Rolandz
-
Posts
29 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Rolandz
-
Iexplorer process ,google redirect, &explorer crashes
Rolandz replied to Rolandz's topic in Resolved Malware Removal Logs
mmm i guess i have no choice but after all these months lol alright thanks again for everything and helping me for so long -
Iexplorer process ,google redirect, &explorer crashes
Rolandz replied to Rolandz's topic in Resolved Malware Removal Logs
oo ya -
Iexplorer process ,google redirect, &explorer crashes
Rolandz replied to Rolandz's topic in Resolved Malware Removal Logs
oo hey screen ive notice i been getting this error im not sure if its related to using combofix but i remember it did disable my autorun too i cant seem to uninstall certain programs or install a program here a pic of me trying to uninstall smart6 and trying to install oblivion i get the same error in the detail
-
Iexplorer process ,google redirect, &explorer crashes
Rolandz replied to Rolandz's topic in Resolved Malware Removal Logs
oo forgot zip MBR.rar -
Iexplorer process ,google redirect, &explorer crashes
Rolandz replied to Rolandz's topic in Resolved Malware Removal Logs
aswMBR version 0.9.9.1509 Copyright© 2011 AVAST Software Run date: 2012-01-25 02:59:23 ----------------------------- 02:59:23.181 OS Version: Windows x64 6.1.7600 02:59:23.181 Number of processors: 8 586 0x1A05 02:59:23.181 ComputerName: ROLAND714 UserName: Roland 02:59:25.410 Initialize success 02:59:33.696 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 02:59:33.697 Disk 0 Vendor: ST31000528AS CC3E Size: 953869MB BusType: 3 02:59:33.709 Disk 0 MBR read successfully 02:59:33.710 Disk 0 MBR scan 02:59:33.712 Disk 0 Windows 7 default MBR code 02:59:33.715 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048 02:59:33.718 Service scanning 02:59:34.793 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32 02:59:35.352 Modules scanning 02:59:35.354 Disk 0 trace - called modules: 02:59:35.373 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80044052c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 02:59:35.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004788060] 02:59:35.378 3 CLASSPNP.SYS[fffff88001a1a43f] -> nt!IofCallDriver -> [0xfffffa80044f99b0] 02:59:35.380 5 ACPI.sys[fffff88000efe781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8004522060] 02:59:35.384 \Driver\atapi[0xfffffa80044f7cb0] -> IRP_MJ_CREATE -> 0xfffffa80044052c0 02:59:35.387 Scan finished successfully 02:59:48.537 Disk 0 MBR has been saved successfully to "C:\Users\Roland\Desktop\Avlogs\MBR.dat" 02:59:48.542 The log file has been saved successfully to "C:\Users\Roland\Desktop\Avlogs\aswMBR.txt" MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Ultimate Edition Windows Information: (build 7600), 64-bit Base Board Manufacturer: Gigabyte Technology Co., Ltd. BIOS Manufacturer: Award Software International, Inc. System Manufacturer: Gigabyte Technology Co., Ltd. System Product Name: X58-USB3 Logical Drives Mask: 0x0000003c Kernel Drivers (total 194): 0x03012000 \SystemRoot\system32\ntoskrnl.exe 0x035EE000 \SystemRoot\system32\hal.dll 0x00BBE000 \SystemRoot\system32\kdcom.dll 0x00C65000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00CA9000 \SystemRoot\system32\PSHED.dll 0x00CBD000 \SystemRoot\system32\CLFS.SYS 0x00D1B000 \SystemRoot\system32\CI.dll 0x00E40000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00EE4000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x0104D000 \SystemRoot\System32\Drivers\sptd.sys 0x00EF3000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x011B4000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x011BD000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x011C7000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x01000000 \SystemRoot\system32\DRIVERS\pci.sys 0x01033000 \SystemRoot\System32\drivers\partmgr.sys 0x011D4000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x00F4A000 \SystemRoot\System32\drivers\volmgrx.sys 0x011E9000 \SystemRoot\system32\DRIVERS\pciide.sys 0x011F0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x00FA6000 \SystemRoot\System32\drivers\mountmgr.sys 0x00FC0000 \SystemRoot\system32\DRIVERS\atapi.sys 0x00FC9000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x00FF3000 \SystemRoot\system32\drivers\amdxata.sys 0x00C00000 \SystemRoot\system32\drivers\fltmgr.sys 0x00E00000 \SystemRoot\system32\drivers\fileinfo.sys 0x0122F000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01492000 \SystemRoot\System32\Drivers\msrpc.sys 0x014F0000 \SystemRoot\System32\Drivers\ksecdd.sys 0x0150A000 \SystemRoot\System32\Drivers\cng.sys 0x0157D000 \SystemRoot\System32\drivers\pcw.sys 0x0158E000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x016D0000 \SystemRoot\system32\drivers\ndis.sys 0x01600000 \SystemRoot\system32\drivers\NETIO.SYS 0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01802000 \SystemRoot\System32\drivers\tcpip.sys 0x01598000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x0168B000 \SystemRoot\system32\DRIVERS\vmstorfl.sys 0x01400000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x0169B000 \SystemRoot\System32\Drivers\spldr.sys 0x017C2000 \SystemRoot\System32\drivers\rdyboost.sys 0x016A3000 \SystemRoot\System32\Drivers\mup.sys 0x016B5000 \SystemRoot\System32\drivers\hwpolicy.sys 0x0144C000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x015E2000 \SystemRoot\system32\DRIVERS\disk.sys 0x01A19000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x01A7F000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys 0x01AC7000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x01AF1000 \SystemRoot\System32\Drivers\Null.SYS 0x01AFA000 \SystemRoot\System32\Drivers\Beep.SYS 0x01B01000 \SystemRoot\System32\drivers\vga.sys 0x01B0F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x01B34000 \SystemRoot\System32\drivers\watchdog.sys 0x01B44000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x01B4D000 \SystemRoot\system32\drivers\rdpencdd.sys 0x01B56000 \SystemRoot\system32\drivers\rdprefmp.sys 0x01B5F000 \SystemRoot\System32\Drivers\Msfs.SYS 0x01B6A000 \SystemRoot\System32\Drivers\Npfs.SYS 0x01B7B000 \SystemRoot\system32\DRIVERS\tdx.sys 0x01B99000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x01BA6000 \SystemRoot\System32\DRIVERS\netbt.sys 0x06AF5000 \SystemRoot\system32\drivers\afd.sys 0x06B7E000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x06B89000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x06B92000 \SystemRoot\system32\DRIVERS\pacer.sys 0x06BB8000 \SystemRoot\system32\DRIVERS\netbios.sys 0x06BC7000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x06BE2000 \SystemRoot\system32\DRIVERS\termdd.sys 0x06A00000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x06A51000 \SystemRoot\system32\drivers\nsiproxy.sys 0x06A5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x06A68000 \SystemRoot\System32\drivers\discache.sys 0x06CAC000 \SystemRoot\system32\drivers\csc.sys 0x06D2F000 \SystemRoot\System32\Drivers\dfsc.sys 0x06D4D000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x06D5E000 \SystemRoot\system32\DRIVERS\AppleCharger.sys 0x06D66000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x06D8C000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x06DA2000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys 0x06DD3000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x100B4000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x10D18000 \SystemRoot\System32\Drivers\nvBridge.kmd 0x06E1E000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x06F12000 \SystemRoot\System32\drivers\dxgmms1.sys 0x06F58000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x06F65000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x06FBB000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x06FCC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x10D1A000 \SystemRoot\system32\DRIVERS\Rt64win7.sys 0x06FF0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x10D9E000 \SystemRoot\System32\Drivers\ajhqqxm9.SYS 0x10000000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x06E00000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x06E09000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x1002F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x10045000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x10069000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x10075000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x06DD5000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x06C00000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x06C21000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x100A4000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x10DED000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x06C3B000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x06E19000 \SystemRoot\system32\DRIVERS\swenum.sys 0x06C4A000 \SystemRoot\system32\DRIVERS\ks.sys 0x100AF000 \SystemRoot\system32\drivers\WmBEnum.sys 0x06C8D000 \SystemRoot\system32\drivers\WmXlCore.sys 0x06A77000 \SystemRoot\system32\DRIVERS\umbus.sys 0x06A89000 \SystemRoot\system32\DRIVERS\nusb3hub.sys 0x074A2000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x074FC000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x08656000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x08942000 \SystemRoot\system32\drivers\portcls.sys 0x0897F000 \SystemRoot\system32\drivers\drmk.sys 0x089A1000 \SystemRoot\system32\drivers\ksthunk.sys 0x000D0000 \SystemRoot\System32\win32k.sys 0x089A7000 \SystemRoot\System32\drivers\Dxapi.sys 0x089B3000 \SystemRoot\System32\Drivers\crashdmp.sys 0x089C1000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x089CD000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x089D6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x0862B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x08644000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x089E9000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x07511000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x00520000 \SystemRoot\System32\TSDDD.dll 0x007D0000 \SystemRoot\System32\cdd.dll 0x0752C000 \SystemRoot\system32\drivers\luafv.sys 0x0754F000 \SystemRoot\system32\drivers\WudfPf.sys 0x07570000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x07585000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x02886000 \SystemRoot\system32\drivers\HTTP.sys 0x0294E000 \SystemRoot\system32\DRIVERS\bowser.sys 0x0296C000 \SystemRoot\System32\drivers\mpsdrv.sys 0x02984000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x029B1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x02800000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x048B3000 \SystemRoot\system32\drivers\peauth.sys 0x04959000 \SystemRoot\System32\Drivers\secdrv.SYS 0x04964000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x04991000 \SystemRoot\System32\drivers\tcpipreg.sys 0x04800000 \SystemRoot\System32\DRIVERS\srv2.sys 0x07400000 \SystemRoot\System32\DRIVERS\srv.sys 0x04867000 \??\C:\Windows\gdrv.sys 0x04870000 \SystemRoot\system32\drivers\WmVirHid.sys 0x049A3000 \SystemRoot\system32\DRIVERS\udfs.sys 0x0487D000 \??