    "rkeysecu"=hex:de,1d,29,57,c9,b2,ae,42,dc,39,15,5a,ea,4e,5b,3d

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

    [HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe
    c:\program files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
    c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe
    c:\program files (x86)\EVGA Precision\EVGAPrecision.exe
    c:\users\Brian\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    c:\users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
    .
    **************************************************************************
    .
    Completion time: 2011-02-06 18:25:37 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-02-06 23:25
    ComboFix2.txt 2011-02-06 23:02
    ComboFix3.txt 2011-02-04 19:21

    Pre-Run: 399,637,671,936 bytes free
    Post-Run: 399,399,780,352 bytes free

    - - End Of File - - 44504A63714BCB166AC0307EF987E5C0
     
  25. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Same issue?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...