TechSpot

Sirefef virus

Solved
By MacThreat
Sep 17, 2012
  1. Hey, I'm currently having a problem with the Sirefef Virus. As requested in the other threads, I have attached all the files that were asked for in the other threads. I looked through the reg edits that where said before, but some of the things don't exist for me. So I am wondering if you could help me out.

    Thanks

    I am able to get into Safe Mode although I am NOT able to get into "Repair your Computer", it will not let me in.

    ----------------------------------------------------

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.17.07

    Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    Richard :: RICHARD-PC [administrator]

    9/17/2012 10:14:38 AM
    mbam-log-2012-09-17 (10-14-38).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 338260
    Time elapsed: 46 minute(s), 58 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 6
    C:\Qoobox\Quarantine\C\Windows\Installer\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\U\00000004.@.vir (Rootkit.Zaccess) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\Windows\Installer\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\U\00000008.@.vir (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\Windows\Installer\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\U\000000cb.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\Windows\Installer\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\U\80000000.@.vir (Trojan.Small) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Quarantined and deleted successfully.

    (end)
    ----------------------------------------------------
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-09-17 08:55:16
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-75ZCT2 rev.11.01A11
    Running: 0tfrv1tc.exe; Driver: C:\Users\Richard\AppData\Local\Temp\ufliqfow.sys
    ---- Devices - GMER 1.0.15 ----
    Device \FileSystem\fastfat \Fat 8EB89A7A
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\Control@SystemStartOptions /NOEXECUTE=OPTIN IN/MINT
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 632
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg50AE.tmp??\??\C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\gtn50AF.tmp??\??\C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\gth50B0.tmp??\??\C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424??\??\C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424??\??\C:\Program Files\Google\GoogleToolbarNotifier\Goo50B1.tmp??\??\C:\Program Files\Google\GoogleToolbarNotifier??\??\C:\Users\Richard\AppData\Local\Temp\Google Toolbar\inuF22E.tmp??\??\C:\Users\Richard\AppData\Local\Temp\gusF1FC.tmp??\??\C:\Users\Richard\AppData\Local\Temp\Google Toolbar\inuF4DE.tmp??\??\C:\Program Files\Google??\??\C:\Config.Msi\557a4.rbf??\??\C:\PROGRA~1\MYSCRA~2\bar\1.bin??\??\C:\PROGRA~1\MYSCRA~2\bar\1.bin\12bar.dll??\??\C:\PROGRA~1\MYSCRA~2\bar\1.bin\12barsvc.exe??\??\C:\PROGRA~1\MYSCRA~2\bar\1.bin\T8RES.DLL??\??\C:\PROGRA~1\MYSCRA~2\bar\1.bin??\??\C:\PROGRA~1\MYSCRA~2\bar\1.bin\12bar.dll??\??\C:\PROGRA~1\MYSCRA~2\bar\1.bin\12barsv
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management@ExistingPageFiles \??\C:\pagefile.sys?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 591
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 360685184
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@VideoInitTime 0
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID b9265288-e6fa-49b4-bf68-cba46ef
    Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 3
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@ReadyBootPlanUsage 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@LastBootStatus 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E35086B6-AA4F-41B7-B5A7-24459F030FB9}@LeaseObtainedTime 1347648854
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E35086B6-AA4F-41B7-B5A7-24459F030FB9}@T1 1347708533
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E35086B6-AA4F-41B7-B5A7-24459F030FB9}@T2 1347753292
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E35086B6-AA4F-41B7-B5A7-24459F030FB9}@LeaseTerminatesTime 1347821654
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0
    Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{5ABBDF6B-5E9F-471F-B34B-050A74CF2C97}
    Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{5CA5E396-62A1-4E15-AF42-67CBA03EB5EB}
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2606743370-2938532883-3730318516-1000@State 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2606743370-2938532883-3730318516-1000@RefCount 0
    ---- EOF - GMER 1.0.15 ----
    ----------------------------------------------------
    .
    DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
    Internet Explorer: 9.0.8112.16421
    Run by Richard at 11:14:05 on 2012-09-17
    MicrosoftÆ Windows Vistaô Home Premium 6.0.6002.2.1252.1.1033.18.3030.2541 [GMT -4:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uWindow Title = Internet Explorer provided by Dell
    mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80307&lng=en
    mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80307
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
    BHO: Toolbar BHO: {a916eefe-6a17-4d7d-a131-2738b260bb55} - c:\progra~1\guffins\bar\1.bin\u4bar.dll
    BHO: Search Assistant BHO: {d6a34acb-76fa-4a14-88ea-5d54797a2028} - c:\program files\guffins\bar\1.bin\u4SrcAs.dll
    BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
    TB: Guffins: {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - c:\program files\guffins\bar\1.bin\u4bar.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB} - No File
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRunOnce: [MyScrapNook_12bar Uninstall] rundll32 c:\progra~1\12UNIN~1.DLL,O -3
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://connect.entergy.com/dana-cached/sc/JuniperSetupClient.cab
    TCP: DhcpNameServer = 8.8.8.8 68.87.73.242
    TCP: Interfaces\{C71C8B04-BBD1-4567-8DFC-94204726ED96} : DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
    TCP: Interfaces\{E35086B6-AA4F-41B7-B5A7-24459F030FB9} : DhcpNameServer = 8.8.8.8 68.87.73.242
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-3-24 54784]
    R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-3-24 203264]
    S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-3-24 81920]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
    S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [2008-2-25 99568]
    S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    S2 GuffinsService;GuffinsService;c:\progra~1\guffins\bar\1.bin\u4barsvc.exe --> c:\progra~1\guffins\bar\1.bin\u4barsvc.exe [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-31 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-31 136176]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-3-24 112128]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
    S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-24 133472]
    S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-24 279488]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-09-17 15:06:4854016----a-w-c:\windows\system32\drivers\dovtuw.sys
    2012-09-15 17:29:09279552----a-w-c:\windows\system32\services.exe
    2012-09-15 17:12:13--------d-----w-C:\FRST
    2012-09-15 17:12:0397440----a-w-c:\windows\system32\drivers\SMR310.SYS
    2012-09-15 17:12:0320----a-w-c:\windows\system32\drivers\SMR310.dat
    2012-09-15 17:12:02--------d-----w-C:\NPE
    2012-09-15 17:11:55--------d-----w-c:\users\richard\appdata\local\NPE
    2012-09-15 16:48:10--------d-----w-c:\program files\HitmanPro
    2012-09-15 16:47:57--------d-----w-c:\programdata\HitmanPro
    2012-09-14 22:00:48303616----a-w-C:\SetACL.exe
    2012-09-14 21:43:30290304----a-w-C:\subinacl.exe
    2012-09-14 21:43:20--------d-----w-C:\Tweaking.com_Windows_Repair_Logs
    2012-09-14 20:51:09--------d-----w-c:\windows\pss
    2012-09-14 20:37:4754016----a-w-c:\windows\system32\drivers\uoyffqy.sys
    2012-09-14 19:30:11--------d-----w-c:\program files\ESET
    2012-09-14 19:25:31--------d-----w-c:\users\richard\appdata\roaming\Malwarebytes
    2012-09-14 19:25:2522856----a-w-c:\windows\system32\drivers\mbam.sys
    2012-09-14 19:25:25--------d-----w-c:\programdata\Malwarebytes
    2012-09-14 19:25:24--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-09-14 19:04:16172408----a-w-c:\program files\12res.dll
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 11:15:49.21 ===============
    ----------------------------------------------------
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-09-2012 02
    Ran by Richard at 17-09-2012 11:22:33
    Running from F:\
    Service Pack 2 (X86) OS Language: English(US)
    The current controlset is ControlSet001
    ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.
    ==================== One Month Created Files and Folders ========
    2012-09-17 11:13 - 2012-09-17 11:13 - 00607260 ____A (Swearware) C:\Users\Richard\Downloads\dds.com
    2012-09-17 11:06 - 2012-09-17 11:06 - 00054016 ____A C:\Windows\System32\Drivers\dovtuw.sys
    2012-09-15 13:50 - 2012-09-15 13:50 - 00302592 ____A C:\Users\Richard\Downloads\0tfrv1tc.exe
    2012-09-15 13:29 - 2009-04-11 02:27 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-09-15 13:12 - 2012-09-15 13:12 - 00097440 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR310.SYS
    2012-09-15 13:12 - 2012-09-15 13:12 - 00000020 ____A C:\Windows\System32\Drivers\SMR310.dat
    2012-09-15 13:12 - 2012-09-15 13:12 - 00000000 ____D C:\NPE
    2012-09-15 13:12 - 2012-09-15 13:12 - 00000000 ____D C:\FRST
    2012-09-15 13:11 - 2012-09-15 13:11 - 00000000 ____D C:\Users\Richard\AppData\Local\NPE
    2012-09-15 12:48 - 2012-09-15 12:48 - 00001694 ____A C:\Users\Public\Desktop\HitmanPro.lnk
    2012-09-15 12:48 - 2012-09-15 12:48 - 00000000 ____D C:\Program Files\HitmanPro
    2012-09-15 12:47 - 2012-09-15 12:48 - 00000000 ____D C:\Users\All Users\HitmanPro
    2012-09-15 12:26 - 2012-09-15 12:26 - 00000000 ____D C:\Users\Public\Desktop\CC Support
    2012-09-14 18:00 - 2008-05-07 22:03 - 00303616 ____A ( ) C:\SetACL.exe
    2012-09-14 17:43 - 2004-06-11 16:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe
    2012-09-14 17:41 - 2012-09-17 11:12 - 00000680 ____A C:\Users\Richard\AppData\Local\d3d9caps.dat
    2012-09-14 17:41 - 2012-09-14 17:41 - 00000488 ____A C:\Windows\WindowsUpdate.log
    2012-09-14 17:17 - 2012-09-15 11:33 - 00000000 ___SD C:\32788R22FWJFW
    2012-09-14 17:17 - 2012-09-15 11:33 - 00000000 ____D C:\Windows\erdnt
    2012-09-14 17:17 - 2012-09-15 11:33 - 00000000 ____D C:\Qoobox
    2012-09-14 16:51 - 2012-09-15 12:04 - 00000000 ____D C:\Windows\pss
    2012-09-14 16:37 - 2012-09-14 16:37 - 00054016 ____A C:\Windows\System32\Drivers\uoyffqy.sys
    2012-09-14 15:30 - 2012-09-14 15:30 - 00000000 ____D C:\Program Files\ESET
    2012-09-14 15:25 - 2012-09-14 15:27 - 00000868 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-14 15:25 - 2012-09-14 15:27 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2012-09-14 15:25 - 2012-09-14 15:25 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Malwarebytes
    2012-09-14 15:25 - 2012-09-14 15:25 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-09-14 15:25 - 2012-09-07 17:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-14 15:13 - 2012-09-17 11:10 - 268435456 __ASH C:\Windows\System32\temppf.sys
    2012-09-14 15:04 - 2012-05-28 13:13 - 00172408 ____A () C:\Program Files\12res.dll
    ==================== 3 Months Modified Files ==================
    2012-09-17 11:13 - 2012-09-17 11:13 - 00607260 ____A (Swearware) C:\Users\Richard\Downloads\dds.com
    2012-09-17 11:12 - 2012-09-14 17:41 - 00000680 ____A C:\Users\Richard\AppData\Local\d3d9caps.dat
    2012-09-17 11:10 - 2012-09-14 15:13 - 268435456 __ASH C:\Windows\System32\temppf.sys
    2012-09-17 11:06 - 2012-09-17 11:06 - 00054016 ____A C:\Windows\System32\Drivers\dovtuw.sys
    2012-09-15 13:50 - 2012-09-15 13:50 - 00302592 ____A C:\Users\Richard\Downloads\0tfrv1tc.exe
    2012-09-15 13:35 - 2006-11-02 09:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-15 13:12 - 2012-09-15 13:12 - 00097440 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR310.SYS
    2012-09-15 13:12 - 2012-09-15 13:12 - 00000020 ____A C:\Windows\System32\Drivers\SMR310.dat
    2012-09-15 12:48 - 2012-09-15 12:48 - 00001694 ____A C:\Users\Public\Desktop\HitmanPro.lnk
    2012-09-14 18:05 - 2006-11-02 06:33 - 00728784 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-14 17:41 - 2012-09-14 17:41 - 00000488 ____A C:\Windows\WindowsUpdate.log
    2012-09-14 17:18 - 2012-05-31 19:12 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-09-14 16:37 - 2012-09-14 16:37 - 00054016 ____A C:\Windows\System32\Drivers\uoyffqy.sys
    2012-09-14 15:27 - 2012-09-14 15:25 - 00000868 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-14 15:12 - 2006-11-02 09:01 - 00032580 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-09-14 15:12 - 2006-11-02 08:47 - 00003616 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-14 15:12 - 2006-11-02 08:47 - 00003616 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-14 14:56 - 2012-05-31 19:12 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-09-14 12:35 - 2012-04-23 21:29 - 00001849 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
    2012-09-07 17:04 - 2012-09-14 15:25 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-08-08 18:24 - 2006-11-02 06:22 - 47972352 ____A C:\Windows\System32\config\software_previous
    2012-08-08 18:24 - 2006-11-02 06:22 - 37748736 ____A C:\Windows\System32\config\components_previous
    2012-08-08 18:24 - 2006-11-02 06:22 - 24903680 ____A C:\Windows\System32\config\system_previous
    2012-08-08 18:24 - 2006-11-02 06:22 - 00262144 ____A C:\Windows\System32\config\security_previous
    2012-08-08 18:24 - 2006-11-02 06:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
    2012-08-08 18:24 - 2006-11-02 06:22 - 00262144 ____A C:\Windows\System32\config\default_previous
    2012-07-16 08:13 - 2006-11-02 08:47 - 00379584 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-15 22:50 - 2006-11-02 06:23 - 00000219 ____A C:\Windows\win.ini
    2012-07-12 14:33 - 2009-04-11 11:34 - 00039424 ____A C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-07-11 11:20 - 2012-07-11 11:20 - 00011264 ____A C:\Users\Richard\Documents\Scavenger Rules.wps
    2012-07-11 11:20 - 2009-03-31 22:02 - 00000318 ____A C:\Users\Richard\AppData\Roaming\wklnhst.dat
    2012-07-03 03:13 - 2006-11-02 06:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2012-06-30 09:44 - 2012-06-30 09:44 - 00000168 ____A C:\Users\Richard\Desktop\sing.url
    2012-06-24 19:32 - 2012-06-24 19:32 - 00001614 ____A C:\Users\Richard\Desktop\Calculator.lnk
    ZeroAccess:
    C:\Windows\Installer\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}
    C:\Windows\Installer\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\L
    C:\Windows\Installer\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\U
    ZeroAccess:
    C:\Windows\System32\config\systemprofile\AppData\Local\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}
    C:\Windows\System32\config\systemprofile\AppData\Local\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\@
    C:\Windows\System32\config\systemprofile\AppData\Local\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\L
    C:\Windows\System32\config\systemprofile\AppData\Local\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\U
    ==================== Bamital & volsnap Check =================
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    TDL4: custom:26000022 <===== ATTENTION!
    ==================== Memory info ===========================
    Percentage of memory in use: 18%
    Total physical RAM: 3030.17 MB
    Available physical RAM: 2483.72 MB
    Total Pagefile: 3164.69 MB
    Available Pagefile: 2879.46 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1977.5 MB
    ==================== Partitions =============================
    1 Drive c: (OS) (Fixed) (Total:222.81 GB) (Free:189.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:2.42 GB) NTFS
    4 Drive f: () (Removable) (Total:15.1 GB) (Free:5.65 GB) FAT32
    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 233 GB 0 B
    Disk 1 Online 15 GB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 78 MB 32 KB
    Partition 2 Primary 10 GB 79 MB
    Partition 3 Primary 223 GB 10 GB
    =========================================================
    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 FAT Partition 78 MB Healthy Hidden
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 D RECOVERY NTFS Partition 10 GB Healthy
    =========================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 223 GB Healthy Boot
    =========================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 15 GB 16 KB
    =========================================================
    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FAT32 Removable 15 GB Healthy
    =========================================================
    Last Boot: 2012-09-14 15:00
    ==================== End Of Log ============================
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 47,616   +267