\C:\Windows\system32\drivers\mbam.sys 0x04887000 \SystemRoot\system32\DRIVERS\monitor.sys 0x04895000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x02823000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x02831000 \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys 0x049F7000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS 0x0283C000 \??\C:\Users\Roland\AppData\Local\Temp\aswMBR.sys 0x773F0000 \Windows\System32\ntdll.dll 0x47E60000 \Windows\System32\smss.exe 0xFF710000 \Windows\System32\apisetschema.dll 0xFF7D0000 \Windows\System32\autochk.exe 0xFF6B0000 \Windows\System32\Wldap32.dll 0xFF610000 \Windows\System32\clbcatq.dll 0xFF4E0000 \Windows\System32\rpcrt4.dll 0x775C0000 \Windows\System32\psapi.dll 0xFF410000 \Windows\System32\usp10.dll 0xFE680000 \Windows\System32\shell32.dll 0xFE5E0000 \Windows\System32\msvcrt.dll 0xFE570000 \Windows\System32\gdi32.dll 0x775B0000 \Windows\System32\normaliz.dll 0xFE4D0000 \Windows\System32\comdlg32.dll 0xFE2C0000 \Windows\System32\ole32.dll 0x771E0000 \Windows\System32\iertutil.dll 0xFE240000 \Windows\System32\shlwapi.dll 0xFE1C0000 \Windows\System32\difxapi.dll 0xFE0B0000 \Windows\System32\msctf.dll 0xFDFD0000 \Windows\System32\advapi32.dll 0x77080000 \Windows\System32\wininet.dll 0xFDEF0000 \Windows\System32\oleaut32.dll 0xFDD10000 \Windows\System32\setupapi.dll 0xFDCF0000 \Windows\System32\imagehlp.dll 0x76F60000 \Windows\System32\kernel32.dll 0x76E10000 \Windows\System32\urlmon.dll 0xFDCC0000 \Windows\System32\imm32.dll 0xFDC70000 \Windows\System32\ws2_32.dll 0xFDC50000 \Windows\System32\sechost.dll 0xFDC40000 \Windows\System32\lpk.dll 0x76D10000 \Windows\System32\user32.dll 0xFDC30000 \Windows\System32\nsi.dll 0xFDC10000 \Windows\System32\devobj.dll 0xFDAA0000 \Windows\System32\crypt32.dll 0xFDA30000 \Windows\System32\KernelBase.dll 0xFD9F0000 \Windows\System32\cfgmgr32.dll 0xFD950000 \Windows\System32\comctl32.dll 0xFD910000 \Windows\System32\wintrust.dll 0xFD900000 \Windows\System32\msasn1.dll 0x765E0000 \Windows\SysWOW64\normaliz.dll Processes (total 66): 0 System Idle Process 4 System 320 C:\Windows\System32\smss.exe 456 csrss.exe 532 C:\Windows\System32\wininit.exe 556 csrss.exe 596 C:\Windows\System32\services.exe 616 C:\Windows\System32\lsass.exe 624 C:\Windows\System32\lsm.exe 736 C:\Windows\System32\winlogon.exe 768 C:\Windows\System32\svchost.exe 828 C:\Windows\System32\nvvsvc.exe 868 C:\Windows\System32\svchost.exe 952 C:\Windows\System32\svchost.exe 1000 C:\Windows\System32\svchost.exe 152 C:\Windows\System32\svchost.exe 1032 C:\Windows\System32\svchost.exe 1144 C:\Windows\System32\svchost.exe 1312 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe 1324 C:\Windows\System32\nvvsvc.exe 1392 C:\Windows\System32\spoolsv.exe 1460 C:\Windows\System32\svchost.exe 1572 C:\Program Files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe 1692 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 1736 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1788 C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe 1824 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe 1844 C:\Program Files\Bonjour\mDNSResponder.exe 1880 C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe 1976 C:\Windows\System32\taskhost.exe 2028 C:\Windows\System32\dwm.exe 1112 C:\Windows\explorer.exe 1504 C:\Windows\SysWOW64\PnkBstrA.exe 1508 C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe 2072 C:\Windows\System32\svchost.exe 2220 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 2372 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 3020 C:\Windows\System32\svchost.exe 2188 C:\Program Files\Logitech\Gaming Software\LWEMon.exe 3060 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 2204 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 3236 C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe 3440 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe 3448 C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe 3484 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe 3716 C:\Windows\System32\svchost.exe 3892 C:\Program Files\iPod\bin\iPodService.exe 3356 WmiPrvSE.exe 3376 C:\Windows\System32\SearchIndexer.exe 3520 C:\Program Files (x86)\Steam\Steam.exe 3160 C:\Windows\System32\SearchProtocolHost.exe 1964 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 3360 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 3792 C:\Windows\System32\wuauclt.exe 2228 C:\Windows\System32\audiodg.exe 4680 C:\Windows\SysWOW64\svchost.exe 3804 C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe 2760 C:\Program Files (x86)\Mozilla Firefox\firefox.exe 2576 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe 3860 C:\Windows\System32\SearchFilterHost.exe 4280 C:\Windows\System32\taskeng.exe 4056 C:\Windows\System32\VSSVC.exe 3888 C:\Windows\System32\svchost.exe 1856 C:\Users\Roland\Desktop\MBRCheck.exe 348 C:\Windows\System32\conhost.exe 3760 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS) PhysicalDrive0 Model Number: ST31000528AS, Rev: CC3E Size Device Name MBR Status -------------------------------------------- 931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done! MBRScan v1.0.7 OS : Windows 7 (64 bit) PROCESSOR : Intel64 Family 6 Model 26 Stepping 5, GenuineIntel BOOT : Normal Boot DATE : 2012/01/25 (ISO 8601) at 02:58:58 ________________________________________________________________________________ DISK : Device\Harddisk0\DR0 __ST31000528AS (CC3E) BUS_TYPE : (0x03) P-ATA USE_PIO : NO MAX_TRANSFER : 128 Kb ALIGNMENT_MASK : word aligned ________________________________________________________________________________ Device\Harddisk0\DR0 931.5 Go [Fixed] ==> 7 MBR Code MBR_MD5 : 3052532B4C38CBAF3FF716E7245E46D6 MBR_SHA1 : 545BE0FEA527CD2B8F103EE0F220F46DA1D3EE1E Device\Harddisk0\Partition1 931.5 Go 0x07 NTFS / HPFS __ BOOTABLE __ ________________________________________________________________________________ _______MBR \Device\Harddisk0\DR0 0x00000000 33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00 3À.м.|.À.ؾ.|¿. 0x00000010 06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00 .¹..üó¤Ph..Ëû¹.. 0x00000020 BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10 ½¾..~..|......Å. 0x00000030 E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00 âñÍ..V.UÆF..ÆF.. 0x00000040 B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09 ´A»ªUÍ.]r..ûUªu. 0x00000050 F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74 ÷Á..t.þF.f`.~..t 0x00000060 26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00 &fh....f.v.h..h. 0x00000070 7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13 |h..h..´B.V..ôÍ. 0x00000080 9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00 ..Ä..Ë.¸..».|.V. 0x00000090 8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE .v..N..n.Í.fas.þ 0x000000A0 4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84 N.u..~......².Ë. 0x000000B0 55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55 U2Ä.V.Í.]Ë..>þ}U 0x000000C0 AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64 ªun.v.è..u.ú°ñÆd 0x000000D0 E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75 è..°ßÆ`è|.°.Ædèu 0x000000E0 00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54 .û¸.»Í.f#Àu;f.ûT 0x000000F0 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00 CPAu2.ù..r,fh.». 0x00000100 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66 .fh....fh....fSf 0x00000110 53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66 SfUfh....fh.|..f 0x00000120 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD ah...Í.Z2öê.|..Í 0x00000130 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4 ..·.Ë..¶.Ë..µ.2Ä 0x00000140 05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD ....Ь<.t.»..´.Í 0x00000150 10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8 .ËòôËý+ÉÄdË.$.ÀØ 0x00000160 24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 $.ÃInvalid parti 0x00000170 74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 tion table.Error 0x00000180 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 loading operati 0x00000190 6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E ng system.Missin 0x000001A0 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst 0x000001B0 65 6D 00 00 00 63 7B 9A 72 81 D3 0B 00 00 80 20 em...c{.r.ó.... 0x000001C0 21 00 07 FE FF FF 00 08 00 00 00 58 70 74 00 00 !..þ.......Xpt.. 0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª -
Iexplorer process ,google redirect, &explorer crashes
Rolandz replied to Rolandz's topic in Resolved Malware Removal Logs
ooo na everywebsite except search websites i even got one off bleepingcomputer ComboFix 12-01-23.02 - Roland 01/25/2012 2:04.11.8 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.1378 [GMT -5:00] Running from: c:\users\Roland\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-12-25 to 2012-01-25 ))))))))))))))))))))))))))))))) . . 2012-01-25 07:23 . 2012-01-25 07:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-01-25 07:23 . 2012-01-25 07:23 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-01-25 07:23 . 2012-01-25 07:23 -------- d-----w- c:\users\Parker\AppData\Local\temp 2012-01-25 07:23 . 2012-01-25 07:23 -------- d-----w- c:\users\Parker.Roland714\AppData\Local\temp 2012-01-25 07:23 . 2012-01-25 07:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-01-25 07:23 . 2012-01-25 07:23 -------- d-----w- c:\users\AppData\AppData\Local\temp 2012-01-16 09:14 . 2012-01-24 20:04 25640 ----a-w- c:\windows\gdrv.sys 2012-01-16 02:53 . 2012-01-16 02:54 -------- d-----w- c:\programdata\WeCareReminder 2012-01-16 02:52 . 2012-01-16 02:52 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-01-16 02:51 . 2012-01-16 02:52 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite 2012-01-08 18:06 . 2012-01-08 18:06 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll 2012-01-08 18:06 . 2012-01-08 18:06 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll 2012-01-08 18:06 . 2012-01-08 18:06 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll 2012-01-08 18:06 . 2012-01-08 18:06 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll 2011-12-28 21:22 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-28 12:42 . 2011-12-28 12:42 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\DAEMON Tools Lite 2011-12-28 05:03 . 2012-01-16 02:52 -------- d-----w- c:\users\Roland\AppData\Roaming\OpenCandy 2011-12-28 04:59 . 2011-12-28 05:03 530488 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-12-27 10:22 . 2011-12-27 10:22 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll 2011-12-27 10:22 . 2011-12-27 10:22 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll 2011-12-27 10:22 . 2011-12-27 10:22 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll 2011-12-27 10:22 . 2011-12-27 10:22 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll 2011-12-27 10:22 . 2011-12-27 10:22 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll 2011-12-27 10:22 . 2011-12-27 10:22 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll 2011-12-27 10:22 . 2011-12-27 10:22 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll 2011-12-27 10:21 . 2011-12-27 10:22 -------- d-----w- c:\program files (x86)\QuickTime 2011-12-26 20:38 . 2011-12-26 20:38 -------- d-----w- C:\Down 2011-12-26 20:38 . 2011-12-26 20:38 -------- d-----w- C:\Perfect World Entertainment . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-24 20:04 . 2011-01-30 01:34 30528 ----a-w- c:\windows\GVTDrv64.sys 2012-01-02 19:43 . 2011-07-11 14:12 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-01-02 19:43 . 2011-07-11 13:56 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2011-12-20 09:24 . 2011-12-10 07:03 627600 ----a-w- c:\windows\system32\deployJava1.dll 2011-12-13 14:14 . 2011-12-11 19:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-12-11 19:40 . 2011-01-30 22:47 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-11-25 22:53 . 2011-07-11 13:56 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2011-11-24 05:00 . 2011-12-18 13:09 3141632 ----a-w- c:\windows\system32\win32k.sys 2011-11-05 05:17 . 2011-12-18 13:06 2048 ----a-w- c:\windows\system32\tzres.dll 2011-11-05 04:30 . 2011-12-18 13:06 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-11-04 01:53 . 2011-12-19 08:15 2309120 ----a-w- c:\windows\system32\jscript9.dll 2011-11-04 01:44 . 2011-12-19 08:15 1390080 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 01:44 . 2011-12-19 08:15 1493504 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-04 01:34 . 2011-12-19 08:15 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-11-03 22:47 . 2011-12-19 08:15 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-11-03 22:40 . 2011-12-19 08:15 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-11-03 22:39 . 2011-12-19 08:15 1127424 ----a-w- c:\windows\SysWow64\wininet.dll 2011-11-03 22:31 . 2011-12-19 08:15 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184] "Akamai NetSession Interface"="c:\users\Roland\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496] "EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2010-06-16 86016] R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016] R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x] R3 dump_wmimmc;dump_wmimmc;c:\gpotato\Rappelz\GameGuard\dump_wmimmc.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-05-19 25640] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-19 1431888] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-01-24 30528] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 X6va005;X6va005;c:\users\Roland\AppData\Local\Temp\0058E19.tmp [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S2 3d-io License Server v2.0;3d-io License Server v2.0;c:\program files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe [2009-12-15 34816] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464] S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-18 68136] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464] S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-14 114688] S3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = 127.0.0.1:9421 IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 10.1.10.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll FF - ProfilePath - c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=15784 FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ytff-devicevm&type=IEBD&p= . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-Blender - c:\program files (x86)\Blender Foundation\Blender\uninstall.exe AddRemove-L4D2SP - c:\users\Roland\Downloads\Left 4 Dead 2 V2.0.2.7 Full-Rip {blaze69}\Uninstall SP.exe AddRemove-NSS - c:\program files (x86)\Norton Security Scan\Engine\3.1.1.6\InstWrap.exe AddRemove-Oblivion mod manager_is1 - c:\program files (x86)\Bethesda Softworks\Oblivion\obmm\uninstall\unins000.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe AddRemove-SystemRequirementsLab - c:\program files (x86)\SystemRequirementsLab\Uninstall.exe AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files (x86)\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742} AddRemove-{EAD475E8-14E5-4854-8AF5-CE6B4024237C}_is1 - c:\gpotato\Rappelz\unins000.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005] "ImagePath"="\??\c:\users\Roland\AppData\Local\Temp\0058E19.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2750241520-802747955-1049020851-1000\Software\SecuROM\License information*] "datasecu"=hex:5f,73,18,50,7e,57,0d,84,32,1e,ab,a2,a5,3d,18,4b,4a,2f,fc,a8,c8, 4d,9c,ba,c3,a1,ff,df,30,3e,9c,87,cc,74,5b,6a,20,04,91,a4,c9,37,d0,c9,af,f7,\ "rkeysecu"=hex:e0,1a,df,22,d1,cd,73,a1,ec,fa,ae,e8,67,d1,90,4d . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*] @=hex:b1,5d,8e,62,5e,fa,cb,01 . [HKEY_LOCAL_MACHINE\software\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*] @=hex:f3,d4,a9,62,5e,fa,cb,01 . [HKEY_LOCAL_MACHINE\software\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*] @=hex:ab,94,9c,5f,5e,fa,cb,01 . [HKEY_LOCAL_MACHINE\software\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*] @=hex:d5,9d,ba,62,5e,fa,cb,01 . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-01-25 02:30:27 ComboFix-quarantined-files.txt 2012-01-25 07:30 ComboFix2.txt 2012-01-15 19:18 . Pre-Run: 200,636,526,592 bytes free Post-Run: 200,756,965,376 bytes free . - - End Of File - - F521345DED4013A20A855A1FFF881CF3 -
Iexplorer process ,google redirect, &explorer crashes
Rolandz replied to Rolandz's topic in Resolved Malware Removal Logs
oo alright here
-
Iexplorer process ,google redirect, &explorer crashes
Rolandz replied to Rolandz's topic in Resolved Malware Removal Logs
alright done though im still getting redirect inside websites even youtube its a rare occurance though and never happens on google -
Iexplorer process ,google redirect, &explorer crashes
Rolandz replied to Rolandz's topic in Resolved Malware Removal Logs
ooo snap my bad here ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=eb7a94c27590d8428819fc08fc972c63 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-01-03 05:15:50 # local_time=2012-01-03 12:15:50 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=5893 16776574 66 94 9345791 77126401 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=1042341 # found=0 # cleaned=0 # scan_time=27999 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=eb7a94c27590d8428819fc08fc972c63 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-01-04 11:29:28 # local_time=2012-01-04 06:29:28 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=5893 16776574 66 94 9465421 77246031 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=1035369 # found=0 # cleaned=0 # scan_time=17186 Results of screen317's Security Check version 0.99.30 Windows 7 x64 (UAC is disabled!) Internet Explorer 9 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Spybot - Search & Destroy Java 6 Update 29 Java 7 Update 1 Java version out of date! Adobe Reader X (10.1.1) Mozilla Firefox 8.0.1 Firefox out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe ESET ESET Online Scanner OnlineScannerApp.exe ``````````End of Log```````````` -
Iexplorer process ,google redirect, &explorer crashes
Rolandz replied to Rolandz's topic in Resolved Malware Removal Logs
aye aye the combo fix log was too long for the post 2nd time now have to attach :/ Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2011.12.30.01 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Roland :: ROLAND714 [administrator] 12/30/2011 12:24:43 AM mbam-log-2011-12-30 (00-24-43).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 241988 Time elapsed: 4 minute(s), 34 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ComboFIX_LOG.txt -
Iexplorer process ,google redirect, &explorer crashes
Rolandz replied to Rolandz's topic in Resolved Malware Removal Logs
aye aye im getting redirects on this website only when i click next page or so no redirects for google tho only way i can get to this thread is through my profile
-
Iexplorer process ,google redirect, &explorer crashes
Rolandz replied to Rolandz's topic in Resolved Malware Removal Logs
Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8399 Windows 6.1.7600 Internet Explorer 9.0.8112.16421 12/19/2011 1:43:17 PM mbam-log-2011-12-19 (13-43-17).txt Scan type: Quick scan Objects scanned: 240162 Time elapsed: 4 minute(s), 39 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by Roland at 13:45:49 on 2011-12-19 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2425 [GMT -5:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe C:\Program Files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Users\Roland\AppData\Local\Akamai\netsession_win.exe C:\Users\Roland\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe C:\Program Files (x86)\Steam\Steam.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [Akamai NetSession Interface] C:\Users\Roland\AppData\Local\Akamai\netsession_win.exe mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 10.1.10.1 TCP: Interfaces\{7065DBAA-AEEC-4DE5-B3D4-E83D2D3C24FB} : DhcpNameServer = 10.1.10.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe mRun-x64: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL Hosts: 217.23.4.166 www.google-analytics.com. Hosts: 217.23.4.166 ad-emea.doubleclick.net. Hosts: 217.23.4.166 www.statcounter.com. Hosts: 178.250.45.15 www.google-analytics.com. Hosts: 178.250.45.15 ad-emea.doubleclick.net. . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=15784 FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ytff-devicevm&type=IEBD&p= FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin32\NP3DXMLPlugin.dll FF - plugin: C:\Users\Roland\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?] R2 3d-io License Server v2.0;3d-io License Server v2.0;C:\Program Files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe [2009-12-15 34816] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992] R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464] R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-1-29 68136] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-15 2329480] R2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2010-6-16 86016] R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-3-12 86016] R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-9 2255464] R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-1-29 114688] R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-1-29 30528] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-5-18 25640] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-2-1 1431888] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576] S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2011-12-19 08:33:13 367104 ----a-w- C:\Windows\System32\wcncsvc.dll 2011-12-19 08:33:13 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll 2011-12-18 13:09:35 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys 2011-12-18 13:06:58 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-12-18 13:06:58 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-12-18 07:13:59 -------- d-----w- C:\Users\Roland\AppData\Local\LogMeIn Hamachi 2011-12-18 07:13:34 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi 2011-12-18 06:34:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\ScripterRon 2011-12-17 22:34:27 -------- d-----w- C:\Users\Roland\AppData\Local\{E650F8E4-5452-46D3-9101-425C89ED4914} 2011-12-17 22:34:15 -------- d-----w- C:\Users\Roland\AppData\Local\{428C00D8-053E-492E-850A-2F1DE01C647A} 2011-12-17 05:16:03 -------- d-----w- C:\Users\Roland\.NewTek 2011-12-17 04:57:29 -------- d-----w- C:\Program Files\NewTek 2011-12-17 03:46:48 -------- d-----w- C:\Program Files (x86)\Id soft 2011-12-15 18:37:40 -------- d-----w- C:\Program Files (x86)\Sierra 2011-12-14 07:21:55 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe 2011-12-14 04:27:11 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll 2011-12-14 04:27:11 107624 ----a-w- C:\Windows\System32\RTNUninst64.dll 2011-12-14 04:15:58 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe 2011-12-14 04:15:57 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll 2011-12-14 04:15:57 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll 2011-12-14 04:15:57 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll 2011-12-14 04:15:57 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll 2011-12-14 04:15:56 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll 2011-12-14 04:15:56 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll 2011-12-14 04:12:56 535656 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys 2011-12-13 20:03:43 -------- d-----w- C:\Users\Roland\AppData\Roaming\Unity 2011-12-13 19:57:09 -------- d-----w- C:\Users\Roland\AppData\Local\Unity 2011-12-11 21:27:01 13800 ----a-w- C:\Windows\System32\drivers\ssadwh.sys 2011-12-11 21:27:00 13288 ----a-w- C:\Windows\System32\drivers\ssadcm.sys 2011-12-11 21:26:36 -------- d-----w- C:\Program Files\SAMSUNG 2011-12-11 21:26:06 -------- d-----w- C:\ProgramData\Samsung 2011-12-11 19:40:35 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\REN1B6.tmp 2011-12-11 19:37:56 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-12-10 07:03:56 627600 ----a-w- C:\Windows\System32\deployJava1.dll 2011-12-10 06:57:40 -------- d-----w- C:\Program Files (x86)\Santiago Orgaz 2011-12-10 01:25:54 -------- d-----w- C:\$RECYCLE.BIN 2011-12-10 01:06:13 98816 ----a-w- C:\Windows\sed.exe 2011-12-10 01:06:13 518144 ----a-w- C:\Windows\SWREG.exe 2011-12-10 01:06:13 256000 ----a-w- C:\Windows\PEV.exe 2011-12-10 01:06:13 208896 ----a-w- C:\Windows\MBR.exe 2011-12-09 11:24:21 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2011-12-07 16:05:39 -------- d-----w- C:\Program Files\AMD 2011-12-04 03:14:14 -------- d-----w- C:\Users\Roland\AppData\Roaming\Dropbox 2011-12-03 15:26:17 -------- d-----w- C:\Program Files (x86)\Common Files\AMD 2011-11-28 05:30:07 -------- d-----we C:\Windows\system64 2011-11-25 03:54:11 -------- d-----w- C:\Users\Roland\AppData\Roaming\bOOONNtxA0uc2iD 2011-11-25 03:54:07 -------- d-----w- C:\Users\Roland\AppData\Roaming\B77ffEL88gZqh 2011-11-25 03:54:06 -------- d-----w- C:\Users\Roland\AppData\Roaming\Z999gTTXq 2011-11-25 03:54:06 -------- d-----w- C:\Users\Roland\AppData\Roaming\oOONNtxxA0uS2bD 2011-11-25 03:54:02 -------- d-----w- C:\Users\Roland\AppData\Roaming\hooonGG4amH6WJf 2011-11-25 03:54:01 -------- d-----w- C:\Users\Roland\AppData\Roaming\qccSS1ibb3onGaH 2011-11-23 22:11:23 -------- d-----w- C:\Users\Roland\AppData\Local\SCE 2011-11-23 11:26:27 -------- d-----w- C:\Program Files (x86)\ATI Research Inc 2011-11-23 07:32:11 198656 ----a-w- C:\Windows\SysWow64\Comdlg32.ocx 2011-11-23 00:43:56 -------- d-----w- C:\Users\Roland\AppData\Local\{970492A1-4B99-42C9-B472-065740F9C9EB} 2011-11-23 00:43:45 -------- d-----w- C:\Users\Roland\AppData\Local\{72BB1DDD-B6CD-4918-B4F0-6A326666FEEB} 2011-11-22 23:57:32 -------- d-----w- C:\Program Files (x86)\98C23 2011-11-22 23:57:12 -------- d-----w- C:\Users\Roland\AppData\Roaming\xRRZZ9hTXwjUClB 2011-11-22 23:57:12 -------- d-----w- C:\Users\Roland\AppData\Roaming\NzzzPPNyxA1uS2b 2011-11-22 23:57:01 -------- d-----w- C:\Users\Roland\AppData\Roaming\rWWWJJ7dEL8gZqY 2011-11-22 23:57:00 -------- d-----w- C:\Users\Roland\AppData\Roaming\Q7ffEEL8gTZ 2011-11-22 23:57:00 -------- d-----w- C:\Users\Roland\AppData\Roaming\nttxxP0uuc1i 2011-11-22 23:56:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\F8998 2011-11-22 23:56:33 -------- d-----w- C:\Users\Roland\AppData\Roaming\hFF44pmmG 2011-11-22 23:56:32 -------- d-----w- C:\Users\Roland\AppData\Roaming\LtttzPP0ycA1vDo 2011-11-22 23:44:12 -------- d-----w- C:\Users\Roland\AppData\Local\{A6DC21A5-2B27-4E2F-B232-6C4C7A69AF31} 2011-11-22 23:44:00 -------- d-----w- C:\Users\Roland\AppData\Local\{E3CE3080-C760-4059-898C-C90A69F9FF67} 2011-11-22 19:09:29 -------- d-----w- C:\ProgramData\PackfileExplorer 2011-11-22 05:17:51 -------- d-----w- C:\Users\Roland\AppData\Local\{2DFF5213-D589-4384-8E79-DCCCF551D886} 2011-11-22 05:17:39 -------- d-----w- C:\Users\Roland\AppData\Local\{F07369E6-E070-4933-A064-FAA912F188BC} 2011-11-21 23:55:28 -------- d-----w- C:\Users\Roland\AppData\Local\{996A5C83-A4EF-4178-91E5-F20154B3A7B1} 2011-11-21 23:55:15 -------- d-----w- C:\Users\Roland\AppData\Local\{9B229EAA-111E-45FE-B3CA-9C1734FB0C7A} 2011-11-21 04:41:47 -------- d-----w- C:\Users\Roland\AppData\Local\{60BDAFCE-9D24-45FC-814A-D96F2DEAA9AC} 2011-11-21 04:41:36 -------- d-----w- C:\Users\Roland\AppData\Local\{FB9064CD-8BFE-4D58-BB0E-6A7AB5A09D12} 2011-11-20 05:40:47 -------- d-----w- C:\Users\Roland\AppData\Roaming\Blender Foundation 2011-11-20 05:40:44 -------- d-----w- C:\Users\Roland\.thumbnails . ==================== Find3M ==================== . 2011-12-19 18:33:26 30528 ----a-w- C:\Windows\GVTDrv64.sys 2011-12-19 18:33:11 25640 ----a-w- C:\Windows\gdrv.sys 2011-12-11 19:40:18 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-11-25 22:53:42 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2011-11-25 22:53:42 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys 2011-11-19 15:41:28 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll 2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll 2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-10-26 05:19:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2011-10-15 06:25:12 723456 ----a-w- C:\Windows\System32\EncDec.dll 2011-10-15 05:48:52 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll 2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-09-28 22:45:42 15453832 ----a-w- C:\Windows\SysWow64\xlive.dll 2011-09-28 22:45:42 13642888 ----a-w- C:\Windows\SysWow64\xlivefnt.dll . ============= FINISH: 13:48:06.35 =============== aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software Run date: 2011-12-19 13:44:54 ----------------------------- 13:44:54.817 OS Version: Windows x64 6.1.7600 13:44:54.832 Number of processors: 8 586 0x1A05 13:44:54.832 ComputerName: ROLAND714 UserName: Roland 13:44:59.793 Initialize success 13:45:14.995 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 13:45:14.995 Disk 0 Vendor: ST31000528AS CC3E Size: 953869MB BusType: 3 13:45:17.039 Disk 0 MBR read successfully 13:45:17.039 Disk 0 MBR scan 13:45:17.039 Disk 0 Windows 7 default MBR code 13:45:17.039 Service scanning 13:45:18.583 Modules scanning 13:45:18.583 Disk 0 trace - called modules: 13:45:18.583 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 13:45:18.583 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80047b6060] 13:45:18.583 3 CLASSPNP.SYS[fffff880018bd43f] -> nt!IofCallDriver -> [0xfffffa8004539520] 13:45:18.583 5 ACPI.sys[fffff88000ef3781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8004528060] 13:45:18.583 Scan finished successfully 13:45:30.595 Disk 0 MBR has been saved successfully to "C:\Users\Roland\Desktop\MBR.dat" 13:45:30.595 The log file has been saved successfully to "C:\Users\Roland\Desktop\aswMBR.txt" MBR.rar Attach.txt -
Iexplorer process ,google redirect, &explorer crashes
Rolandz replied to Rolandz's topic in Resolved Malware Removal Logs
ooh reformating isnt an option for me ill try the cleaning method -
Iexplorer process ,google redirect, &explorer crashes
Rolandz replied to Rolandz's topic in Resolved Malware Removal Logs
screen ya still with me -
Iexplorer process ,google redirect, &explorer crashes
Rolandz replied to Rolandz's topic in Resolved Malware Removal Logs
and here is the dds . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by Roland at 23:22:12 on 2011-12-09 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.1937 [GMT -5:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe C:\Program Files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Steam\Steam.exe c:\program files (x86)\steam\steamapps\ramoneb\sourcesdk\bin\SDKLauncher.exe c:\program files (x86)\steam\steamapps\ramoneb\sourcesdk\bin\source2009\bin\hlmv.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized uRun: [Akamai NetSession Interface] C:\Users\Roland\AppData\Local\Akamai\netsession_win.exe mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 10.1.10.1 TCP: Interfaces\{1D4B6D87-0285-48B8-B515-7EB2FE6EB006} : DhcpNameServer = 10.1.10.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO-X64: Ask Toolbar BHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll mRun-x64: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe mRun-x64: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL Hosts: 217.23.4.166 www.google-analytics.com. Hosts: 217.23.4.166 ad-emea.doubleclick.net. Hosts: 217.23.4.166 www.statcounter.com. Hosts: 178.250.45.15 www.google-analytics.com. Hosts: 178.250.45.15 ad-emea.doubleclick.net. . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=15784 FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ytff-devicevm&type=IEBD&p= FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin32\NP3DXMLPlugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R2 3d-io License Server v2.0;3d-io License Server v2.0;C:\Program Files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe [2009-12-15 34816] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992] R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464] R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-1-29 68136] R2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2010-6-16 86016] R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-3-12 86016] R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-9 2255464] R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-1-29 114688] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-5-18 25640] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-2-1 1431888] S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-1-29 30528] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576] S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2011-12-10 01:25:54 -------- d-----w- C:\$RECYCLE.BIN 2011-12-10 01:06:13 98816 ----a-w- C:\Windows\sed.exe 2011-12-10 01:06:13 518144 ----a-w- C:\Windows\SWREG.exe 2011-12-10 01:06:13 256000 ----a-w- C:\Windows\PEV.exe 2011-12-10 01:06:13 208896 ----a-w- C:\Windows\MBR.exe 2011-12-09 11:24:21 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2011-12-07 16:05:39 -------- d-----w- C:\Program Files\AMD 2011-12-04 03:16:16 -------- d-----r- C:\Users\Roland\Dropbox 2011-12-04 03:14:14 -------- d-----w- C:\Users\Roland\AppData\Roaming\Dropbox 2011-12-03 20:22:34 -------- d-----w- C:\Program Files (x86)\Ask.com 