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================

    I still need Attach.txt part of DDS.

    Next...

    You ran FRST from within Windows.
    That's incorrect way.

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  3. MacThreat

    MacThreat TS Rookie Topic Starter

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    MicrosoftÆ Windows Vistaô Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 3/24/2009 11:59:55 AM
    System Uptime: 9/17/2012 11:10:22 AM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0P792H
    Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | U2E1 | 1995/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 223 GiB total, 189.499 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 2.416 GiB free.
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0003
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #3
    PNP Device ID: ROOT\*ISATAP\0003
    Service: tunnel
    .
    Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Description: Consumer IR Devices
    Device ID: ROOT\SYSTEM\0001
    Manufacturer: Microsoft
    Name: Consumer IR Devices
    PNP Device ID: ROOT\SYSTEM\0001
    Service: circlass
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    ABBYY FineReader 6.0 Sprint
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.5.2
    Advanced Audio FX Engine
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar Updater
    CCleaner
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Citrix XenApp Web Plugin
    Compatibility Pack for the 2007 Office system
    Dell Edoc Viewer
    Dell Getting Started Guide
    Dell Support Center (Support Software)
    Dell Touchpad
    Dell V305
    Dell Video Chat
    Dell Webcam Central
    Dell Wireless WLAN Card Utility
    DELL0604
    Google Earth
    Google Update Helper
    Guffins
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Integrated Webcam Driver (1.05.02.1227)
    Intel(R) Graphics Media Accelerator Driver
    ITECIR
    iTunes
    Live! Cam Avatar Creator
    MediaDirect
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    QuickSet
    QuickTime
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 47,616   +267

    Do you have Vista DVD?

    If yes use second option:
    To enter System Recovery Options by using Windows installation disc:

    If not let me know.
     
  5. MacThreat

    MacThreat TS Rookie Topic Starter

    Here you go, thank you.

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-09-2012 02
    Ran by SYSTEM at 17-09-2012 13:22:42
    Running from F:\
    Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [200704 2008-08-25] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3810304 2008-12-22] (Dell Inc.)
    HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [483420 2008-12-22] (IDT, Inc.)
    HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
    HKU\Richard\...\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex [247968 2012-01-24] (Adobe Systems, Inc.)
    HKLM\...\Runonce: [MyScrapNook_12bar Uninstall] rundll32 C:\PROGRA~1\12UNIN~1.DLL,O -3 [x]
    Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 68.87.73.242

    ==================== Services (Whitelisted) ===================

    2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [81920 2008-12-22] (Andrea Electronics Corporation)
    2 dldtCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldtserv.exe [99568 2008-02-25] ()
    2 dldt_device; C:\Windows\system32\dldtcoms.exe -service [595184 2008-02-25] ( )
    2 sprtsvc_DellSupportCenter; "C:\Program Files\Dell Support Center\bin\sprtsvc.exe" /service /P DellSupportCenter [201968 2008-10-04] (SupportSoft, Inc.)
    2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe [241746 2008-12-22] (IDT, Inc.)
    2 GuffinsService; C:\PROGRA~1\Guffins\bar\1.bin\u4barsvc.exe [x]
    3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

    ==================== Drivers (Whitelisted) ====================

    3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-22] (Broadcom Corporation)
    3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-08-25] (ITE Tech. Inc. )
    3 k57nd60x; C:\Windows\System32\DRIVERS\k57nd60x.sys [203264 2008-08-25] (Broadcom Corporation)
    0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
    3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133472 2009-01-19] (Creative Technology Ltd.)
    3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [279488 2009-01-19] (Creative Technology Ltd.)
    0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [43840 2007-11-14] (Sonic Solutions)
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    1 MpKsl275cd18b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57779DFF-FC42-4CD8-A139-035582ADCD24}\MpKsl275cd18b.sys [x]
    1 MpKsl9a9cb023; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57779DFF-FC42-4CD8-A139-035582ADCD24}\MpKsl9a9cb023.sys [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2012-09-17 07:13 - 2012-09-17 07:13 - 00607260 ____A (Swearware) C:\Users\Richard\Downloads\dds.com
    2012-09-17 07:06 - 2012-09-17 07:06 - 00054016 ____A C:\Windows\System32\Drivers\dovtuw.sys
    2012-09-15 09:50 - 2012-09-15 09:50 - 00302592 ____A C:\Users\Richard\Downloads\0tfrv1tc.exe
    2012-09-15 09:29 - 2009-04-10 22:27 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-09-15 09:12 - 2012-09-15 09:12 - 00097440 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR310.SYS
    2012-09-15 09:12 - 2012-09-15 09:12 - 00000020 ____A C:\Windows\System32\Drivers\SMR310.dat
    2012-09-15 09:12 - 2012-09-15 09:12 - 00000000 ____D C:\NPE
    2012-09-15 09:12 - 2012-09-15 09:12 - 00000000 ____D C:\FRST
    2012-09-15 09:11 - 2012-09-15 09:11 - 00000000 ____D C:\Users\Richard\AppData\Local\NPE
    2012-09-15 08:48 - 2012-09-15 08:48 - 00001694 ____A C:\Users\Public\Desktop\HitmanPro.lnk
    2012-09-15 08:48 - 2012-09-15 08:48 - 00000000 ____D C:\Program Files\HitmanPro
    2012-09-15 08:47 - 2012-09-15 08:48 - 00000000 ____D C:\Users\All Users\HitmanPro
    2012-09-15 08:26 - 2012-09-15 08:26 - 00000000 ____D C:\Users\Public\Desktop\CC Support
    2012-09-14 14:00 - 2008-05-07 18:03 - 00303616 ____A ( ) C:\SetACL.exe
    2012-09-14 13:43 - 2004-06-11 12:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe
    2012-09-14 13:41 - 2012-09-17 07:12 - 00000680 ____A C:\Users\Richard\AppData\Local\d3d9caps.dat
    2012-09-14 13:41 - 2012-09-14 13:41 - 00000488 ____A C:\Windows\WindowsUpdate.log
    2012-09-14 13:17 - 2012-09-15 07:33 - 00000000 ___SD C:\32788R22FWJFW
    2012-09-14 13:17 - 2012-09-15 07:33 - 00000000 ____D C:\Windows\erdnt
    2012-09-14 13:17 - 2012-09-15 07:33 - 00000000 ____D C:\Qoobox
    2012-09-14 12:51 - 2012-09-15 08:04 - 00000000 ____D C:\Windows\pss
    2012-09-14 12:37 - 2012-09-14 12:37 - 00054016 ____A C:\Windows\System32\Drivers\uoyffqy.sys
    2012-09-14 11:30 - 2012-09-14 11:30 - 00000000 ____D C:\Program Files\ESET
    2012-09-14 11:25 - 2012-09-14 11:27 - 00000868 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-14 11:25 - 2012-09-14 11:27 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2012-09-14 11:25 - 2012-09-14 11:25 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Malwarebytes
    2012-09-14 11:25 - 2012-09-14 11:25 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-09-14 11:25 - 2012-09-07 13:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-14 11:13 - 2012-09-17 07:10 - 268435456 __ASH C:\Windows\System32\temppf.sys
    2012-09-14 11:04 - 2012-05-28 09:13 - 00172408 ____A () C:\Program Files\12res.dll

    ==================== 3 Months Modified Files ==================

    2012-09-17 07:13 - 2012-09-17 07:13 - 00607260 ____A (Swearware) C:\Users\Richard\Downloads\dds.com
    2012-09-17 07:12 - 2012-09-14 13:41 - 00000680 ____A C:\Users\Richard\AppData\Local\d3d9caps.dat
    2012-09-17 07:10 - 2012-09-14 11:13 - 268435456 __ASH C:\Windows\System32\temppf.sys
    2012-09-17 07:06 - 2012-09-17 07:06 - 00054016 ____A C:\Windows\System32\Drivers\dovtuw.sys
    2012-09-15 09:50 - 2012-09-15 09:50 - 00302592 ____A C:\Users\Richard\Downloads\0tfrv1tc.exe
    2012-09-15 09:35 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-15 09:12 - 2012-09-15 09:12 - 00097440 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR310.SYS
    2012-09-15 09:12 - 2012-09-15 09:12 - 00000020 ____A C:\Windows\System32\Drivers\SMR310.dat
    2012-09-15 08:48 - 2012-09-15 08:48 - 00001694 ____A C:\Users\Public\Desktop\HitmanPro.lnk
    2012-09-14 14:05 - 2006-11-02 02:33 - 00728784 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-14 13:41 - 2012-09-14 13:41 - 00000488 ____A C:\Windows\WindowsUpdate.log
    2012-09-14 13:18 - 2012-05-31 15:12 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-09-14 12:37 - 2012-09-14 12:37 - 00054016 ____A C:\Windows\System32\Drivers\uoyffqy.sys
    2012-09-14 11:27 - 2012-09-14 11:25 - 00000868 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-14 11:12 - 2006-11-02 05:01 - 00032580 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-09-14 11:12 - 2006-11-02 04:47 - 00003616 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-14 11:12 - 2006-11-02 04:47 - 00003616 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-14 10:56 - 2012-05-31 15:12 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-09-14 08:35 - 2012-04-23 17:29 - 00001849 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
    2012-09-07 13:04 - 2012-09-14 11:25 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-08-08 14:24 - 2006-11-02 02:22 - 47972352 ____A C:\Windows\System32\config\software_previous
    2012-08-08 14:24 - 2006-11-02 02:22 - 37748736 ____A C:\Windows\System32\config\components_previous
    2012-08-08 14:24 - 2006-11-02 02:22 - 24903680 ____A C:\Windows\System32\config\system_previous
    2012-08-08 14:24 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous
    2012-08-08 14:24 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
    2012-08-08 14:24 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\default_previous
    2012-07-16 04:13 - 2006-11-02 04:47 - 00379584 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-15 18:50 - 2006-11-02 02:23 - 00000219 ____A C:\Windows\win.ini
    2012-07-12 10:33 - 2009-04-11 07:34 - 00039424 ____A C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-07-11 07:20 - 2012-07-11 07:20 - 00011264 ____A C:\Users\Richard\Documents\Scavenger Rules.wps
    2012-07-11 07:20 - 2009-03-31 18:02 - 00000318 ____A C:\Users\Richard\AppData\Roaming\wklnhst.dat
    2012-07-02 23:13 - 2006-11-02 02:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2012-06-30 05:44 - 2012-06-30 05:44 - 00000168 ____A C:\Users\Richard\Desktop\sing.url
    2012-06-24 15:32 - 2012-06-24 15:32 - 00001614 ____A C:\Users\Richard\Desktop\Calculator.lnk

    ZeroAccess:
    C:\Windows\Installer\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}
    C:\Windows\Installer\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\L
    C:\Windows\Installer\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\U

    ZeroAccess:
    C:\Windows\System32\config\systemprofile\AppData\Local\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}
    C:\Windows\System32\config\systemprofile\AppData\Local\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\@
    C:\Windows\System32\config\systemprofile\AppData\Local\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\L
    C:\Windows\System32\config\systemprofile\AppData\Local\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\U

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    TDL4: custom:26000022 <===== ATTENTION!