2011-12-03 15:26:17 -------- d-----w- C:\Program Files (x86)\Common Files\AMD 2011-11-28 05:30:07 -------- d-----we C:\Windows\system64 2011-11-25 03:54:11 -------- d-----w- C:\Users\Roland\AppData\Roaming\bOOONNtxA0uc2iD 2011-11-25 03:54:07 -------- d-----w- C:\Users\Roland\AppData\Roaming\B77ffEL88gZqh 2011-11-25 03:54:06 -------- d-----w- C:\Users\Roland\AppData\Roaming\Z999gTTXq 2011-11-25 03:54:06 -------- d-----w- C:\Users\Roland\AppData\Roaming\oOONNtxxA0uS2bD 2011-11-25 03:54:02 -------- d-----w- C:\Users\Roland\AppData\Roaming\hooonGG4amH6WJf 2011-11-25 03:54:01 -------- d-----w- C:\Users\Roland\AppData\Roaming\qccSS1ibb3onGaH 2011-11-23 22:11:23 -------- d-----w- C:\Users\Roland\AppData\Local\SCE 2011-11-23 11:26:27 -------- d-----w- C:\Program Files (x86)\ATI Research Inc 2011-11-23 07:32:11 198656 ----a-w- C:\Windows\SysWow64\Comdlg32.ocx 2011-11-23 00:43:56 -------- d-----w- C:\Users\Roland\AppData\Local\{970492A1-4B99-42C9-B472-065740F9C9EB} 2011-11-23 00:43:45 -------- d-----w- C:\Users\Roland\AppData\Local\{72BB1DDD-B6CD-4918-B4F0-6A326666FEEB} 2011-11-22 23:57:32 -------- d-----w- C:\Program Files (x86)\98C23 2011-11-22 23:57:12 -------- d-----w- C:\Users\Roland\AppData\Roaming\xRRZZ9hTXwjUClB 2011-11-22 23:57:12 -------- d-----w- C:\Users\Roland\AppData\Roaming\NzzzPPNyxA1uS2b 2011-11-22 23:57:01 -------- d-----w- C:\Users\Roland\AppData\Roaming\rWWWJJ7dEL8gZqY 2011-11-22 23:57:00 -------- d-----w- C:\Users\Roland\AppData\Roaming\Q7ffEEL8gTZ 2011-11-22 23:57:00 -------- d-----w- C:\Users\Roland\AppData\Roaming\nttxxP0uuc1i 2011-11-22 23:56:58 -------- d-----w- C:\Users\Roland\AppData\Roaming\F8998 2011-11-22 23:56:33 -------- d-----w- C:\Users\Roland\AppData\Roaming\hFF44pmmG 2011-11-22 23:56:32 -------- d-----w- C:\Users\Roland\AppData\Roaming\LtttzPP0ycA1vDo 2011-11-22 23:44:12 -------- d-----w- C:\Users\Roland\AppData\Local\{A6DC21A5-2B27-4E2F-B232-6C4C7A69AF31} 2011-11-22 23:44:00 -------- d-----w- C:\Users\Roland\AppData\Local\{E3CE3080-C760-4059-898C-C90A69F9FF67} 2011-11-22 19:09:29 -------- d-----w- C:\ProgramData\PackfileExplorer 2011-11-22 05:17:51 -------- d-----w- C:\Users\Roland\AppData\Local\{2DFF5213-D589-4384-8E79-DCCCF551D886} 2011-11-22 05:17:39 -------- d-----w- C:\Users\Roland\AppData\Local\{F07369E6-E070-4933-A064-FAA912F188BC} 2011-11-21 23:55:28 -------- d-----w- C:\Users\Roland\AppData\Local\{996A5C83-A4EF-4178-91E5-F20154B3A7B1} 2011-11-21 23:55:15 -------- d-----w- C:\Users\Roland\AppData\Local\{9B229EAA-111E-45FE-B3CA-9C1734FB0C7A} 2011-11-21 04:41:47 -------- d-----w- C:\Users\Roland\AppData\Local\{60BDAFCE-9D24-45FC-814A-D96F2DEAA9AC} 2011-11-21 04:41:36 -------- d-----w- C:\Users\Roland\AppData\Local\{FB9064CD-8BFE-4D58-BB0E-6A7AB5A09D12} 2011-11-20 05:40:47 -------- d-----w- C:\Users\Roland\AppData\Roaming\Blender Foundation 2011-11-20 05:40:44 -------- d-----w- C:\Users\Roland\.thumbnails 2011-11-18 15:20:53 -------- d-----w- C:\Users\Roland\AppData\Local\{BBD44097-D831-4095-9668-127CE80111DC} 2011-11-18 15:20:41 -------- d-----w- C:\Users\Roland\AppData\Local\{EFD83BF7-46DA-4998-993B-C80AD390A6E8} 2011-11-17 15:23:53 -------- d-----w- C:\Users\Roland\AppData\Local\{B453F33A-9799-4D89-ADE4-C891A8E1F66E} 2011-11-17 15:23:42 -------- d-----w- C:\Users\Roland\AppData\Local\{0D0676A1-63E4-41C2-9E35-835580156DD8} 2011-11-16 20:24:46 -------- d-----w- C:\Users\Roland\AppData\Local\{471E149C-C6CD-47DE-B89D-73D702623698} 2011-11-16 04:28:40 -------- d-----w- C:\Users\Roland\AppData\Roaming\Malwarebytes 2011-11-16 04:28:27 -------- d-----w- C:\ProgramData\Malwarebytes 2011-11-16 04:28:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-11-16 03:41:32 -------- d-----w- C:\Users\Roland\AppData\Local\{C860DD10-5E0E-47BE-AA39-C1E031E9615B} 2011-11-16 03:41:21 -------- d-----w- C:\Users\Roland\AppData\Local\{523C39FF-6CEA-4A67-A093-FBD73984B03E} 2011-11-15 15:53:17 -------- d-----w- C:\Users\Roland\AppData\Local\{B0DACA34-50A0-47A5-894C-731FBCCCD5FF} 2011-11-15 15:53:06 -------- d-----w- C:\Users\Roland\AppData\Local\{E4854E13-9794-4825-8072-85A784532839} 2011-11-13 05:13:22 -------- d-----w- C:\Noesis 2011-11-12 14:10:40 -------- d-----w- C:\Users\Roland\AppData\Local\{CB1EBE4B-1130-40A6-B93E-6B164E5CE76C} 2011-11-11 13:51:09 -------- d-----w- C:\Users\Roland\AppData\Local\{2BC32B14-98FB-4E96-9856-B3B607ED1404} 2011-11-10 16:24:07 -------- d-----w- C:\Users\Roland\AppData\Local\{41EE2908-BC0A-477B-BD2E-C18CA9FE949A} . ==================== Find3M ==================== . 2011-12-10 01:25:37 25640 ----a-w- C:\Windows\gdrv.sys 2011-12-10 00:50:46 30528 ----a-w- C:\Windows\GVTDrv64.sys 2011-11-25 22:53:42 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2011-11-25 22:53:42 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2011-11-23 22:15:44 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-11-19 15:41:28 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2011-10-03 10:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-09-28 22:45:42 15453832 ----a-w- C:\Windows\SysWow64\xlive.dll 2011-09-28 22:45:42 13642888 ----a-w- C:\Windows\SysWow64\xlivefnt.dll . ============= FINISH: 23:23:26.11 =============== -
Iexplorer process ,google redirect, &explorer crashes
Rolandz replied to Rolandz's topic in Resolved Malware Removal Logs
alright here is the combo fix ComboFix 11-12-09.04 - Roland 12/09/2011 20:10:19.7.8 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2581 [GMT -5:00] Running from: c:\users\Roland\Desktop\ComboFi3x.exe Command switches used :: c:\users\Roland\Desktop\CFScript.txt SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_ksleovbm -------\Service_zjlxuskj . . ((((((((((((((((((((((((( Files Created from 2011-11-10 to 2011-12-10 ))))))))))))))))))))))))))))))) . . 2011-12-10 01:23 . 2011-12-10 01:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-12-10 01:23 . 2011-12-10 01:23 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-12-10 01:23 . 2011-12-10 01:23 -------- d-----w- c:\users\Parker.Roland714\AppData\Local\temp 2011-12-10 01:23 . 2011-12-10 01:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-10 01:23 . 2011-12-10 01:23 -------- d-----w- c:\users\AppData\AppData\Local\temp 2011-12-10 01:23 . 2011-12-10 01:23 -------- d-----w- c:\users\Parker\AppData\Local\temp 2011-12-09 11:24 . 2011-12-09 19:47 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2011-12-08 16:59 . 2011-12-08 16:59 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-12-07 16:05 . 2011-12-07 16:05 -------- d-----w- c:\program files\AMD 2011-12-04 03:16 . 2011-12-04 04:26 -------- d-----r- c:\users\Roland\Dropbox 2011-12-03 20:22 . 2011-12-03 20:22 -------- d-----w- c:\program files (x86)\ImgBurn 2011-12-03 20:22 . 2011-12-03 20:22 -------- d-----w- c:\program files (x86)\Ask.com 2011-12-03 15:26 . 2011-12-03 15:26 -------- d-----w- c:\program files (x86)\Common Files\AMD 2011-11-28 05:30 . 2011-11-28 05:30 -------- d-----we c:\windows\system64 2011-11-25 03:54 . 2011-11-25 03:54 -------- d-----w- c:\users\Roland\AppData\Roaming\B77ffEL88gZqh 2011-11-23 22:11 . 2011-11-23 22:11 -------- d-----w- c:\users\Roland\AppData\Local\SCE 2011-11-23 11:26 . 2011-11-23 11:26 -------- d-----w- c:\program files (x86)\ATI Research Inc 2011-11-23 07:32 . 2001-05-21 16:46 198656 ----a-w- c:\windows\SysWow64\Comdlg32.ocx 2011-11-22 23:57 . 2011-11-23 00:43 -------- d-----w- c:\program files (x86)\98C23 2011-11-22 19:09 . 2011-11-22 19:09 -------- d-----w- c:\programdata\PackfileExplorer 2011-11-20 05:40 . 2011-11-20 05:40 -------- d-----w- c:\users\Roland\AppData\Roaming\Blender Foundation 2011-11-20 05:40 . 2011-11-20 05:40 -------- d-----w- c:\users\Roland\.thumbnails 2011-11-16 04:28 . 2011-11-16 04:28 -------- d-----w- c:\programdata\Malwarebytes 2011-11-16 04:28 . 2011-11-16 04:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-11-13 05:13 . 2011-11-13 05:13 -------- d-----w- C:\Noesis . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-10 01:25 . 2011-01-30 01:34 25640 ----a-w- c:\windows\gdrv.sys 2011-12-10 00:50 . 2011-01-30 01:34 30528 ----a-w- c:\windows\GVTDrv64.sys 2011-11-25 22:53 . 2011-07-11 14:12 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2011-11-25 22:53 . 2011-07-11 13:56 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2011-11-23 22:15 . 2011-05-30 15:54 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-11-19 15:41 . 2011-07-11 13:56 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2011-10-03 10:06 . 2011-01-30 22:47 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-09-28 22:45 . 2011-09-28 22:45 15453832 ----a-w- c:\windows\SysWow64\xlive.dll 2011-09-28 22:45 . 2011-09-28 22:45 13642888 ----a-w- c:\windows\SysWow64\xlivefnt.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2011-11-18 00:29 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-11-18 1515688] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768] "Akamai NetSession Interface"="c:\users\Roland\AppData\Local\Akamai\netsession_win.exe" [2011-11-17 3303000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496] "EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736] "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-11-18 901800] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x] R3 dump_wmimmc;dump_wmimmc;c:\gpotato\Rappelz\GameGuard\dump_wmimmc.sys [x] R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-05-19 25640] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-19 1431888] R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-12-10 30528] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S2 3d-io License Server v2.0;3d-io License Server v2.0;c:\program files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe [2009-12-15 34816] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464] S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-18 68136] S2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2010-06-16 86016] S2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016] S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464] S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-14 114688] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536] "combofix"="c:\combofi3x\CF23494.3XE" [2009-07-14 344576] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 10.1.10.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll FF - ProfilePath - c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=15784 FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ytff-devicevm&type=IEBD&p= . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-Blender - c:\program files (x86)\Blender Foundation\Blender\uninstall.exe AddRemove-L4D2SP - c:\users\Roland\Downloads\Left 4 Dead 2 V2.0.2.7 Full-Rip {blaze69}\Uninstall SP.exe AddRemove-NSS - c:\program files (x86)\Norton Security Scan\Engine\3.1.1.6\InstWrap.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe AddRemove-SystemRequirementsLab - c:\program files (x86)\SystemRequirementsLab\Uninstall.exe AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files (x86)\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742} AddRemove-{EAD475E8-14E5-4854-8AF5-CE6B4024237C}_is1 - c:\gpotato\Rappelz\unins000.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2750241520-802747955-1049020851-1000\Software\SecuROM\License information*] "datasecu"=hex:5f,73,18,50,7e,57,0d,84,32,1e,ab,a2,a5,3d,18,4b,4a,2f,fc,a8,c8, 4d,9c,ba,c3,a1,ff,df,30,3e,9c,87,cc,74,5b,6a,20,04,91,a4,c9,37,d0,c9,af,f7,\ "rkeysecu"=hex:e0,1a,df,22,d1,cd,73,a1,ec,fa,ae,e8,67,d1,90,4d . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*] @=hex:b1,5d,8e,62,5e,fa,cb,01 . [HKEY_LOCAL_MACHINE\software\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*] @=hex:f3,d4,a9,62,5e,fa,cb,01 . [HKEY_LOCAL_MACHINE\software\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*] @=hex:ab,94,9c,5f,5e,fa,cb,01 . [HKEY_LOCAL_MACHINE\software\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*] @=hex:d5,9d,ba,62,5e,fa,cb,01 . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe . ************************************************************************** . Completion time: 2011-12-09 20:33:06 - machine was rebooted ComboFix-quarantined-files.txt 2011-12-10 01:33 ComboFix2.txt 2011-12-03 19:12 . Pre-Run: 315,306,049,536 bytes free Post-Run: 316,799,815,680 bytes free . - - End Of File - - 7D46EC9C4BD46D0525290318838BAFE1 -
Iexplorer process ,google redirect, &explorer crashes
Rolandz replied to Rolandz's topic in Resolved Malware Removal Logs
alright oh and here is the scan i had one pop up so far though ill give the combofix scan after Objects Scan: completed 5 minutes ago (events: 71, objects: 3622838, time: 08:05:51) 12/9/11 11:28 AM Task started 12/9/11 11:29 AM Detected: Rootkit.Boot.SST.a /dev/sda 12/9/11 11:29 AM Untreated: Rootkit.Boot.SST.a /dev/sda Postponed 12/9/11 12:18 PM Detected: Exploit.Java.CVE-2010-0840.fb /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/26/4549b0da-5d6747a6/photo/Zoom.class 12/9/11 12:18 PM Detected: Exploit.Java.CVE-2010-0840.fb /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/39/65409e7-16c5bb6c/photo/Zoom.class 12/9/11 12:18 PM Detected: Exploit.Java.CVE-2010-4452.a /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/62/5024297e-52010181 12/9/11 12:18 PM Untreated: Exploit.Java.CVE-2010-0840.fb /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/26/4549b0da-5d6747a6/photo/Zoom.class Postponed 12/9/11 12:18 PM Untreated: Exploit.Java.CVE-2010-0840.fb /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/39/65409e7-16c5bb6c/photo/Zoom.class Postponed 12/9/11 12:18 PM Untreated: Exploit.Java.CVE-2010-4452.a /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/62/5024297e-52010181 Postponed 12/9/11 12:18 PM Detected: Exploit.Java.CVE-2010-4452.a /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/62/5024297e-72eb7fce 12/9/11 12:18 PM Untreated: Exploit.Java.CVE-2010-4452.a /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/62/5024297e-72eb7fce Postponed 12/9/11 12:48 PM Processing error /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/Downloads/BlazBlue_Continuum_Shift.rar/BlazBlue Continuum Shift/bbcs/game.rar Read error 12/9/11 12:48 PM Processing error /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/Downloads/BlazBlue_Continuum_Shift.rar/BlazBlue Continuum Shift/bbcs/typex_loader_2009_12_29_13_35.7z Read error 12/9/11 12:49 PM Processing error /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/Downloads/vehicles valkyrie(1).rar/valkyrie_mira.rar Read error 12/9/11 12:49 PM Processing error /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/Downloads/vehicles valkyrie(1).rar/valkyrie.rar Read error 12/9/11 12:49 PM Processing error /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/Downloads/vehicles valkyrie.rar/valkyrie_inquisitor.rar Read error 12/9/11 12:49 PM Processing error /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/Downloads/vehicles valkyrie.rar Read error 12/9/11 12:49 PM Processing error /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/Downloads/Skyrim - Voices.rar.part/Skyrim - Voices.bsa Read error 12/9/11 12:49 PM Processing error /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/Downloads/Skyrim - Voices.rar.part Read error 12/9/11 12:56 PM Processing error /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/Downloads/Skyrim/Data2.rar/Skyrim - Sounds.bsa Read error 12/9/11 12:56 PM Processing error /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/Downloads/Skyrim/Data2.rar Read error 12/9/11 12:57 PM Processing error /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/Downloads/Skyrim/Data1.rar Read error 12/9/11 1:19 PM Detected: Backdoor.Win32.ZAccess.aug C:/Windows/assembly/GAC_32/Desktop.ini 12/9/11 1:19 PM Untreated: Backdoor.Win32.ZAccess.aug C:/Windows/assembly/GAC_32/Desktop.ini Postponed 12/9/11 1:20 PM Detected: Backdoor.Win64.ZAccess.aj C:/Windows/assembly/GAC_64/Desktop.ini 12/9/11 1:20 PM Untreated: Backdoor.Win64.ZAccess.aj C:/Windows/assembly/GAC_64/Desktop.ini Postponed 12/9/11 1:21 PM Detected: Trojan-Downloader.Win32.Agent.gyak C:/Windows/assembly/temp/U/80000032.@ 12/9/11 1:21 PM Untreated: Trojan-Downloader.Win32.Agent.gyak C:/Windows/assembly/temp/U/80000032.@ Postponed 12/9/11 5:47 PM Processing error C:/Program Files (x86)/Eidos/Deus EX humanrevolution/bigfile000.rar Read error 12/9/11 5:48 PM Processing error C:/Program Files (x86)/Eidos/Deus EX humanrevolution/bigfile001.rar Read error 12/9/11 5:49 PM Processing error C:/Program Files (x86)/Eidos/Deus EX humanrevolution/bigfile002.rar Read error 12/9/11 6:36 PM Detected: Exploit.Java.CVE-2010-0840.fb C:/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/26/4549b0da-5d6747a6/photo/Zoom.class 12/9/11 6:36 PM Detected: Exploit.Java.CVE-2010-0840.fb C:/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/39/65409e7-16c5bb6c/photo/Zoom.class 12/9/11 6:36 PM Untreated: Exploit.Java.CVE-2010-0840.fb C:/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/26/4549b0da-5d6747a6/photo/Zoom.class Postponed 12/9/11 6:36 PM Untreated: Exploit.Java.CVE-2010-0840.fb C:/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/39/65409e7-16c5bb6c/photo/Zoom.class Postponed 12/9/11 6:36 PM Detected: Exploit.Java.CVE-2010-4452.a C:/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/62/5024297e-52010181 12/9/11 6:36 PM Detected: Exploit.Java.CVE-2010-4452.a C:/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/62/5024297e-72eb7fce 12/9/11 6:36 PM Untreated: Exploit.Java.CVE-2010-4452.a C:/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/62/5024297e-52010181 Postponed 12/9/11 6:36 PM Untreated: Exploit.Java.CVE-2010-4452.a C:/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/62/5024297e-72eb7fce Postponed 12/9/11 7:06 PM Processing error C:/Users/Roland/Downloads/3dsmax8/Installs/3dsMaxRefFiles/3dsMax8_reffiles.msi/Cabs.ref.cab Read error 12/9/11 7:06 PM Processing error C:/Users/Roland/Downloads/3dsmax8/Installs/3dsMaxRefFiles/3dsMax8_reffiles.msi Read error 12/9/11 7:06 PM Processing error C:/Users/Roland/Downloads/The Elder Scrolls IV Oblivion+Expansions/Oblivion.iso/data2.cab Read error 12/9/11 7:06 PM Processing error C:/Users/Roland/Downloads/The Elder Scrolls IV Oblivion+Expansions/Oblivion.iso Read error 12/9/11 7:06 PM Processing error C:/Users/Roland/Downloads/The Elder Scrolls IV Oblivion+Expansions/SI_KOTN.iso/Knights of The Nine/Oblivion - Knights of the Nine.exe Read error 12/9/11 7:06 PM Processing error C:/Users/Roland/Downloads/The Elder Scrolls IV Oblivion+Expansions/SI_KOTN.iso/Knights of The Nine/Oblivion - Thieves Den.exe Read error 12/9/11 7:06 PM Processing error C:/Users/Roland/Downloads/The Elder Scrolls IV Oblivion+Expansions/SI_KOTN.iso/Setup/data2.cab Read error 12/9/11 7:06 PM Processing error C:/Users/Roland/Downloads/The Elder Scrolls IV Oblivion+Expansions/SI_KOTN.iso/Setup/data3.cab Read error 12/9/11 7:06 PM Processing error C:/Users/Roland/Downloads/The Elder Scrolls IV Oblivion+Expansions/SI_KOTN.iso Read error 12/9/11 7:06 PM Processing error C:/Users/Roland/Downloads/Skyrim - Voices.rar.part/Skyrim - Voices.bsa Read error 12/9/11 7:06 PM Processing error C:/Users/Roland/Downloads/Skyrim - Voices.rar.part Read error 12/9/11 7:13 PM Processing error C:/Users/Roland/Downloads/Skyrim/Data2.rar/Skyrim - Sounds.bsa Read error 12/9/11 7:13 PM Processing error C:/Users/Roland/Downloads/Skyrim/Data2.rar Read error 12/9/11 7:13 PM Processing error C:/Users/Roland/Downloads/Skyrim/Data1.rar Read error 12/9/11 7:32 PM Detected: Exploit.Java.CVE-2010-0840.fb /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/26/4549b0da-5d6747a6/photo/Zoom.class 12/9/11 7:34 PM Deleted: Exploit.Java.CVE-2010-0840.fb /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/26/4549b0da-5d6747a6 12/9/11 7:34 PM Detected: Exploit.Java.CVE-2010-0840.fb /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/39/65409e7-16c5bb6c/photo/Zoom.class 12/9/11 7:34 PM Deleted: Exploit.Java.CVE-2010-0840.fb /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/39/65409e7-16c5bb6c 12/9/11 7:34 PM Detected: Exploit.Java.CVE-2010-4452.a /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/62/5024297e-52010181 12/9/11 7:34 PM Deleted: Exploit.Java.CVE-2010-4452.a /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/62/5024297e-52010181 12/9/11 7:34 PM Detected: Exploit.Java.CVE-2010-4452.a /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/62/5024297e-72eb7fce 12/9/11 7:34 PM Deleted: Exploit.Java.CVE-2010-4452.a /mnt/MountedDevices/PD-0BD38172-0000000000100000/Users/Roland/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/62/5024297e-72eb7fce 12/9/11 7:34 PM Detected: Backdoor.Win32.ZAccess.aug C:/Windows/assembly/GAC_32/Desktop.ini 12/9/11 7:34 PM Deleted: Backdoor.Win32.ZAccess.aug C:/Windows/assembly/GAC_32/Desktop.ini 12/9/11 7:34 PM Detected: Backdoor.Win64.ZAccess.aj C:/Windows/assembly/GAC_64/Desktop.ini 12/9/11 7:34 PM Deleted: Backdoor.Win64.ZAccess.aj C:/Windows/assembly/GAC_64/Desktop.ini 12/9/11 7:34 PM Detected: Trojan-Downloader.Win32.Agent.gyak C:/Windows/assembly/temp/U/80000032.@ 12/9/11 7:34 PM Deleted: Trojan-Downloader.Win32.Agent.gyak C:/Windows/assembly/temp/U/80000032.@ 12/9/11 7:34 PM Detected: Rootkit.Boot.SST.a /dev/sda 12/9/11 7:34 PM Disinfected: Rootkit.Boot.SST.a /dev/sda 12/9/11 7:34 PM Disinfected: Rootkit.Boot.SST.a /dev/sda 12/9/11 7:34 PM Task completed -
Iexplorer process ,google redirect, &explorer crashes
Rolandz replied to Rolandz's topic in Resolved Malware Removal Logs
oo here combofix.txt -
Iexplorer process ,google redirect, &explorer crashes
Rolandz replied to Rolandz's topic in Resolved Malware Removal Logs
heh sorry forsome reason the combofix log is waay to long for the post i will have to attach -
Iexplorer process ,google redirect, &explorer crashes
Rolandz replied to Rolandz's topic in Resolved Malware Removal Logs
ooh heey no problem but hey im having the hardest trouble trying to get into my bios to change the boot sequence i dunno what but any F key i press goes to a boot menu that only has the option of going windows or a memory registry edit something something so i only got the combo fix and the malwarebyte atm Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8298 Windows 6.1.7600 Internet Explorer 9.0.8112.16421 12/3/2011 12:39:56 PM mbam-log-2011-12-03 (12-39-56).txt Scan type: Quick scan Objects scanned: 236424 Time elapsed: 3 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) -