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 16%
    Total physical RAM: 3030.17 MB
    Available physical RAM: 2528.05 MB
    Total Pagefile: 2773.93 MB
    Available Pagefile: 2598.66 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1980.93 MB

    ==================== Partitions =============================

    1 Drive c: (OS) (Fixed) (Total:222.81 GB) (Free:189.51 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:2.42 GB) NTFS
    4 Drive f: () (Removable) (Total:15.1 GB) (Free:5.6 GB) FAT32
    5 Drive g: (VISTA_SP1_HOMEPREMIUM) (CDROM) (Total:3.32 GB) (Free:0 GB) UDF
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 233 GB 0 B
    Disk 1 Online 15 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 78 MB 32 KB
    Partition 2 Primary 10 GB 79 MB
    Partition 3 Primary 223 GB 10 GB

    =========================================================

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 FAT Partition 78 MB Healthy Hidden

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D RECOVERY NTFS Partition 10 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C OS NTFS Partition 223 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 15 GB 16 KB

    =========================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F FAT32 Removable 15 GB Healthy

    =========================================================

    Last Boot: 2012-09-14 11:00

    ==================== End Of Log ============================
     
  6. Broni

    Broni Malware Annihilator Posts: 47,616   +267

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    =========================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ========================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ========================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     

    Attached Files:

  7. MacThreat

    MacThreat TS Rookie Topic Starter

    13:56:21.0098 2900 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
    13:56:23.0672 2900 ============================================================
    13:56:23.0672 2900 Current date / time: 2012/09/17 13:56:23.0672
    13:56:23.0672 2900 SystemInfo:
    13:56:23.0672 2900
    13:56:23.0672 2900 OS Version: 6.0.6002 ServicePack: 2.0
    13:56:23.0672 2900 Product type: Workstation
    13:56:23.0672 2900 ComputerName: RICHARD-PC
    13:56:23.0672 2900 UserName: Richard
    13:56:23.0672 2900 Windows directory: C:\Windows
    13:56:23.0672 2900 System windows directory: C:\Windows
    13:56:23.0672 2900 Processor architecture: Intel x86
    13:56:23.0672 2900 Number of processors: 2
    13:56:23.0672 2900 Page size: 0x1000
    13:56:23.0672 2900 Boot type: Normal boot
    13:56:23.0672 2900 ============================================================
    13:56:24.0030 2900 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    13:56:24.0030 2900 Drive \Device\Harddisk1\DR1 - Size: 0x3C7800000 (15.12 Gb), SectorSize: 0x200, Cylinders: 0x7B5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    13:56:24.0030 2900 ============================================================
    13:56:24.0030 2900 \Device\Harddisk0\DR0:
    13:56:24.0030 2900 MBR partitions:
    13:56:24.0030 2900 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x1400000
    13:56:24.0030 2900 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1427800, BlocksNum 0x1BD9D800
    13:56:24.0030 2900 \Device\Harddisk1\DR1:
    13:56:24.0030 2900 MBR partitions:
    13:56:24.0030 2900 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1E3BFE0
    13:56:24.0030 2900 ============================================================
    13:56:24.0077 2900 C: <-> \Device\Harddisk0\DR0\Partition2
    13:56:24.0108 2900 D: <-> \Device\Harddisk0\DR0\Partition1
    13:56:24.0108 2900 ============================================================
    13:56:24.0108 2900 Initialize success
    13:56:24.0108 2900 ============================================================
    13:56:25.0949 4092 ============================================================
    13:56:25.0949 4092 Scan started
    13:56:25.0949 4092 Mode: Manual;
    13:56:25.0949 4092 ============================================================
    13:56:26.0199 4092 ================ Scan system memory ========================
    13:56:26.0199 4092 System memory - ok
    13:56:26.0199 4092 ================ Scan services =============================
    13:56:26.0417 4092 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
    13:56:26.0417 4092 ACPI - ok
    13:56:26.0480 4092 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    13:56:26.0495 4092 adp94xx - ok
    13:56:26.0511 4092 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
    13:56:26.0511 4092 adpahci - ok
    13:56:26.0542 4092 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
    13:56:26.0542 4092 adpu160m - ok
    13:56:26.0558 4092 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    13:56:26.0558 4092 adpu320 - ok
    13:56:26.0604 4092 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    13:56:26.0604 4092 AeLookupSvc - ok
    13:56:26.0760 4092 [ 087B04CA45E2F059A55709B0B8F95EA9 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
    13:56:26.0760 4092 AESTFilters - ok
    13:56:26.0823 4092 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
    13:56:26.0823 4092 AFD - ok
    13:56:26.0885 4092 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
    13:56:26.0885 4092 agp440 - ok
    13:56:26.0901 4092 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
    13:56:26.0901 4092 aic78xx - ok
    13:56:26.0916 4092 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
    13:56:26.0916 4092 ALG - ok
    13:56:26.0932 4092 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
    13:56:26.0932 4092 aliide - ok
    13:56:26.0948 4092 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    13:56:26.0948 4092 amdagp - ok
    13:56:26.0963 4092 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
    13:56:26.0979 4092 amdide - ok
    13:56:26.0994 4092 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
    13:56:26.0994 4092 AmdK7 - ok
    13:56:27.0010 4092 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    13:56:27.0010 4092 AmdK8 - ok
    13:56:27.0041 4092 [ B83F9DA84F7079451C1C6A4A2F140920 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
    13:56:27.0041 4092 ApfiltrService - ok
    13:56:27.0088 4092 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
    13:56:27.0088 4092 Appinfo - ok
    13:56:27.0228 4092 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    13:56:27.0228 4092 Apple Mobile Device - ok
    13:56:27.0244 4092 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
    13:56:27.0244 4092 arc - ok
    13:56:27.0306 4092 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
    13:56:27.0306 4092 arcsas - ok
    13:56:27.0353 4092 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    13:56:27.0353 4092 AsyncMac - ok
    13:56:27.0384 4092 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
    13:56:27.0384 4092 atapi - ok
    13:56:27.0462 4092 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    13:56:27.0478 4092 AudioEndpointBuilder - ok
    13:56:27.0478 4092 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
    13:56:27.0478 4092 Audiosrv - ok
    13:56:27.0556 4092 [ 423C7B87E886AC93D22936EA82665F83 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
    13:56:27.0556 4092 BCM42RLY - ok
    13:56:27.0634 4092 [ 41A70777E892C3DEA606758366566A77 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
    13:56:27.0650 4092 BCM43XX - ok
    13:56:27.0728 4092 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
    13:56:27.0728 4092 Beep - ok
    13:56:27.0728 4092 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    13:56:27.0728 4092 blbdrive - ok
    13:56:27.0806 4092 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    13:56:27.0806 4092 bowser - ok
    13:56:27.0837 4092 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
    13:56:27.0837 4092 BrFiltLo - ok
    13:56:27.0868 4092 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
    13:56:27.0868 4092 BrFiltUp - ok
    13:56:27.0884 4092 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
    13:56:27.0884 4092 Browser - ok
    13:56:27.0930 4092 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
    13:56:27.0930 4092 Brserid - ok
    13:56:27.0962 4092 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
    13:56:27.0962 4092 BrSerWdm - ok
    13:56:27.0977 4092 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
    13:56:27.0977 4092 BrUsbMdm - ok
    13:56:27.0993 4092 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
    13:56:27.0993 4092 BrUsbSer - ok
    13:56:28.0040 4092 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    13:56:28.0040 4092 BTHMODEM - ok
    13:56:28.0086 4092 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    13:56:28.0086 4092 cdfs - ok
    13:56:28.0133 4092 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    13:56:28.0133 4092 cdrom - ok
    13:56:28.0180 4092 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
    13:56:28.0180 4092 CertPropSvc - ok
    13:56:28.0196 4092 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    13:56:28.0196 4092 circlass - ok
    13:56:28.0242 4092 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
    13:56:28.0242 4092 CLFS - ok
    13:56:28.0352 4092 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    13:56:28.0352 4092 clr_optimization_v2.0.50727_32 - ok
    13:56:28.0430 4092 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    13:56:28.0430 4092 clr_optimization_v4.0.30319_32 - ok
    13:56:28.0476 4092 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    13:56:28.0476 4092 CmBatt - ok
    13:56:28.0508 4092 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    13:56:28.0508 4092 cmdide - ok
    13:56:28.0523 4092 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    13:56:28.0523 4092 Compbatt - ok
    13:56:28.0554 4092 COMSysApp - ok
    13:56:28.0554 4092 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    13:56:28.0554 4092 crcdisk - ok
    13:56:28.0586 4092 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
    13:56:28.0586 4092 Crusoe - ok
    13:56:28.0617 4092 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    13:56:28.0617 4092 CryptSvc - ok
    13:56:28.0695 4092 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
    13:56:28.0695 4092 DcomLaunch - ok
    13:56:28.0742 4092 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    13:56:28.0742 4092 DfsC - ok
    13:56:28.0882 4092 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
    13:56:28.0913 4092 DFSR - ok
    13:56:28.0991 4092 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
    13:56:28.0991 4092 Dhcp - ok
    13:56:29.0007 4092 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
    13:56:29.0007 4092 disk - ok
    13:56:29.0147 4092 [ 65478ED59558E70CAFC766734616A7D7 ] dldtCATSCustConnectService C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldtserv.exe
    13:56:29.0147 4092 dldtCATSCustConnectService - ok
    13:56:29.0178 4092 dldt_device - ok
    13:56:29.0241 4092 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
    13:56:29.0241 4092 Dnscache - ok
    13:56:29.0288 4092 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
    13:56:29.0288 4092 dot3svc - ok
    13:56:29.0350 4092 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
    13:56:29.0350 4092 DPS - ok
    13:56:29.0428 4092 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    13:56:29.0428 4092 drmkaud - ok
    13:56:29.0459 4092 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    13:56:29.0475 4092 DXGKrnl - ok
    13:56:29.0553 4092 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
    13:56:29.0553 4092 e1express - ok
    13:56:29.0600 4092 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
    13:56:29.0600 4092 E1G60 - ok
    13:56:29.0615 4092 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
    13:56:29.0615 4092 EapHost - ok
    13:56:29.0693 4092 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
    13:56:29.0693 4092 Ecache - ok
    13:56:29.0880 4092 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    13:56:29.0880 4092 ehRecvr - ok
    13:56:29.0927 4092 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
    13:56:29.0927 4092 ehSched - ok
    13:56:29.0958 4092 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
    13:56:29.0958 4092 ehstart - ok
    13:56:30.0021 4092 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    13:56:30.0021 4092 elxstor - ok
    13:56:30.0068 4092 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
    13:56:30.0068 4092 EMDMgmt - ok
    13:56:30.0114 4092 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    13:56:30.0130 4092 ErrDev - ok
    13:56:30.0177 4092 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
    13:56:30.0177 4092 EventSystem - ok
    13:56:30.0255 4092 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
    13:56:30.0255 4092 exfat - ok
    13:56:30.0302 4092 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    13:56:30.0302 4092 fastfat - ok
    13:56:30.0348 4092 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    13:56:30.0348 4092 fdc - ok
    13:56:30.0395 4092 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
    13:56:30.0395 4092 fdPHost - ok
    13:56:30.0395 4092 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
    13:56:30.0395 4092 FDResPub - ok
    13:56:30.0395 4092 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    13:56:30.0411 4092 FileInfo - ok
    13:56:30.0426 4092 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    13:56:30.0426 4092 Filetrace - ok
    13:56:30.0426 4092 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    13:56:30.0426 4092 flpydisk - ok
    13:56:30.0473 4092 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    13:56:30.0473 4092 FltMgr - ok
    13:56:30.0567 4092 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
    13:56:30.0582 4092 FontCache - ok
    13:56:30.0614 4092 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    13:56:30.0629 4092 FontCache3.0.0.0 - ok
    13:56:30.0660 4092 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    13:56:30.0660 4092 Fs_Rec - ok
    13:56:30.0660 4092 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    13:56:30.0660 4092 gagp30kx - ok
    13:56:30.0692 4092 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    13:56:30.0692 4092 GEARAspiWDM - ok
    13:56:30.0738 4092 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
    13:56:30.0754 4092 gpsvc - ok
    13:56:30.0816 4092 GuffinsService - ok
    13:56:30.0863 4092 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    13:56:30.0863 4092 HDAudBus - ok
    13:56:30.0879 4092 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
    13:56:30.0879 4092 HidBth - ok
    13:56:30.0894 4092 [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    13:56:30.0894 4092 HidIr - ok
    13:56:30.0926 4092 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
    13:56:30.0926 4092 hidserv - ok
    13:56:30.0926 4092 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    13:56:30.0941 4092 HidUsb - ok
    13:56:30.0957 4092 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
    13:56:30.0957 4092 hkmsvc - ok
    13:56:30.0972 4092 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
    13:56:30.0972 4092 HpCISSs - ok
    13:56:31.0019 4092 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
    13:56:31.0035 4092 HTTP - ok
    13:56:31.0050 4092 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
    13:56:31.0050 4092 i2omp - ok
    13:56:31.0113 4092 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    13:56:31.0113 4092 i8042prt - ok
    13:56:31.0160 4092 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
    13:56:31.0160 4092 iaStorV - ok
    13:56:31.0238 4092 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    13:56:31.0253 4092 idsvc - ok
     