Iexplorer process ,google redirect, &explorer crashes
Rolandz replied to Rolandz's topic in Resolved Malware Removal Logs
hey screen ya still with me i m getting a new complication each day av programs that auto download like av guard and win7 2012 av gotta keep using malwarebyte & combofix everyday and i still cannot turn on my firewall the normal window doesnt show and when i clicked recommended settings and i get "windows firewall can't change some of your settings Error code 0x800742c -
Iexplorer process ,google redirect, &explorer crashes
Rolandz replied to Rolandz's topic in Resolved Malware Removal Logs
getting another problem as well now i have popups and i keep getting a error everytime i try to turn my firewall on it just wont let me also i keep getting infected by av guard 2012 every now and again -
Iexplorer process ,google redirect, &explorer crashes
Rolandz replied to Rolandz's topic in Resolved Malware Removal Logs
aye aye no problemo Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8206 Windows 6.1.7600 Internet Explorer 9.0.8112.16421 11/21/2011 11:30:12 AM mbam-log-2011-11-21 (11-30-12).txt Scan type: Full scan (C:\|) Objects scanned: 1168086 Time elapsed: 2 hour(s), 44 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ComboFix 11-11-22.03 - Roland 11/22/2011 20:27:13.3.8 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2344 [GMT -5:00] Running from: c:\users\Roland\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\LP c:\program files (x86)\LP\91AF\1341.tmp c:\program files (x86)\LP\91AF\1AD1.tmp c:\program files (x86)\LP\91AF\2413.tmp c:\program files (x86)\LP\91AF\9B95.tmp c:\windows\system32\consrv.dll c:\windows\System64 . . ((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 ))))))))))))))))))))))))))))))) . . 2011-11-23 02:17 . 2011-11-23 02:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-11-23 02:17 . 2011-11-23 02:17 -------- d-----w- c:\users\Parker\AppData\Local\temp 2011-11-23 02:17 . 2011-11-23 02:17 -------- d-----w- c:\users\Parker.Roland714\AppData\Local\temp 2011-11-23 02:17 . 2011-11-23 02:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-22 23:57 . 2011-11-23 00:43 -------- d-----w- c:\program files (x86)\98C23 2011-11-22 19:09 . 2011-11-22 19:09 -------- d-----w- c:\programdata\PackfileExplorer 2011-11-20 05:40 . 2011-11-20 05:40 -------- d-----w- c:\users\Roland\AppData\Roaming\Blender Foundation 2011-11-20 05:40 . 2011-11-20 05:40 -------- d-----w- c:\users\Roland\.thumbnails 2011-11-16 04:28 . 2011-11-16 04:28 -------- d-----w- c:\programdata\Malwarebytes 2011-11-16 04:28 . 2011-11-16 04:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-11-13 05:13 . 2011-11-13 05:13 -------- d-----w- C:\Noesis 2011-11-07 08:56 . 2011-11-20 03:18 -------- d-----w- c:\programdata\3d-io 2011-11-07 08:56 . 2011-11-20 04:19 -------- d-----w- c:\program files (x86)\3d-io plugins 2011-11-04 00:40 . 2011-11-18 01:25 -------- d-----w- c:\users\Roland\AppData\Local\Akamai 2011-11-02 07:27 . 2011-11-02 07:27 -------- d-----w- c:\program files (x86)\ESET 2011-10-29 20:26 . 2011-10-29 21:05 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2011-10-29 20:26 . 2011-10-29 21:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-10-29 03:51 . 2011-10-29 03:51 -------- d-----w- c:\users\Roland\Smoke_Victory 2011-10-26 00:40 . 2011-10-26 00:40 -------- d-----w- c:\program files\CCleaner 2011-10-25 22:21 . 2011-10-26 05:17 -------- d-----w- c:\programdata\McAfee 2011-10-24 15:42 . 2011-10-24 15:42 -------- d-----w- c:\users\Roland\AppData\Roaming\CIrNA1vS2FpGaJd 2011-10-24 15:42 . 2011-10-24 15:42 -------- d-----w- c:\users\Roland\AppData\Roaming\CL9hTXqjUeIrOy 2011-10-24 15:42 . 2011-10-24 15:42 -------- d-----w- c:\users\Roland\AppData\Roaming\bcS1ibD3oGaHsJ 2011-10-24 15:42 . 2011-10-24 15:42 -------- d-----w- c:\users\Roland\AppData\Roaming\At0c1b3n4m6W7Lg 2011-10-24 15:41 . 2011-10-24 15:41 -------- d-----w- c:\users\Roland\AppData\Roaming\A2b3n4HsKfLg 2011-10-24 15:41 . 2011-10-24 15:41 -------- d-----w- c:\users\Roland\AppData\Roaming\adWK7fRL9TqYeIr 2011-10-24 08:28 . 2011-10-24 08:28 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\Cp5JEg9YXUlzNAv 2011-10-24 08:27 . 2011-10-24 08:27 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\V7dEL8gRZhXkVlB 2011-10-24 08:13 . 2011-10-24 08:13 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\cuvDD2ob4pm5sJd 2011-10-24 08:12 . 2011-10-24 08:12 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\RJJJ6ddEK8fR9h 2011-10-24 08:12 . 2011-10-24 08:12 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\LCCCeekIBrzOyx0 2011-10-24 08:12 . 2011-10-24 08:12 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\DsssWJJ7fEL8TZh 2011-10-24 08:12 . 2011-10-24 08:12 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\CgggRZZ9hYXwUV 2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\K9hhTTXqjUCeIBz 2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\yEEL8gTZqhCwUr 2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\l7dEEL8gZqhXwUe 2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\QYCwwUUrlOBx0c 2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\JIIBrzPNyx1uSoF 2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\J1iivD3onF4aHsW 2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\q1uvS2obFpGaJdK 2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\EivD3onF4m 2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\GobF3pmG5Q6W8R9 2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\cD33onF4a 2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\sZqjjCCwIVrONx 2011-10-24 08:09 . 2011-10-24 08:09 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\AUCekIBrz 2011-10-24 08:08 . 2011-10-24 08:08 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\FNttxxA0ucS2 2011-10-24 08:07 . 2011-10-24 08:07 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\SELL88gTZqhYCkV 2011-10-24 08:06 . 2011-10-24 08:06 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\CyyccA11uvDob4 2011-10-24 08:05 . 2011-10-24 08:05 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\CSSS2iibF3pn5aH 2011-10-24 08:04 . 2011-10-24 08:04 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\HyxAAuuS2ob3m5a 2011-10-24 08:03 . 2011-10-24 08:03 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\EG5aQH6dW7 2011-10-24 08:02 . 2011-10-24 08:02 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\WL9gTZqjYwIrOtP 2011-10-24 08:01 . 2011-10-24 08:01 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\VZ9hhXXjUeIr 2011-10-24 08:00 . 2011-10-24 08:00 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\IvvDD3oonF4m 2011-10-24 07:59 . 2011-10-24 07:59 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\mQQJJ6dK8f 2011-10-24 07:58 . 2011-10-24 07:58 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\YtxxAA0ucS2iD3n 2011-10-24 07:57 . 2011-10-24 07:57 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\cUUUCCelIBrzNyA 2011-10-24 07:56 . 2011-10-24 07:56 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\zGG44amHH6 2011-10-24 07:55 . 2011-10-24 07:55 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\OaQJJ6dW8f 2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\Z9hYXwjUVlBz 2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\ppnG5aQH6W7R9Tq 2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\pmG5sQJ6d 2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\JbD3pnG4aHsKfLg 2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\CIBrzPNyx1v2b3m 2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\eCwkUVrlOtPySiD 2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\ThTXqjUCeIrOyAu 2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\B0yycS1iv3on4 2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\QzzPNyxA1uS 2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\drrllOBBtxPyc1i 2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\mffEL9gTZqYCk 2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\j111uvvD2o 2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\vgggRZZqhYXkUVl 2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\dKK88fRZ9hTXwUe 2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\fssQQJ7dEK8gR9Y 2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\OGGG4aaQH6 2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\J5aaQQH6dWK7RLg 2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\bmmHH5sQQJdEKgR 2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\lCwkkVVrOBtP 2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\hUCekIBrzNx0v2b 2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\CkUVrlOBtPySiDo 2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\gcS2ibD3pGaHsKf 2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\suvDDooF4pGsJdK 2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\bnFF4amH5WJ7E8 2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\GF33pnG5aH6dKfL 2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\BPNNyyxA1uvSob3 2011-10-24 07:50 . 2011-10-24 07:50 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\p8fRL9hTXjCkBzN 2011-10-24 07:49 . 2011-10-24 07:49 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\xPPNyxxA1uvSob 2011-10-24 07:48 . 2011-10-24 07:48 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\GkUUVVelOBtz0yA 2011-10-24 07:47 . 2011-10-24 07:47 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\hH55ssQJ7dEK8R9 2011-10-24 07:46 . 2011-10-24 07:46 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\e888gRRZqhYXkUe 2011-10-24 07:45 . 2011-10-24 07:45 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\G22iibD33pG4aHs 2011-10-24 07:44 . 2011-10-24 07:44 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\US2ibD3pn4Q6W7E 2011-10-24 07:43 . 2011-10-24 07:43 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\dWJ7fEL8gZhCkVl 2011-10-24 07:42 . 2011-10-24 07:42 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\m33oonFF4am5s 2011-10-24 07:41 . 2011-10-24 07:41 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\EaaaQJJ6dWK8RLh . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-23 02:21 . 2011-01-30 01:34 30528 ----a-w- c:\windows\GVTDrv64.sys 2011-11-23 02:21 . 2011-01-30 01:34 25640 ----a-w- c:\windows\gdrv.sys 2011-11-19 15:41 . 2011-07-11 14:12 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2011-11-19 15:41 . 2011-07-11 13:56 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2011-11-19 15:40 . 2011-07-11 13:56 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2011-10-01 06:15 . 2011-05-30 15:54 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-28 22:45 . 2011-09-28 22:45 15453832 ----a-w- c:\windows\SysWow64\xlive.dll 2011-09-28 22:45 . 2011-09-28 22:45 13642888 ----a-w- c:\windows\SysWow64\xlivefnt.dll 2011-09-08 03:27 . 2011-09-08 03:27 0 ----a-w- c:\windows\DXT8511.tmp 2011-09-08 03:27 . 2011-09-08 03:27 0 ----a-w- c:\windows\DXT84B2.tmp 2011-09-08 03:27 . 2011-09-08 03:27 0 ----a-w- c:\windows\DXT82ED.