  8. MacThreat

    MacThreat TS Rookie Topic Starter

    13:56:31.0503 4092 [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
    13:56:31.0581 4092 igfx - ok
    13:56:31.0674 4092 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    13:56:31.0674 4092 iirsp - ok
    13:56:31.0737 4092 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
    13:56:31.0737 4092 IKEEXT - ok
    13:56:31.0799 4092 [ 8DAB99684CFE8B4DDD5D6D0C5D55FDAC ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
    13:56:31.0799 4092 IntcHdmiAddService - ok
    13:56:31.0846 4092 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
    13:56:31.0846 4092 intelide - ok
    13:56:31.0862 4092 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    13:56:31.0862 4092 intelppm - ok
    13:56:31.0893 4092 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    13:56:31.0893 4092 IPBusEnum - ok
    13:56:31.0908 4092 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    13:56:31.0908 4092 IpFilterDriver - ok
    13:56:31.0908 4092 IpInIp - ok
    13:56:31.0924 4092 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
    13:56:31.0924 4092 IPMIDRV - ok
    13:56:31.0940 4092 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
    13:56:31.0940 4092 IPNAT - ok
    13:56:32.0033 4092 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    13:56:32.0049 4092 iPod Service - ok
    13:56:32.0080 4092 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    13:56:32.0080 4092 IRENUM - ok
    13:56:32.0096 4092 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    13:56:32.0096 4092 isapnp - ok
    13:56:32.0127 4092 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    13:56:32.0127 4092 iScsiPrt - ok
    13:56:32.0158 4092 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
    13:56:32.0158 4092 iteatapi - ok
    13:56:32.0189 4092 [ 8BCD857C7932AD005D5F9C89329DA2E1 ] itecir C:\Windows\system32\DRIVERS\itecir.sys
    13:56:32.0189 4092 itecir - ok
    13:56:32.0205 4092 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
    13:56:32.0205 4092 iteraid - ok
    13:56:32.0252 4092 [ 2FBF424E4E8D5F320D2F69D9A726DE30 ] k57nd60x C:\Windows\system32\DRIVERS\k57nd60x.sys
    13:56:32.0252 4092 k57nd60x - ok
    13:56:32.0267 4092 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    13:56:32.0267 4092 kbdclass - ok
    13:56:32.0283 4092 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    13:56:32.0283 4092 kbdhid - ok
    13:56:36.0027 4092 KeyIso - ok
    13:56:39.0615 4092 KSecDD - ok
    13:56:47.0243 4092 KtmRm - ok
    13:56:51.0034 4092 LanmanServer - ok
    13:56:58.0725 4092 LanmanWorkstation - ok
    13:56:59.0333 4092 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    13:56:59.0333 4092 lltdio - ok
    13:56:59.0396 4092 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    13:56:59.0396 4092 lltdsvc - ok
    13:57:02.0578 4092 [ 2474F6359B2686EBCC034214ECDA6253 ] lmhosts C:\Windows\System32\lmhsvc.dll
    13:57:03.0171 4092 Suspicious file (Forged): C:\Windows\System32\lmhsvc.dll. Real md5: 2474F6359B2686EBCC034214ECDA6253, Fake md5: 35D40113E4A5B961B6CE5C5857702518
    13:57:03.0171 4092 lmhosts ( ForgedFile.Multi.Generic ) - warning
    13:57:03.0171 4092 lmhosts - detected ForgedFile.Multi.Generic (1)
    13:57:06.0322 4092 LSI_FC - ok
    13:57:06.0821 4092 LSI_SAS - ok
    13:57:06.0962 4092 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    13:57:06.0962 4092 LSI_SCSI - ok
    13:57:07.0024 4092 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
    13:57:07.0024 4092 luafv - ok
    13:57:07.0118 4092 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    13:57:07.0118 4092 Mcx2Svc - ok
    13:57:07.0164 4092 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
    13:57:07.0164 4092 megasas - ok
    13:57:07.0196 4092 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
    13:57:07.0196 4092 MegaSR - ok
    13:57:07.0320 4092 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
    13:57:07.0320 4092 Microsoft Office Groove Audit Service - ok
    13:57:07.0336 4092 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
    13:57:07.0352 4092 MMCSS - ok
    13:57:07.0352 4092 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
    13:57:07.0352 4092 Modem - ok
    13:57:07.0383 4092 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    13:57:07.0383 4092 monitor - ok
    13:57:07.0398 4092 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    13:57:07.0398 4092 mouclass - ok
    13:57:07.0445 4092 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    13:57:07.0445 4092 mouhid - ok
    13:57:07.0461 4092 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
    13:57:07.0461 4092 MountMgr - ok
    13:57:07.0539 4092 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    13:57:07.0539 4092 MpFilter - ok
    13:57:07.0586 4092 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
    13:57:07.0601 4092 mpio - ok
    13:57:07.0664 4092 MpKsl275cd18b - ok
    13:57:07.0664 4092 MpKsl9a9cb023 - ok
    13:57:07.0726 4092 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    13:57:07.0726 4092 mpsdrv - ok
    13:57:07.0757 4092 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
    13:57:07.0757 4092 Mraid35x - ok
    13:57:07.0804 4092 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    13:57:07.0804 4092 MRxDAV - ok
    13:57:07.0820 4092 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    13:57:07.0820 4092 mrxsmb - ok
    13:57:07.0851 4092 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    13:57:07.0866 4092 mrxsmb10 - ok
    13:57:07.0898 4092 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    13:57:07.0898 4092 mrxsmb20 - ok
    13:57:07.0976 4092 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
    13:57:07.0976 4092 msahci - ok
    13:57:07.0976 4092 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    13:57:07.0991 4092 msdsm - ok
    13:57:07.0991 4092 MSDTC - ok
    13:57:08.0007 4092 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    13:57:08.0007 4092 Msfs - ok
    13:57:08.0022 4092 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    13:57:08.0022 4092 msisadrv - ok
    13:57:08.0054 4092 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    13:57:08.0069 4092 MSiSCSI - ok
    13:57:08.0069 4092 msiserver - ok
    13:57:08.0100 4092 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    13:57:08.0100 4092 MSKSSRV - ok
    13:57:08.0116 4092 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    13:57:08.0116 4092 MSPCLOCK - ok
    13:57:08.0116 4092 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    13:57:08.0116 4092 MSPQM - ok
    13:57:08.0194 4092 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    13:57:08.0194 4092 MsRPC - ok
    13:57:08.0210 4092 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    13:57:08.0210 4092 mssmbios - ok
    13:57:08.0241 4092 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    13:57:08.0241 4092 MSTEE - ok
    13:57:08.0256 4092 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
    13:57:08.0256 4092 Mup - ok
    13:57:08.0288 4092 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
    13:57:08.0303 4092 napagent - ok
    13:57:08.0350 4092 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    13:57:08.0350 4092 NativeWifiP - ok
    13:57:08.0381 4092 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
    13:57:08.0397 4092 NDIS - ok
    13:57:08.0412 4092 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    13:57:08.0412 4092 NdisTapi - ok
    13:57:08.0428 4092 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    13:57:08.0428 4092 Ndisuio - ok
    13:57:08.0475 4092 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    13:57:08.0475 4092 NdisWan - ok
    13:57:08.0506 4092 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    13:57:08.0506 4092 NDProxy - ok
    13:57:08.0522 4092 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    13:57:08.0522 4092 NetBIOS - ok
    13:57:08.0553 4092 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
    13:57:08.0568 4092 netbt - ok
    13:57:08.0568 4092 Netlogon - ok
    13:57:08.0615 4092 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
    13:57:08.0615 4092 Netman - ok
    13:57:08.0646 4092 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
    13:57:08.0646 4092 netprofm - ok
    13:57:08.0678 4092 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    13:57:08.0678 4092 NetTcpPortSharing - ok
    13:57:08.0724 4092 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    13:57:08.0724 4092 nfrd960 - ok
    13:57:08.0756 4092 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    13:57:08.0756 4092 NisDrv - ok
    13:57:08.0865 4092 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    13:57:08.0865 4092 NisSrv - ok
    13:57:08.0896 4092 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
    13:57:08.0912 4092 NlaSvc - ok
    13:57:08.0943 4092 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    13:57:08.0943 4092 Npfs - ok
    13:57:08.0958 4092 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
    13:57:08.0958 4092 nsi - ok
    13:57:08.0974 4092 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    13:57:08.0974 4092 nsiproxy - ok
    13:57:09.0052 4092 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    13:57:09.0068 4092 Ntfs - ok
    13:57:09.0099 4092 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
    13:57:09.0099 4092 ntrigdigi - ok
    13:57:09.0130 4092 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
    13:57:09.0130 4092 Null - ok
    13:57:09.0161 4092 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    13:57:09.0161 4092 nvraid - ok
    13:57:09.0192 4092 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    13:57:09.0192 4092 nvstor - ok
    13:57:09.0208 4092 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    13:57:09.0208 4092 nv_agp - ok
    13:57:09.0208 4092 NwlnkFlt - ok
    13:57:09.0224 4092 NwlnkFwd - ok
    13:57:09.0286 4092 [ 9F4A5990F326F91F4D2FCDD869B15FF4 ] OA001Ufd C:\Windows\system32\DRIVERS\OA001Ufd.sys
    13:57:09.0286 4092 OA001Ufd - ok
    13:57:09.0317 4092 [ FC893946DB8C49D0A1504373DD491B65 ] OA001Vid C:\Windows\system32\DRIVERS\OA001Vid.sys
    13:57:09.0317 4092 OA001Vid - ok
    13:57:09.0411 4092 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    13:57:09.0411 4092 odserv - ok
    13:57:09.0442 4092 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    13:57:09.0442 4092 ohci1394 - ok
    13:57:09.0504 4092 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    13:57:09.0504 4092 ose - ok
    13:57:09.0551 4092 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
    13:57:09.0567 4092 p2pimsvc - ok
    13:57:09.0582 4092 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
    13:57:09.0598 4092 p2psvc - ok
    13:57:09.0614 4092 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
    13:57:09.0614 4092 Parport - ok
    13:57:09.0645 4092 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    13:57:09.0645 4092 partmgr - ok
    13:57:09.0676 4092 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
    13:57:09.0676 4092 Parvdm - ok
    13:57:09.0723 4092 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
    13:57:09.0723 4092 PcaSvc - ok
    13:57:09.0738 4092 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
    13:57:09.0738 4092 pci - ok
    13:57:09.0754 4092 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
    13:57:09.0770 4092 pciide - ok
    13:57:09.0785 4092 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    13:57:09.0785 4092 pcmcia - ok
    13:57:09.0848 4092 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    13:57:09.0863 4092 PEAUTH - ok
    13:57:09.0926 4092 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
    13:57:09.0941 4092 pla - ok
    13:57:09.0988 4092 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    13:57:09.0988 4092 PlugPlay - ok
    13:57:10.0019 4092 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
    13:57:10.0019 4092 PNRPAutoReg - ok
    13:57:10.0050 4092 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
    13:57:10.0050 4092 PNRPsvc - ok
    13:57:10.0082 4092 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    13:57:10.0082 4092 PolicyAgent - ok
    13:57:10.0113 4092 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    13:57:10.0113 4092 PptpMiniport - ok
    13:57:10.0144 4092 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
    13:57:10.0144 4092 Processor - ok
    13:57:10.0175 4092 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
    13:57:10.0175 4092 ProfSvc - ok
    13:57:10.0175 4092 ProtectedStorage - ok
    13:57:10.0253 4092 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
    13:57:10.0253 4092 PSched - ok
    13:57:10.0316 4092 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
    13:57:10.0316 4092 PxHelp20 - ok
    13:57:10.0378 4092 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    13:57:10.0378 4092 ql2300 - ok
    13:57:10.0425 4092 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    13:57:10.0440 4092 ql40xx - ok
    13:57:10.0472 4092 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
    13:57:10.0472 4092 QWAVE - ok
    13:57:10.0487 4092 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    13:57:10.0487 4092 QWAVEdrv - ok
    13:57:10.0565 4092 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
    13:57:10.0581 4092 R300 - ok
    13:57:10.0596 4092 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    13:57:10.0596 4092 RasAcd - ok
    13:57:10.0612 4092 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
    13:57:10.0612 4092 RasAuto - ok
    13:57:10.0628 4092 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    13:57:10.0628 4092 Rasl2tp - ok
    13:57:10.0674 4092 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
    13:57:10.0674 4092 RasMan - ok
    13:57:10.0706 4092 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    13:57:10.0706 4092 RasPppoe - ok
    13:57:10.0752 4092 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    13:57:10.0752 4092 RasSstp - ok
    13:57:10.0799 4092 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    13:57:10.0799 4092 rdbss - ok
    13:57:10.0830 4092 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    13:57:10.0830 4092 RDPCDD - ok
    13:57:10.0862 4092 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
    13:57:10.0877 4092 rdpdr - ok
    13:57:10.0877 4092 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    13:57:10.0877 4092 RDPENCDD - ok
    13:57:10.0955 4092 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    13:57:10.0955 4092 RDPWD - ok
    13:57:11.0018 4092 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
    13:57:11.0018 4092 RemoteAccess - ok
    13:57:11.0064 4092 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
    13:57:11.0064 4092 RemoteRegistry - ok
    13:57:11.0127 4092 [ C2EF513BBE069F0D4EE0938A76F975D3 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
    13:57:11.0127 4092 rimmptsk - ok
    13:57:11.0142 4092 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
    13:57:11.0142 4092 rimsptsk - ok
    13:57:11.0189 4092 [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
    13:57:11.0189 4092 rismxdp - ok
    13:57:11.0220 4092 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
    13:57:11.0220 4092 RpcLocator - ok
    13:57:11.0236 4092 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
    13:57:11.0252 4092 RpcSs - ok
    13:57:11.0267 4092 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    13:57:11.0267 4092 rspndr - ok
    13:57:11.0283 4092 SamSs - ok
    13:57:11.0330 4092 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    13:57:11.0330 4092 sbp2port - ok
    13:57:11.0361 4092 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    13:57:11.0361 4092 SCardSvr - ok
    13:57:11.0423 4092 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
    13:57:11.0423 4092 Schedule - ok
    13:57:11.0439 4092 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
    13:57:11.0439 4092 SCPolicySvc - ok
    13:57:11.0470 4092 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
    13:57:11.0470 4092 sdbus - ok
    13:57:11.0517 4092 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    13:57:11.0517 4092 SDRSVC - ok
    13:57:11.0532 4092 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    13:57:11.0532 4092 secdrv - ok
    13:57:11.0548 4092 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
    13:57:11.0548 4092 seclogon - ok
    13:57:11.0564 4092 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
    13:57:11.0564 4092 SENS - ok
    13:57:11.0595 4092 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
    13:57:11.0595 4092 Serenum - ok
    13:57:11.0610 4092 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
    13:57:11.0610 4092 Serial - ok
    13:57:11.0626 4092 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    13:57:11.0626 4092 sermouse - ok
    13:57:11.0673 4092 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
    13:57:11.0673 4092 SessionEnv - ok
    13:57:11.0704 4092 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
    13:57:11.0704 4092 sffdisk - ok
    13:57:11.0720 4092 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    13:57:11.0720 4092 sffp_mmc - ok
    13:57:11.0766 4092 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
    13:57:11.0766 4092 sffp_sd - ok
    13:57:11.0782 4092 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    13:57:11.0782 4092 sfloppy - ok
    13:57:11.0829 4092 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    13:57:11.0844 4092 ShellHWDetection - ok
    13:57:11.0860 4092 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
    13:57:11.0860 4092 sisagp - ok
    13:57:11.0891 4092 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
    13:57:11.0891 4092 SiSRaid2 - ok
    13:57:11.0922 4092 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    13:57:11.0922 4092 SiSRaid4 - ok
    13:57:12.0063 4092 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
    13:57:12.0094 4092 slsvc - ok
    13:57:12.0141 4092 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
    13:57:12.0141 4092 SLUINotify - ok
    13:57:12.0203 4092 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    13:57:12.0203 4092 Smb - ok
    13:57:12.0312 4092 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    13:57:12.0312 4092 SNMPTRAP - ok
    13:57:12.0375 4092 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
    13:57:12.0375 4092 spldr - ok
    13:57:12.0422 4092 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
    13:57:12.0422 4092 Spooler - ok
    13:57:12.0500 4092 [ 777115C9CC675BD98127660712D2F784 ] sprtsvc_DellSupportCenter C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    13:57:12.0500 4092 sprtsvc_DellSupportCenter - ok
    13:57:12.0546 4092 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
    13:57:12.0546 4092 srv - ok
    13:57:12.0578 4092 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    13:57:12.0578 4092 srv2 - ok
    13:57:12.0624 4092 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    13:57:12.0624 4092 srvnet - ok
    13:57:12.0640 4092 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    13:57:12.0640 4092 SSDPSRV - ok
    13:57:12.0687 4092 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
    13:57:12.0687 4092 SstpSvc - ok
    13:57:12.0780 4092 [ CB2449150A5EA17CAA0B94363D9440CC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
    13:57:12.0796 4092 STacSV - ok
    13:57:12.0858 4092 [ 14A9AD287FDA70A06463E09C4328C1F2 ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
    13:57:12.0858 4092 STHDA - ok
    13:57:12.0905 4092 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
    13:57:12.0905 4092 stisvc - ok
    13:57:12.0952 4092 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    13:57:12.0952 4092 stllssvr - ok
    13:57:12.0999 4092 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    13:57:12.0999 4092 swenum - ok
    13:57:13.0046 4092 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
    13:57:13.0046 4092 swprv - ok
    13:57:13.0077 4092 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
    13:57:13.0077 4092 Symc8xx - ok
    13:57:13.0092 4092 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
    13:57:13.0092 4092 Sym_hi - ok
    13:57:13.0124 4092 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
    13:57:13.0124 4092 Sym_u3 - ok
    13:57:13.0155 4092 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
    13:57:13.0170 4092 SysMain - ok
    13:57:13.0217 4092 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
    13:57:13.0217 4092 TabletInputService - ok
    13:57:13.0264 4092 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
    13:57:13.0264 4092 TapiSrv - ok
    13:57:13.0311 4092 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
    13:57:13.0311 4092 TBS - ok
    13:57:13.0373 4092 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    13:57:13.0373 4092 Tcpip - ok
    13:57:13.0420 4092 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
    13:57:13.0420 4092 Tcpip6 - ok
    13:57:13.0451 4092 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    13:57:13.0451 4092 tcpipreg - ok
    13:57:13.0482 4092 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    13:57:13.0482 4092 TDPIPE - ok
    13:57:13.0498 4092 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    13:57:13.0498 4092 TDTCP - ok
    13:57:13.0545 4092 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    13:57:13.0545 4092 tdx - ok
    13:57:13.0560 4092 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    13:57:13.0560 4092 TermDD - ok
    13:57:13.0607 4092 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
    13:57:13.0607 4092 TermService - ok
    13:57:13.0638 4092 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
    13:57:13.0638 4092 Themes - ok
    13:57:13.0654 4092 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
    13:57:13.0654 4092 THREADORDER - ok
    13:57:13.0685 4092 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
    13:57:13.0685 4092 TrkWks - ok
    13:57:13.0732 4092 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    13:57:13.0732 4092 TrustedInstaller - ok
    13:57:13.0779 4092 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    13:57:13.0779 4092 tssecsrv - ok
    13:57:13.0826 4092 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
    13:57:13.0826 4092 tunmp - ok
    13:57:13.0857 4092 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    13:57:13.0857 4092 tunnel - ok
    13:57:13.0888 4092 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    13:57:13.0888 4092 uagp35 - ok
    13:57:13.0904 4092 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    13:57:13.0904 4092 udfs - ok
    13:57:13.0950 4092 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    13:57:13.0950 4092 UI0Detect - ok
    13:57:13.0982 4092 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    13:57:13.0982 4092 uliagpkx - ok
    13:57:13.0997 4092 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
    13:57:13.0997 4092 uliahci - ok
    13:57:14.0013 4092 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
    13:57:14.0013 4092 UlSata - ok
    13:57:14.0044 4092 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
    13:57:14.0044 4092 ulsata2 - ok
    13:57:14.0075 4092 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    13:57:14.0075 4092 umbus - ok
    13:57:14.0091 4092 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
    13:57:14.0106 4092 upnphost - ok
    13:57:14.0153 4092 [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
    13:57:14.0153 4092 USBAAPL - ok
    13:57:14.0184 4092 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    13:57:14.0184 4092 usbccgp - ok
    13:57:14.0216 4092 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    13:57:14.0216 4092 usbcir - ok
    13:57:14.0262 4092 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    13:57:14.0262 4092 usbehci - ok
    13:57:14.0278 4092 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    13:57:14.0278 4092 usbhub - ok
    13:57:14.0309 4092 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
    13:57:14.0309 4092 usbohci - ok
    13:57:14.0356 4092 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    13:57:14.0356 4092 usbprint - ok
    13:57:14.0590 4092 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    13:57:14.0590 4092 usbscan - ok
    13:57:14.0621 4092 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    13:57:14.0621 4092 USBSTOR - ok
    13:57:14.0668 4092 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    13:57:14.0668 4092 usbuhci - ok
    13:57:14.0699 4092 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
    13:57:14.0699 4092 UxSms - ok
    13:57:14.0730 4092 [ 7364EC1DD206848E22325EDBB6314747 ] vds C:\Windows\System32\vds.exe
    13:57:14.0746 4092 vds - ok
    13:57:14.0793 4092 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    13:57:14.0793 4092 vga - ok
    13:57:14.0808 4092 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
    13:57:14.0808 4092 VgaSave - ok
    13:57:15.0089 4092 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
    13:57:15.0089 4092 viaagp - ok
    13:57:15.0136 4092 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
    13:57:15.0136 4092 ViaC7 - ok
    13:57:15.0152 4092 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
    13:57:15.0152 4092 viaide - ok
    13:57:15.0183 4092 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    13:57:15.0183 4092 volmgr - ok
    13:57:15.0230 4092 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    13:57:15.0230 4092 volmgrx - ok
    13:57:15.0245 4092 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    13:57:15.0261 4092 volsnap - ok
    13:57:15.0308 4092 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    13:57:15.0323 4092 vsmraid - ok
    13:57:15.0401 4092 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
    13:57:15.0417 4092 VSS - ok
    13:57:15.0464 4092 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
    13:57:15.0464 4092 W32Time - ok
    13:57:15.0495 4092 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    13:57:15.0495 4092 WacomPen - ok
    13:57:15.0510 4092 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
    13:57:15.0510 4092 Wanarp - ok
    13:57:15.0510 4092 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    13:57:15.0510 4092 Wanarpv6 - ok
    13:57:15.0557 4092 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
    13:57:15.0557 4092 wcncsvc - ok
    13:57:15.0588 4092 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    13:57:15.0588 4092 WcsPlugInService - ok
    13:57:15.0620 4092 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
    13:57:15.0620 4092 Wd - ok
    13:57:15.0651 4092 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    13:57:15.0666 4092 Wdf01000 - ok
    13:57:15.0682 4092 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
    13:57:15.0682 4092 WdiServiceHost - ok
    13:57:15.0698 4092 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
    13:57:15.0698 4092 WdiSystemHost - ok
    13:57:15.0713 4092 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
    13:57:15.0713 4092 WebClient - ok
    13:57:15.0760 4092 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
    13:57:15.0760 4092 Wecsvc - ok
    13:57:15.0776 4092 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    13:57:15.0776 4092 wercplsupport - ok
    13:57:15.0807 4092 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
    13:57:15.0822 4092 WerSvc - ok
    13:57:15.0822 4092 WinHttpAutoProxySvc - ok
    13:57:15.0900 4092 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    13:57:15.0900 4092 Winmgmt - ok
    13:57:15.0963 4092 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
    13:57:15.0978 4092 WinRM - ok
    13:57:16.0041 4092 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
    13:57:16.0041 4092 Wlansvc - ok
    13:57:16.0056 4092 wltrysvc - ok
    13:57:16.0088 4092 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    13:57:16.0088 4092 WmiAcpi - ok
    13:57:16.0134 4092 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    13:57:16.0134 4092 wmiApSrv - ok
    13:57:16.0197 4092 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    13:57:16.0212 4092 WMPNetworkSvc - ok
    13:57:16.0228 4092 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
    13:57:16.0244 4092 WPCSvc - ok
    13:57:16.0275 4092 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    13:57:16.0275 4092 WPDBusEnum - ok
    13:57:16.0337 4092 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
    13:57:16.0337 4092 WpdUsb - ok
    13:57:16.0446 4092 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    13:57:16.0446 4092 WPFFontCache_v0400 - ok
    13:57:16.0493 4092 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    13:57:16.0493 4092 ws2ifsl - ok
    13:57:16.0493 4092 WSearch - ok
    13:57:16.0510 4092 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    13:57:16.0510 4092 WUDFRd - ok
    13:57:16.0557 4092 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    13:57:16.0557 4092 wudfsvc - ok
    13:57:16.0588 4092 ================ Scan global ===============================
    13:57:16.0619 4092 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
    13:57:16.0666 4092 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
    13:57:16.0681 4092 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
    13:57:16.0728 4092 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
    13:57:16.0728 4092 [Global] - ok
    13:57:16.0728 4092 ================ Scan MBR ==================================
    13:57:16.0744 4092 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
    13:57:17.0103 4092 \Device\Harddisk0\DR0 - ok
    13:57:17.0118 4092 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
    13:57:19.0820 4092 \Device\Harddisk1\DR1 - ok
    13:57:19.0820 4092 ================ Scan VBR ==================================
    13:57:19.0867 4092 [ 65BE1204415EA78D8ADCC537E4B1A06B ] \Device\Harddisk0\DR0\Partition1
    13:57:19.0867 4092 \Device\Harddisk0\DR0\Partition1 - ok
    13:57:19.0867 4092 [ A2519C9C2B8DD871B805564B14443905 ] \Device\Harddisk0\DR0\Partition2
    13:57:19.0882 4092 \Device\Harddisk0\DR0\Partition2 - ok
    13:57:19.0882 4092 [ 3320F5ED4F7C9CFD3A43E2ED2DA62D71 ] \Device\Harddisk1\DR1\Partition1
    13:57:19.0882 4092 \Device\Harddisk1\DR1\Partition1 - ok
    13:57:19.0882 4092 ============================================================
    13:57:19.0882 4092 Scan finished
    13:57:19.0882 4092 ============================================================
    13:57:19.0898 3528 Detected object count: 1
    13:57:19.0898 3528 Actual detected object count: 1
    13:58:00.0227 3528 lmhosts ( ForgedFile.Multi.Generic ) - skipped by user
    13:58:00.0227 3528 lmhosts ( ForgedFile.Multi.Generic ) - User select action: Skip
     
  9. MacThreat

    MacThreat TS Rookie Topic Starter

    ----------------------------------------------------------------------------------------------------
    RogueKiller V8.0.3 [09/13/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Richard [Admin rights]
    Mode : Remove -- Date : 09/17/2012 14:01:22
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 7 ¤¤¤
    [TASK][ROGUE ST] 0 : c:\program files\internet explorer\iexplore.exe -> DELETED
    [TASK][ROGUE ST] 4882 : wscript.exe -> DELETED
    [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
    [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [LOADED] ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 localhost
    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD2500BEVT-75ZCT2 ATA Device +++++
    --- User ---
    [MBR] 5f8ccf10a4fab3020eae32cf4a142de3
    [BSP] 143500e28e0f7628a019343ed6099823 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 161792 | Size: 10240 Mo
    2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21133312 | Size: 228155 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: USB Device +++++
    --- User ---
    [MBR] 212c4e1e73bf2dea892238af0354661f
    [BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 32 | Size: 15479 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
    ----------------------------------------------------------------------------------------------------
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-17 14:02:39
    -----------------------------
    14:02:39.870 OS Version: Windows 6.0.6002 Service Pack 2
    14:02:39.870 Number of processors: 2 586 0x170A
    14:02:39.870 ComputerName: RICHARD-PC UserName: Richard
    14:02:41.071 Initialize success
    14:03:56.942 AVAST engine defs: 12091400
    14:04:12.137 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    14:04:12.137 Disk 0 Vendor: WDC_WD2500BEVT-75ZCT2 11.01A11 Size: 238475MB BusType: 3
    14:04:12.152 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000072
    14:04:12.152 Disk 1 Vendor: Size: 238475MB BusType: 0
    14:04:12.168 Disk 0 MBR read successfully
    14:04:12.168 Disk 0 MBR scan
    14:04:12.184 Disk 0 Windows VISTA default MBR code
    14:04:12.184 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
    14:04:12.199 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 161792
    14:04:12.215 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 228155 MB offset 21133312
    14:04:12.230 Disk 0 scanning sectors +488394752
    14:04:12.308 Disk 0 scanning C:\Windows\system32\drivers
    14:04:22.027 Service scanning
    14:04:42.370 Modules scanning
    14:05:01.854 Disk 0 trace - called modules:
    14:05:01.901 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS igdkmd32.sys dxgkrnl.sys
    14:05:01.916 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8600b780]
    14:05:01.932 3 CLASSPNP.SYS[8a99d8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x858ff390]
    14:05:03.196 AVAST engine scan C:\Windows
    14:05:05.848 AVAST engine scan C:\Windows\system32
    14:08:08.585 AVAST engine scan C:\Windows\system32\drivers
    14:08:21.502 AVAST engine scan C:\Users\Richard
    14:11:56.580 AVAST engine scan C:\ProgramData
    14:13:19.900 Scan finished successfully
    14:23:10.235 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
    14:23:10.266 The log file has been saved successfully to "F:\aswMBR.txt"
     
  10. Broni

    Broni Malware Annihilator Posts: 47,616   +267

    I still need Fixlog.txt log.

    How is computer doing?
     
  11. MacThreat

    MacThreat TS Rookie Topic Starter

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-09-2012 02
    Ran by SYSTEM at 2012-09-17 13:41:54 Run:1
    Running from F:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\Installer\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54} moved successfully.
    C:\Windows\System32\config\systemprofile\AppData\Local\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54} moved successfully.

    The operation completed successfully.
    The operation completed successfully.

    ==== End of Fixlog ====

    It seems to be doing better
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,616   +267

    Good :)

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. MacThreat

    MacThreat TS Rookie Topic Starter

    OTL logfile created on: 9/17/2012 4:28:51 PM - Run 1
    OTL by OldTimer - Version 3.2.61.5 Folder = F:\
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.96 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 61.26% Memory free
    6.15 Gb Paging File | 5.12 Gb Available in Paging File | 83.36% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.81 Gb Total Space | 185.13 Gb Free Space | 83.09% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 2.42 Gb Free Space | 24.18% Space Free | Partition Type: NTFS
    Drive F: | 15.10 Gb Total Space | 5.60 Gb Free Space | 37.06% Space Free | Partition Type: FAT32

    Computer Name: RICHARD-PC | User Name: Richard | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/17 16:23:10 | 000,600,064 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
    PRC - [2012/09/17 13:55:06 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- F:\AtlasToolBox\Quickfix\Malware\TDSSKiller.exe
    PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/12/22 05:26:46 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
    PRC - [2008/12/22 05:26:36 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
    PRC - [2008/12/22 05:26:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
    PRC - [2008/10/04 14:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2008/08/25 07:26:04 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
    PRC - [2008/08/25 07:25:54 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2008/08/25 07:25:54 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
    PRC - [2008/08/25 07:25:52 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2008/02/25 12:38:12 | 000,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldtcoms.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/13 22:33:31 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
    MOD - [2012/05/12 03:41:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/12 03:38:44 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
    MOD - [2012/05/12 03:38:35 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
    MOD - [2008/12/22 06:32:38 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\Guffins\bar\1.bin\u4barsvc.exe -- (GuffinsService)
    SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2008/12/22 05:26:36 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
    SRV - [2008/12/22 05:26:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
    SRV - [2008/10/04 14:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
    SRV - [2008/02/25 12:38:16 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe -- (dldtCATSCustConnectService)
    SRV - [2008/02/25 12:38:12 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldtcoms.exe -- (dldt_device)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57779DFF-FC42-4CD8-A139-035582ADCD24}\MpKsl9a9cb023.sys -- (MpKsl9a9cb023)
    DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57779DFF-FC42-4CD8-A139-035582ADCD24}\MpKsl275cd18b.sys -- (MpKsl275cd18b)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Richard\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
    DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2009/01/19 08:38:16 | 000,133,472 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
    DRV - [2009/01/19 08:38:12 | 000,279,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
    DRV - [2008/12/22 06:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV - [2008/12/22 05:26:50 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2008/11/21 07:15:30 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
    DRV - [2008/08/25 07:25:52 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2008/08/25 06:37:44 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
    DRV - [2008/08/25 06:35:24 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
    DRV - [2008/07/16 07:46:52 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2008/07/16 07:46:50 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2008/07/16 07:46:48 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
    DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80307
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80307&lng=en
    IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    IE - HKLM\..\SearchScopes\{68CBD416-D13A-4A27-A792-1545FA99083D}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebsearch.com/myweb...4870&st=sb&n=77ecdf80&searchfor={searchTerms}
    IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2189699


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-2606743370-2938532883-3730318516-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    IE - HKU\S-1-5-21-2606743370-2938532883-3730318516-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKU\S-1-5-21-2606743370-2938532883-3730318516-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
    IE - HKU\S-1-5-21-2606743370-2938532883-3730318516-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2606743370-2938532883-3730318516-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@Guffins.com/Plugin: C:\Program Files\Guffins\bar\1.bin\NPu4Stub.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\u4ffxtbr@Guffins.com: C:\Program Files\Guffins\bar\1.bin [2012/09/14 16:37:47 | 000,000,000 | ---D | M]

    [2011/01/12 19:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Extensions
    [2012/09/14 15:03:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\lgtfwver.default\extensions
    [2012/01/24 17:53:26 | 000,000,000 | ---D | M] (Guffins) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\lgtfwver.default\extensions\u4ffxtbr@Guffins.com
    [2012/09/14 15:03:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\vgglafcn.default\extensions
    [2011/10/29 16:07:12 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\vgglafcn.default\extensions\{2cd23f59-b15e-480e-893f-53548fb8f5ab}
    [2012/01/24 17:53:26 | 000,000,000 | ---D | M] (Guffins) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\vgglafcn.default\extensions\u4ffxtbr@Guffins.com
    [2012/05/31 19:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/05/31 19:05:50 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com
    [2011/12/21 00:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/12/21 00:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/09/14 18:02:54 | 000,000,855 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    O2 - BHO: (Toolbar BHO) - {a916eefe-6a17-4d7d-a131-2738b260bb55} - C:\PROGRA~1\Guffins\bar\1.bin\u4bar.dll File not found
    O2 - BHO: (Search Assistant BHO) - {d6a34acb-76fa-4a14-88ea-5d54797a2028} - C:\Program Files\Guffins\bar\1.bin\u4SrcAs.dll File not found
    O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Guffins) - {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:\Program Files\Guffins\bar\1.bin\u4bar.dll File not found
    O3 - HKU\S-1-5-21-2606743370-2938532883-3730318516-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-2606743370-2938532883-3730318516-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-2606743370-2938532883-3730318516-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
    O3 - HKU\S-1-5-21-2606743370-2938532883-3730318516-1000\..\Toolbar\WebBrowser: (Guffins) - {DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5} - C:\Program Files\Guffins\bar\1.bin\u4bar.dll File not found
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-21-2606743370-2938532883-3730318516-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
    O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
    O13 - gopher Prefix: missing
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://connect.entergy.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 68.87.73.242
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C71C8B04-BBD1-4567-8DFC-94204726ED96}: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E35086B6-AA4F-41B7-B5A7-24459F030FB9}: DhcpNameServer = 8.8.8.8 68.87.73.242
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Richard\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Richard\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{ce974bdc-188b-11de-8e93-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{ce974bdc-188b-11de-8e93-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
    O33 - MountPoints2\{ce974bdc-188b-11de-8e93-806e6f6e6963}\Shell\configure\command - "" = E:\SETUP.EXE
    O33 - MountPoints2\{ce974bdc-188b-11de-8e93-806e6f6e6963}\Shell\install\command - "" = E:\SETUP.EXE
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/17 13:58:54 | 000,000,000 | ---D | C] -- C:\Users\Richard\Desktop\RK_Quarantine
    [2012/09/15 13:12:13 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/09/15 13:12:03 | 000,097,440 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SMR310.SYS
    [2012/09/15 13:12:02 | 000,000,000 | ---D | C] -- C:\NPE
    [2012/09/15 13:11:55 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\NPE
    [2012/09/15 12:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
    [2012/09/15 12:48:10 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
    [2012/09/15 12:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
    [2012/09/15 12:26:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
    [2012/09/15 11:20:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/09/14 20:48:34 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Richard\Desktop\TDSSKiller.exe
    [2012/09/14 17:43:20 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
    [2012/09/14 17:17:30 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/14 17:17:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/09/14 17:17:25 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
    [2012/09/14 16:51:09 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2012/09/14 15:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/09/14 15:25:31 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Malwarebytes
    [2012/09/14 15:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/09/14 15:25:25 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/09/14 15:25:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/09/14 15:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/09/17 16:27:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/17 15:43:04 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/17 15:43:04 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/17 13:47:41 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Richard\Desktop\TDSSKiller.exe
    [2012/09/17 13:42:59 | 3178,123,264 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/17 13:40:08 | 001,378,816 | ---- | M] () -- C:\Users\Richard\Desktop\RogueKiller.exe
    [2012/09/17 11:12:14 | 000,000,680 | ---- | M] () -- C:\Users\Richard\AppData\Local\d3d9caps.dat
    [2012/09/17 11:06:48 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\dovtuw.sys
    [2012/09/15 13:12:09 | 000,000,020 | ---- | M] () -- C:\Windows\System32\drivers\SMR310.dat
    [2012/09/15 13:12:03 | 000,097,440 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SMR310.SYS
    [2012/09/15 12:48:10 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
    [2012/09/14 18:05:16 | 000,621,720 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/09/14 18:05:16 | 000,110,032 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/09/14 18:02:54 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/09/14 16:37:47 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\uoyffqy.sys
    [2012/09/14 15:27:36 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/14 12:35:45 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/09/17 13:45:23 | 001,378,816 | ---- | C] () -- C:\Users\Richard\Desktop\RogueKiller.exe
    [2012/09/17 13:42:59 | 3178,123,264 | -HS- | C] () -- C:\hiberfil.sys
    [2012/09/17 11:06:48 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\dovtuw.sys
    [2012/09/15 13:12:03 | 000,000,020 | ---- | C] () -- C:\Windows\System32\drivers\SMR310.dat
    [2012/09/15 12:48:10 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
    [2012/09/14 18:00:48 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
    [2012/09/14 17:41:25 | 000,000,680 | ---- | C] () -- C:\Users\Richard\AppData\Local\d3d9caps.dat
    [2012/09/14 16:37:47 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\uoyffqy.sys
    [2012/09/14 15:25:26 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/14 15:04:16 | 000,172,408 | ---- | C] () -- C:\Program Files\12res.dll
    [2012/06/19 17:06:04 | 015,207,790 | ---- | C] () -- C:\Users\Richard\Morris%20Loan.pdf
    [2012/01/09 23:48:20 | 000,000,000 | -HS- | C] () -- C:\ProgramData\7ct6a68iue388sx5ba
    [2012/01/09 23:48:18 | 000,001,122 | -HS- | C] () -- C:\Users\Richard\AppData\Local\7ct6a68iue388sx5ba
    [2011/01/14 19:14:52 | 000,000,120 | ---- | C] () -- C:\Users\Richard\AppData\Local\Fwozoquqofolini.dat
    [2011/01/14 19:14:52 | 000,000,000 | ---- | C] () -- C:\Users\Richard\AppData\Local\Dfeca.bin
    [2010/01/16 13:38:12 | 000,000,104 | ---- | C] () -- C:\Users\Richard\Internet - Shortcut.lnk
    [2009/08/19 18:11:06 | 000,000,947 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\DataSafeDotNet.exe
    [2009/04/11 11:34:36 | 000,039,424 | ---- | C] () -- C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/03/31 22:02:00 | 000,000,318 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\wklnhst.dat

    ========== LOP Check ==========

    [2012/05/06 17:08:21 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\.minecraft
    [2012/01/14 19:14:23 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\DriverFinder
    [2012/05/08 07:26:28 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\ICAClient
    [2012/01/14 14:19:03 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\iYogi
    [2011/01/17 19:51:17 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\PlayFirst
    [2011/04/30 05:23:21 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\RebateInformer
    [2011/01/14 21:14:04 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Sammsoft
    [2009/03/31 22:02:01 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Template
    [2009/04/05 12:09:25 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Windows Live Writer
    [2012/09/14 15:12:45 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3

    < End of report >
     
  14. MacThreat

    MacThreat TS Rookie Topic Starter

    OTL Extras logfile created on: 9/17/2012 4:28:51 PM - Run 1
    OTL by OldTimer - Version 3.2.61.5 Folder = F:\
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.96 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 61.26% Memory free
    6.15 Gb Paging File | 5.12 Gb Available in Paging File | 83.36% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.81 Gb Total Space | 185.13 Gb Free Space | 83.09% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 2.42 Gb Free Space | 24.18% Space Free | Partition Type: NTFS
    Drive F: | 15.10 Gb Total Space | 5.60 Gb Free Space | 37.06% Space Free | Partition Type: FAT32

    Computer Name: RICHARD-PC | User Name: Richard | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    ========== Firewall Settings ==========

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
    "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604
    "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
    "{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
    "CCleaner" = CCleaner
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Creative OA001" = Integrated Webcam Driver (1.05.02.1227)
    "Dell V305" = Dell V305
    "Dell Video Chat" = Dell Video Chat
    "Dell Webcam Central" = Dell Webcam Central
    "ENTERPRISER" = Microsoft Office Enterprise 2007
    "Guffinsbar Uninstall" = Guffins
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2606743370-2938532883-3730318516-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/28/2012 7:10:25 PM | Computer Name = Richard-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 7/28/2012 7:10:41 PM | Computer Name = Richard-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 7/28/2012 7:10:41 PM | Computer Name = Richard-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 7/28/2012 7:10:41 PM | Computer Name = Richard-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 7/28/2012 7:10:56 PM | Computer Name = Richard-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 7/28/2012 7:10:56 PM | Computer Name = Richard-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 7/28/2012 7:10:56 PM | Computer Name = Richard-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 7/28/2012 7:11:12 PM | Computer Name = Richard-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 7/28/2012 7:11:12 PM | Computer Name = Richard-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 7/28/2012 7:11:12 PM | Computer Name = Richard-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 7/28/2012 7:11:28 PM | Computer Name = Richard-PC | Source = Bonjour Service | ID = 100
    Description =

    [ Broadcom Wireless LAN Events ]
    Error - 7/10/2012 11:39:00 AM | Computer Name = Richard-PC | Source = WLAN-Tray | ID = 0
    Description = 11:39:00, Tue, Jul 10, 12 Error - Unable to gain access to user store

    Error - 7/22/2012 9:58:17 PM | Computer Name = Richard-PC | Source = WLAN-Tray | ID = 0
    Description = 21:58:17, Sun, Jul 22, 12 Error - Unable to gain access to user store

    Error - 7/27/2012 7:06:32 PM | Computer Name = Richard-PC | Source = WLAN-Tray | ID = 0
    Description = 19:06:31, Fri, Jul 27, 12 Error - Unable to gain access to user store

    Error - 7/29/2012 10:02:11 AM | Computer Name = Richard-PC | Source = WLAN-Tray | ID = 0
    Description = 10:02:10, Sun, Jul 29, 12 Error - Unable to gain access to user store

    Error - 8/12/2012 7:39:53 AM | Computer Name = Richard-PC | Source = WLAN-Tray | ID = 0
    Description = 07:39:53, Sun, Aug 12, 12 Error - Unable to gain access to user store

    Error - 8/12/2012 4:18:12 PM | Computer Name = Richard-PC | Source = WLAN-Tray | ID = 0
    Description = 16:18:11, Sun, Aug 12, 12 Error - Unable to gain access to user store

    Error - 8/19/2012 12:56:39 PM | Computer Name = Richard-PC | Source = WLAN-Tray | ID = 0
    Description = 12:56:38, Sun, Aug 19, 12 Error - Unable to gain access to user store

    Error - 8/20/2012 7:22:26 PM | Computer Name = Richard-PC | Source = WLAN-Tray | ID = 0
    Description = 19:22:26, Mon, Aug 20, 12 Error - Unable to gain access to user store

    Error - 8/23/2012 12:50:30 PM | Computer Name = Richard-PC | Source = WLAN-Tray | ID = 0
    Description = 12:50:29, Thu, Aug 23, 12 Error - Unable to gain access to user store

    Error - 9/14/2012 2:24:31 PM | Computer Name = Richard-PC | Source = WLAN-Tray | ID = 0
    Description = 14:24:31, Fri, Sep 14, 12 Error - Unable to gain access to user store

    [ Media Center Events ]
    Error - 1/10/2011 7:22:22 PM | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package NetTV.

    Error - 8/4/2012 11:31:06 AM | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 8/6/2012 5:58:48 PM | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ OSession Events ]
    Error - 2/6/2011 3:18:53 PM | Computer Name = Richard-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 6/22/2012 10:43:11 AM | Computer Name = Richard-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 71
    seconds with 60 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 9/17/2012 1:59:57 PM | Computer Name = Richard-PC | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 9/17/2012 2:42:23 PM | Computer Name = Richard-PC | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 9/17/2012 2:42:23 PM | Computer Name = Richard-PC | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 9/17/2012 2:42:23 PM | Computer Name = Richard-PC | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 9/17/2012 2:44:02 PM | Computer Name = Richard-PC | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 9/17/2012 2:44:02 PM | Computer Name = Richard-PC | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 9/17/2012 2:44:02 PM | Computer Name = Richard-PC | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 9/17/2012 2:44:02 PM | Computer Name = Richard-PC | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 9/17/2012 2:47:04 PM | Computer Name = Richard-PC | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 9/17/2012 2:47:04 PM | Computer Name = Richard-PC | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.


    < End of report >
     
  15. Broni

    Broni Malware Annihilator Posts: 47,616   +267

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\Guffins\bar\1.bin\u4barsvc.exe -- (GuffinsService)
      DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57779DFF-FC42-4CD8-A139-035582ADCD24}\MpKsl9a9cb023.sys -- (MpKsl9a9cb023)
      DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57779DFF-FC42-4CD8-A139-035582ADCD24}\MpKsl275cd18b.sys -- (MpKsl275cd18b)
      DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Richard\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
      IE - HKLM\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebsearch.com/myweb...4870&st=sb&n=77ecdf80&searchfor={searchTerms}
      O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
      O2 - BHO: (Toolbar BHO) - {a916eefe-6a17-4d7d-a131-2738b260bb55} - C:\PROGRA~1\Guffins\bar\1.bin\u4bar.dll File not found
      O2 - BHO: (Search Assistant BHO) - {d6a34acb-76fa-4a14-88ea-5d54797a2028} - C:\Program Files\Guffins\bar\1.bin\u4SrcAs.dll File not found
      O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (Guffins) - {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:\Program Files\Guffins\bar\1.bin\u4bar.dll File not found
      O3 - HKU\S-1-5-21-2606743370-2938532883-3730318516-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O3 - HKU\S-1-5-21-2606743370-2938532883-3730318516-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O3 - HKU\S-1-5-21-2606743370-2938532883-3730318516-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
      O3 - HKU\S-1-5-21-2606743370-2938532883-3730318516-1000\..\Toolbar\WebBrowser: (Guffins) - {DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5} - C:\Program Files\Guffins\bar\1.bin\u4bar.dll File not found
      O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
      O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
      [2012/05/31 19:05:50 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com
      O33 - MountPoints2\{ce974bdc-188b-11de-8e93-806e6f6e6963}\Shell - "" = AutoRun
      O33 - MountPoints2\{ce974bdc-188b-11de-8e93-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
      O33 - MountPoints2\{ce974bdc-188b-11de-8e93-806e6f6e6963}\Shell\configure\command - "" = E:\SETUP.EXE
      O33 - MountPoints2\{ce974bdc-188b-11de-8e93-806e6f6e6963}\Shell\install\command - "" = E:\SETUP.EXE
      [2012/09/15 13:12:13 | 000,000,000 | ---D | C] -- C:\FRST
      [2012/01/09 23:48:20 | 000,000,000 | -HS- | C] () -- C:\ProgramData\7ct6a68iue388sx5ba
      [2012/01/09 23:48:18 | 000,001,122 | -HS- | C] () -- C:\Users\Richard\AppData\Local\7ct6a68iue388sx5ba
      [2011/01/14 19:14:52 | 000,000,120 | ---- | C] () -- C:\Users\Richard\AppData\Local\Fwozoquqofolini.dat
      [2012/09/17 11:06:48 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\dovtuw.sys
      [2012/09/14 16:37:47 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\uoyffqy.sys
      [2011/01/14 19:14:52 | 000,000,000 | ---- | C] () -- C:\Users\Richard\AppData\Local\Dfeca.bin
      @Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    =========================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  16. MacThreat

    MacThreat TS Rookie Topic Starter

    # AdwCleaner v2.002 - Logfile created 09/18/2012 at 10:27:02
    # Updated 16/09/2012 by Xplode
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # User : Richard - RICHARD-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Richard\Downloads\adwcleaner (1).exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
    Folder Deleted : C:\Program Files\Ask.com
    Folder Deleted : C:\Program Files\Babylon
    Folder Deleted : C:\Program Files\Crawler
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Users\Richard\AppData\Local\Conduit
    Folder Deleted : C:\Users\Richard\AppData\LocalLow\BabylonToolbar
    Folder Deleted : C:\Users\Richard\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Richard\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Richard\AppData\Roaming\RebateInformer

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC99A798-FD3D-4AB4-969E-6071612524F9}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKCU\Software\SweetIm
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
    Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2189699
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\Software\SweetIm
    Key Deleted : HKLM\Software\Tarma Installer
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80307&lng=en --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80307 --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80307&lng=en --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80307 --> hxxp://www.google.com

    -\\ Mozilla Firefox v [Unable to get version]

    *************************

    AdwCleaner[S1].txt - [5464 octets] - [18/09/2012 10:27:02]

    ########## EOF - C:\AdwCleaner[S1].txt - [5524 octets] ##########
    Results of screen317's Security Check version 0.99.51
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Security Center service is not running! This report may not be accurate!
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    CCleaner
    Adobe Reader 9 Adobe Reader out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0 %
    ````````````````````End of Log``````````````````````
    Farbar Service Scanner Version: 06-08-2012
    Ran by Richard (administrator) on 18-09-2012 at 10:26:10
    Running from "C:\Users\Richard\Downloads"
    MicrosoftÆ Windows Vistaô Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.
    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.
    MpsSvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to retrieve start type of MpsSvc. The value does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of MpsSvc. The value does not exist.
    Unable to retrieve ServiceDll of MpsSvc. The value does not exist.
    bfe Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
    Firewall Disabled Policy:
    ==================
    System Restore:
    ============
    System Restore Disabled Policy:
    ========================
    Security Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
    Windows Autoupdate Disabled Policy:
    ============================
    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1
    Other Services:
    ==============
    Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
    Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
    Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.
    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit
    **** End of log ****

    C:\Qoobox\Quarantine\C\Windows\Installer\{0b38790d-b98d-eb8a-6bd1-ac2f9af29a54}\U\80000032.@.vira variant of Win32/Sirefef.FD trojancleaned by deleting - quarantined
     
  17. MacThreat

    MacThreat TS Rookie Topic Starter

    It also blocks the firewall not sure how to fix this issue it pops up a dialog that says

     
  18. Broni

    Broni Malware Annihilator Posts: 47,616   +267

    I still need OTL fix log.

    When done with that...we have number of registry keys missing.

    Download Windows Repair (all in one) from this site

    Install the program then run it.

    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    [​IMG]



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 4 and under "System Restore" click on Create button:

    [​IMG]


    Go to Start Repairs tab and click Start button.

    [​IMG]


    Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

    [​IMG]

    Click on box next to the Restart System when Finished. Then click on Start.

    Post new FSS log.
     
  19. MacThreat

    MacThreat TS Rookie Topic Starter





    OTL logfile created on: 9/17/2012 4:28:51 PM - Run 1
    OTL by OldTimer - Version 3.2.61.5 Folder = F:\
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.96 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 61.26% Memory free
    6.15 Gb Paging File | 5.12 Gb Available in Paging File | 83.36% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.81 Gb Total Space | 185.13 Gb Free Space | 83.09% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 2.42 Gb Free Space | 24.18% Space Free | Partition Type: NTFS
    Drive F: | 15.10 Gb Total Space | 5.60 Gb Free Space | 37.06% Space Free | Partition Type: FAT32

    Computer Name: RICHARD-PC | User Name: Richard | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/17 16:23:10 | 000,600,064 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
    PRC - [2012/09/17 13:55:06 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- F:\AtlasToolBox\Quickfix\Malware\TDSSKiller.exe
    PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/12/22 05:26:46 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
    PRC - [2008/12/22 05:26:36 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
    PRC - [2008/12/22 05:26:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
    PRC - [2008/10/04 14:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2008/08/25 07:26:04 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
    PRC - [2008/08/25 07:25:54 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2008/08/25 07:25:54 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
    PRC - [2008/08/25 07:25:52 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2008/02/25 12:38:12 | 000,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldtcoms.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/13 22:33:31 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
    MOD - [2012/05/12 03:41:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/12 03:38:44 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
    MOD - [2012/05/12 03:38:35 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
    MOD - [2008/12/22 06:32:38 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\Guffins\bar\1.bin\u4barsvc.exe -- (GuffinsService)
    SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2008/12/22 05:26:36 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
    SRV - [2008/12/22 05:26:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
    SRV - [2008/10/04 14:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
    SRV - [2008/02/25 12:38:16 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe -- (dldtCATSCustConnectService)
    SRV - [2008/02/25 12:38:12 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldtcoms.exe -- (dldt_device)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57779DFF-FC42-4CD8-A139-035582ADCD24}\MpKsl9a9cb023.sys -- (MpKsl9a9cb023)
    DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57779DFF-FC42-4CD8-A139-035582ADCD24}\MpKsl275cd18b.sys -- (MpKsl275cd18b)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Richard\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
    DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2009/01/19 08:38:16 | 000,133,472 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
    DRV - [2009/01/19 08:38:12 | 000,279,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
    DRV - [2008/12/22 06:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV - [2008/12/22 05:26:50 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2008/11/21 07:15:30 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
    DRV - [2008/08/25 07:25:52 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2008/08/25 06:37:44 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
    DRV - [2008/08/25 06:35:24 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
    DRV - [2008/07/16 07:46:52 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2008/07/16 07:46:50 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2008/07/16 07:46:48 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
    DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80307
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80307&lng=en
    IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    IE - HKLM\..\SearchScopes\{68CBD416-D13A-4A27-A792-1545FA99083D}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebsearch.com/myweb...4870&st=sb&n=77ecdf80&searchfor={searchTerms}
    IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2189699


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-2606743370-2938532883-3730318516-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    IE - HKU\S-1-5-21-2606743370-2938532883-3730318516-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKU\S-1-5-21-2606743370-2938532883-3730318516-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
    IE - HKU\S-1-5-21-2606743370-2938532883-3730318516-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2606743370-2938532883-3730318516-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@Guffins.com/Plugin: C:\Program Files\Guffins\bar\1.bin\NPu4Stub.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\u4ffxtbr@Guffins.com: C:\Program Files\Guffins\bar\1.bin [2012/09/14 16:37:47 | 000,000,000 | ---D | M]

    [2011/01/12 19:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Extensions
    [2012/09/14 15:03:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\lgtfwver.default\extensions
    [2012/01/24 17:53:26 | 000,000,000 | ---D | M] (Guffins) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\lgtfwver.default\extensions\u4ffxtbr@Guffins.com
    [2012/09/14 15:03:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\vgglafcn.default\extensions
    [2011/10/29 16:07:12 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\vgglafcn.default\extensions\{2cd23f59-b15e-480e-893f-53548fb8f5ab}
    [2012/01/24 17:53:26 | 000,000,000 | ---D | M] (Guffins) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\vgglafcn.default\extensions\u4ffxtbr@Guffins.com
    [2012/05/31 19:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/05/31 19:05:50 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com
    [2011/12/21 00:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/12/21 00:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/09/14 18:02:54 | 000,000,855 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    O2 - BHO: (Toolbar BHO) - {a916eefe-6a17-4d7d-a131-2738b260bb55} - C:\PROGRA~1\Guffins\bar\1.bin\u4bar.dll File not found
    O2 - BHO: (Search Assistant BHO) - {d6a34acb-76fa-4a14-88ea-5d54797a2028} - C:\Program Files\Guffins\bar\1.bin\u4SrcAs.dll File not found
    O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Guffins) - {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:\Program Files\Guffins\bar\1.bin\u4bar.dll File not found
    O3 - HKU\S-1-5-21-2606743370-2938532883-3730318516-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-2606743370-2938532883-3730318516-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-2606743370-2938532883-3730318516-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
    O3 - HKU\S-1-5-21-2606743370-2938532883-3730318516-1000\..\Toolbar\WebBrowser: (Guffins) - {DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5} - C:\Program Files\Guffins\bar\1.bin\u4bar.dll File not found
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-21-2606743370-2938532883-3730318516-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
    O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
    O13 - gopher Prefix: missing
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://connect.entergy.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 68.87.73.242
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C71C8B04-BBD1-4567-8DFC-94204726ED96}: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E35086B6-AA4F-41B7-B5A7-24459F030FB9}: DhcpNameServer = 8.8.8.8 68.87.73.242
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Richard\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Richard\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{ce974bdc-188b-11de-8e93-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{ce974bdc-188b-11de-8e93-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
    O33 - MountPoints2\{ce974bdc-188b-11de-8e93-806e6f6e6963}\Shell\configure\command - "" = E:\SETUP.EXE
    O33 - MountPoints2\{ce974bdc-188b-11de-8e93-806e6f6e6963}\Shell\install\command - "" = E:\SETUP.EXE
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/17 13:58:54 | 000,000,000 | ---D | C] -- C:\Users\Richard\Desktop\RK_Quarantine
    [2012/09/15 13:12:13 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/09/15 13:12:03 | 000,097,440 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SMR310.SYS
    [2012/09/15 13:12:02 | 000,000,000 | ---D | C] -- C:\NPE
    [2012/09/15 13:11:55 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\NPE
    [2012/09/15 12:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
    [2012/09/15 12:48:10 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
    [2012/09/15 12:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
    [2012/09/15 12:26:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
    [2012/09/15 11:20:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/09/14 20:48:34 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Richard\Desktop\TDSSKiller.exe
    [2012/09/14 17:43:20 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
    [2012/09/14 17:17:30 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/14 17:17:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/09/14 17:17:25 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
    [2012/09/14 16:51:09 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2012/09/14 15:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/09/14 15:25:31 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Malwarebytes
    [2012/09/14 15:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/09/14 15:25:25 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/09/14 15:25:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/09/14 15:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/09/17 16:27:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/17 15:43:04 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/17 15:43:04 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/17 13:47:41 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Richard\Desktop\TDSSKiller.exe
    [2012/09/17 13:42:59 | 3178,123,264 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/17 13:40:08 | 001,378,816 | ---- | M] () -- C:\Users\Richard\Desktop\RogueKiller.exe
    [2012/09/17 11:12:14 | 000,000,680 | ---- | M] () -- C:\Users\Richard\AppData\Local\d3d9caps.dat
    [2012/09/17 11:06:48 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\dovtuw.sys
    [2012/09/15 13:12:09 | 000,000,020 | ---- | M] () -- C:\Windows\System32\drivers\SMR310.dat
    [2012/09/15 13:12:03 | 000,097,440 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SMR310.SYS
    [2012/09/15 12:48:10 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
    [2012/09/14 18:05:16 | 000,621,720 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/09/14 18:05:16 | 000,110,032 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/09/14 18:02:54 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/09/14 16:37:47 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\uoyffqy.sys
    [2012/09/14 15:27:36 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/14 12:35:45 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/09/17 13:45:23 | 001,378,816 | ---- | C] () -- C:\Users\Richard\Desktop\RogueKiller.exe
    [2012/09/17 13:42:59 | 3178,123,264 | -HS- | C] () -- C:\hiberfil.sys
    [2012/09/17 11:06:48 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\dovtuw.sys
    [2012/09/15 13:12:03 | 000,000,020 | ---- | C] () -- C:\Windows\System32\drivers\SMR310.dat
    [2012/09/15 12:48:10 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
    [2012/09/14 18:00:48 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
    [2012/09/14 17:41:25 | 000,000,680 | ---- | C] () -- C:\Users\Richard\AppData\Local\d3d9caps.dat
    [2012/09/14 16:37:47 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\uoyffqy.sys
    [2012/09/14 15:25:26 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/14 15:04:16 | 000,172,408 | ---- | C] () -- C:\Program Files\12res.dll
    [2012/06/19 17:06:04 | 015,207,790 | ---- | C] () -- C:\Users\Richard\Morris%20Loan.pdf
    [2012/01/09 23:48:20 | 000,000,000 | -HS- | C] () -- C:\ProgramData\7ct6a68iue388sx5ba
    [2012/01/09 23:48:18 | 000,001,122 | -HS- | C] () -- C:\Users\Richard\AppData\Local\7ct6a68iue388sx5ba
    [2011/01/14 19:14:52 | 000,000,120 | ---- | C] () -- C:\Users\Richard\AppData\Local\Fwozoquqofolini.dat
    [2011/01/14 19:14:52 | 000,000,000 | ---- | C] () -- C:\Users\Richard\AppData\Local\Dfeca.bin
    [2010/01/16 13:38:12 | 000,000,104 | ---- | C] () -- C:\Users\Richard\Internet - Shortcut.lnk
    [2009/08/19 18:11:06 | 000,000,947 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\DataSafeDotNet.exe
    [2009/04/11 11:34:36 | 000,039,424 | ---- | C] () -- C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/03/31 22:02:00 | 000,000,318 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\wklnhst.dat

    ========== LOP Check ==========

    [2012/05/06 17:08:21 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\.minecraft
    [2012/01/14 19:14:23 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\DriverFinder
    [2012/05/08 07:26:28 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\ICAClient
    [2012/01/14 14:19:03 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\iYogi
    [2011/01/17 19:51:17 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\PlayFirst
    [2011/04/30 05:23:21 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\RebateInformer
    [2011/01/14 21:14:04 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Sammsoft
    [2009/03/31 22:02:01 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Template
    [2009/04/05 12:09:25 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Windows Live Writer
    [2012/09/14 15:12:45 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3

    < End of report >






    Farbar Service Scanner Version: 06-08-2012
    Ran by Richard (administrator) on 19-09-2012 at 10:00:02
    Running from "F:\"
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============
    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  20. Broni

    Broni Malware Annihilator Posts: 47,616   +267

    OTL log is incorrect.
    You clicked on "Scan" button instead of "Fix" button.
    Redo.
     
  21. MacThreat

    MacThreat TS Rookie Topic Starter

    ��All processes killed
    ========== OTL ==========
    Error: No service named GuffinsService was found to stop!
    Service\Driver key GuffinsService not found.
    File C:\PROGRA~1\Guffins\bar\1.bin\u4barsvc.exe not found.
    Error: No service named MpKsl9a9cb023 was found to stop!
    Service\Driver key MpKsl9a9cb023 not found.
    File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57779DFF-FC42-4CD8-A139-035582ADCD24}\MpKsl9a9cb023.sys not found.
    Error: No service named MpKsl275cd18b was found to stop!
    Service\Driver key MpKsl275cd18b not found.
    File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57779DFF-FC42-4CD8-A139-035582ADCD24}\MpKsl275cd18b.sys not found.
    Error: No service named aswMBR was found to stop!
    Service\Driver key aswMBR not found.
    File C:\Users\Richard\AppData\Local\Temp\aswMBR.sys not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a916eefe-6a17-4d7d-a131-2738b260bb55}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a916eefe-6a17-4d7d-a131-2738b260bb55}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d6a34acb-76fa-4a14-88ea-5d54797a2028}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6a34acb-76fa-4a14-88ea-5d54797a2028}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{de2fdf7c-2637-4ba3-b427-3fce2d331db5} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de2fdf7c-2637-4ba3-b427-3fce2d331db5}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2606743370-2938532883-3730318516-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2606743370-2938532883-3730318516-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2606743370-2938532883-3730318516-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2606743370-2938532883-3730318516-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
    Folder C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce974bdc-188b-11de-8e93-806e6f6e6963}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce974bdc-188b-11de-8e93-806e6f6e6963}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce974bdc-188b-11de-8e93-806e6f6e6963}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce974bdc-188b-11de-8e93-806e6f6e6963}\ not found.
    File E:\SETUP.EXE not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce974bdc-188b-11de-8e93-806e6f6e6963}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce974bdc-188b-11de-8e93-806e6f6e6963}\ not found.
    File E:\SETUP.EXE not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce974bdc-188b-11de-8e93-806e6f6e6963}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce974bdc-188b-11de-8e93-806e6f6e6963}\ not found.
    File E:\SETUP.EXE not found.
    Folder C:\FRST\ not found.
    File C:\ProgramData\7ct6a68iue388sx5ba not found.
    File C:\Users\Richard\AppData\Local\7ct6a68iue388sx5ba not found.
    File C:\Users\Richard\AppData\Local\Fwozoquqofolini.dat not found.
    File C:\Windows\System32\drivers\dovtuw.sys not found.
    File C:\Windows\System32\drivers\uoyffqy.sys not found.
    File C:\Users\Richard\AppData\Local\Dfeca.bin not found.
    Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .
    Unable to delete ADS C:\ProgramData\TEMP:5D432CE3 .
    ========== COMMANDS ==========
    [EMPTYTEMP]
    User: All Users
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
    User: Public
    User: Richard
    ->Temp folder emptied: 252887 bytes
    ->Temporary Internet Files folder emptied: 50944226 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 562 bytes
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2696396 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes
    Total Files Cleaned = 51.00 mb
    [EMPTYJAVA]
    User: All Users
    User: Default
    User: Default User
    User: Public
    User: Richard
    ->Java cache emptied: 0 bytes
    Total Java Files Cleaned = 0.00 mb
    [EMPTYFLASH]
    User: All Users
    User: Default
    ->Flash cache emptied: 0 bytes
    User: Default User
    ->Flash cache emptied: 0 bytes
    User: Public
    User: Richard
    ->Flash cache emptied: 0 bytes
    Total Flash Files Cleaned = 0.00 mb
    OTL by OldTimer - Version 3.2.66.0 log created on 09242012_095356
    Files\Folders moved on Reboot...
    C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\64HQ1EGC\featured_stories_3_up[1].htm moved successfully.
    C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2OIY4D5Y\aclk[1].htm moved successfully.
    C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2OIY4D5Y\aclk[2].htm moved successfully.
    C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2OIY4D5Y\billboard[1].htm moved successfully.
    C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2OIY4D5Y\billboard[2].htm moved successfully.
    C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2OIY4D5Y\sirefef-virus[1].htm moved successfully.
    C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  22. Broni

    Broni Malware Annihilator Posts: 47,616   +267

    Good :)

    We still have couple of registry keys missing.

    Following steps involve registry editing. Please create new restore point before proceeding!!!
    How to:
    XP - http://support.microsoft.com/kb/948247
    Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/


    Download Vista.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
    Unzip the file.
    You'll find several files inside.

    Double click on bits.reg file and confirm the prompt.
    Double click on windefend.reg file and confirm the prompt.

    Restart computer.
    Post new FSS log.
     
  23. MacThreat

    MacThreat TS Rookie Topic Starter





    Farbar Service Scanner Version: 06-08-2012
    Ran by Richard (administrator) on 25-09-2012 at 09:33:16
    Running from "F:\"
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Disabled. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  24. Broni

    Broni Malware Annihilator Posts: 47,616   +267

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    13. Please, let me know, how your computer is doing.
     
  25. MacThreat

    MacThreat TS Rookie Topic Starter

    Its doing great thanks!
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.