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768] "Akamai NetSession Interface"="c:\users\Roland\AppData\Local\Akamai\netsession_win.exe" [2011-11-17 3303000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496] "EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R1 ksleovbm;ksleovbm;c:\windows\system32\drivers\ksleovbm.sys [x] R1 zjlxuskj;zjlxuskj;c:\windows\system32\drivers\zjlxuskj.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x] R3 dump_wmimmc;dump_wmimmc;c:\gpotato\Rappelz\GameGuard\dump_wmimmc.sys [x] R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-05-19 25640] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-19 1431888] R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-11-23 30528] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S2 3d-io License Server v2.0;3d-io License Server v2.0;c:\program files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe [2009-12-15 34816] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464] S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-18 68136] S2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2010-06-16 86016] S2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016] S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464] S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-14 114688] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536] "combofix"="c:\combofix\CF12511.3XE" [2009-07-14 344576] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 10.1.10.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll FF - ProfilePath - c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ytff-devicevm&type=IEBD&p= . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-Blender - c:\program files (x86)\Blender Foundation\Blender\uninstall.exe AddRemove-L4D2SP - c:\users\Roland\Downloads\Left 4 Dead 2 V2.0.2.7 Full-Rip {blaze69}\Uninstall SP.exe AddRemove-NSS - c:\program files (x86)\Norton Security Scan\Engine\3.1.1.6\InstWrap.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe AddRemove-SystemRequirementsLab - c:\program files (x86)\SystemRequirementsLab\Uninstall.exe AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files (x86)\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742} AddRemove-{EAD475E8-14E5-4854-8AF5-CE6B4024237C}_is1 - c:\gpotato\Rappelz\unins000.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2750241520-802747955-1049020851-1000\Software\SecuROM\License information*] "datasecu"=hex:b7,c4,ae,7c,56,78,a7,c5,b8,b5,d3,a9,38,9f,3b,6a,7a,27,41,9e,52, 65,32,8c,4d,e9,94,44,dc,8b,5e,14,64,58,19,66,3e,7a,26,df,39,98,01,63,6b,4d,\ "rkeysecu"=hex:16,9c,be,ed,91,41,cb,0f,88,80,e3,87,20,f8,fa,08 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*] @=hex:b1,5d,8e,62,5e,fa,cb,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*] @=hex:f3,d4,a9,62,5e,fa,cb,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*] @=hex:ab,94,9c,5f,5e,fa,cb,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*] @=hex:d5,9d,ba,62,5e,fa,cb,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe . ************************************************************************** . Completion time: 2011-11-22 21:44:45 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-23 02:44 ComboFix2.txt 2011-11-16 04:04 . Pre-Run: 308,894,740,480 bytes free Post-Run: 306,652,872,704 bytes free . - - End Of File - - 1E53317788E4DEF6D9534FE842FBD803 -
Iexplorer process ,google redirect, &explorer crashes
Rolandz replied to Rolandz's topic in Resolved Malware Removal Logs
mm sorry i forgot how i got the dds again i thought it was mb that generated that log but i've done 2 scans now i only get the smaller log -
Iexplorer process ,google redirect, &explorer crashes
Rolandz replied to Rolandz's topic in Resolved Malware Removal Logs
aye aye ComboFix 11-11-15.06 - Roland 11/15/2011 21:46:31.2.8 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2843 [GMT -5:00] Running from: c:\users\Roland\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 ))))))))))))))))))))))))))))))) . . 2011-11-16 03:34 . 2011-11-16 03:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-11-16 03:34 . 2011-11-16 03:34 -------- d-----w- c:\users\Parker.Roland714\AppData\Local\temp 2011-11-16 03:34 . 2011-11-16 03:34 -------- d-----w- c:\users\Parker\AppData\Local\temp 2011-11-16 03:34 . 2011-11-16 03:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-13 05:13 . 2011-11-13 05:13 -------- d-----w- C:\Noesis 2011-11-07 08:56 . 2011-11-07 08:56 -------- d-----w- c:\programdata\3d-io 2011-11-07 08:56 . 2011-11-07 08:56 -------- d-----w- c:\program files (x86)\3d-io plugins 2011-11-04 00:40 . 2011-11-16 01:53 -------- d-----w- c:\users\Roland\AppData\Local\Akamai 2011-11-02 07:27 . 2011-11-02 07:27 -------- d-----w- c:\program files (x86)\ESET 2011-10-29 20:26 . 2011-10-29 21:05 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2011-10-29 20:26 . 2011-10-29 21:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-10-29 03:51 . 2011-10-29 03:51 -------- d-----w- c:\users\Roland\Smoke_Victory 2011-10-26 00:40 . 2011-10-26 00:40 -------- d-----w- c:\program files\CCleaner 2011-10-25 22:21 . 2011-10-26 05:17 -------- d-----w- c:\programdata\McAfee 2011-10-24 15:41 . 2011-10-24 15:41 -------- d-----w- c:\users\Roland\AppData\Roaming\A2b3n4HsKfLg 2011-10-24 15:41 . 2011-10-24 15:41 -------- d-----w- c:\users\Roland\AppData\Roaming\adWK7fRL9TqYeIr 2011-10-24 08:28 . 2011-10-24 08:28 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\Cp5JEg9YXUlzNAv 2011-10-24 08:27 . 2011-10-24 08:27 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\V7dEL8gRZhXkVlB 2011-10-24 08:13 . 2011-10-24 08:13 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\cuvDD2ob4pm5sJd 2011-10-24 08:12 . 2011-10-24 08:12 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\RJJJ6ddEK8fR9h 2011-10-24 08:12 . 2011-10-24 08:12 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\LCCCeekIBrzOyx0 2011-10-24 08:12 . 2011-10-24 08:12 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\DsssWJJ7fEL8TZh 2011-10-24 08:12 . 2011-10-24 08:12 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\CgggRZZ9hYXwUV 2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\K9hhTTXqjUCeIBz 2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\yEEL8gTZqhCwUr 2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\l7dEEL8gZqhXwUe 2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\QYCwwUUrlOBx0c 2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\JIIBrzPNyx1uSoF 2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\J1iivD3onF4aHsW 2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\q1uvS2obFpGaJdK 2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\EivD3onF4m 2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\GobF3pmG5Q6W8R9 2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\cD33onF4a 2011-10-24 08:11 . 2011-10-24 08:11 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\sZqjjCCwIVrONx 2011-10-24 08:09 . 2011-10-24 08:09 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\AUCekIBrz 2011-10-24 08:08 . 2011-10-24 08:08 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\FNttxxA0ucS2 2011-10-24 08:07 . 2011-10-24 08:07 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\SELL88gTZqhYCkV 2011-10-24 08:06 . 2011-10-24 08:06 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\CyyccA11uvDob4 2011-10-24 08:05 . 2011-10-24 08:05 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\CSSS2iibF3pn5aH 2011-10-24 08:04 . 2011-10-24 08:04 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\HyxAAuuS2ob3m5a 2011-10-24 08:03 . 2011-10-24 08:03 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\EG5aQH6dW7 2011-10-24 08:02 . 2011-10-24 08:02 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\WL9gTZqjYwIrOtP 2011-10-24 08:01 . 2011-10-24 08:01 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\VZ9hhXXjUeIr 2011-10-24 08:00 . 2011-10-24 08:00 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\IvvDD3oonF4m 2011-10-24 07:59 . 2011-10-24 07:59 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\mQQJJ6dK8f 2011-10-24 07:58 . 2011-10-24 07:58 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\YtxxAA0ucS2iD3n 2011-10-24 07:57 . 2011-10-24 07:57 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\cUUUCCelIBrzNyA 2011-10-24 07:56 . 2011-10-24 07:56 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\zGG44amHH6 2011-10-24 07:55 . 2011-10-24 07:55 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\OaQJJ6dW8f 2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\Z9hYXwjUVlBz 2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\ppnG5aQH6W7R9Tq 2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\pmG5sQJ6d 2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\JbD3pnG4aHsKfLg 2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\CIBrzPNyx1v2b3m 2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\eCwkUVrlOtPySiD 2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\ThTXqjUCeIrOyAu 2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\B0yycS1iv3on4 2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\QzzPNyxA1uS 2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\drrllOBBtxPyc1i 2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\mffEL9gTZqYCk 2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\j111uvvD2o 2011-10-24 07:54 . 2011-10-24 07:54 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\vgggRZZqhYXkUVl 2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\dKK88fRZ9hTXwUe 2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\fssQQJ7dEK8gR9Y 2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\OGGG4aaQH6 2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\J5aaQQH6dWK7RLg 2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\bmmHH5sQQJdEKgR 2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\lCwkkVVrOBtP 2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\hUCekIBrzNx0v2b 2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\CkUVrlOBtPySiDo 2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\gcS2ibD3pGaHsKf 2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\suvDDooF4pGsJdK 2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\bnFF4amH5WJ7E8 2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\GF33pnG5aH6dKfL 2011-10-24 07:52 . 2011-10-24 07:52 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\BPNNyyxA1uvSob3 2011-10-24 07:50 . 2011-10-24 07:50 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\p8fRL9hTXjCkBzN 2011-10-24 07:49 . 2011-10-24 07:49 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\xPPNyxxA1uvSob 2011-10-24 07:48 . 2011-10-24 07:48 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\GkUUVVelOBtz0yA 2011-10-24 07:47 . 2011-10-24 07:47 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\hH55ssQJ7dEK8R9 2011-10-24 07:46 . 2011-10-24 07:46 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\e888gRRZqhYXkUe 2011-10-24 07:45 . 2011-10-24 07:45 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\G22iibD33pG4aHs 2011-10-24 07:44 . 2011-10-24 07:44 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\US2ibD3pn4Q6W7E 2011-10-24 07:43 . 2011-10-24 07:43 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\dWJ7fEL8gZhCkVl 2011-10-24 07:42 . 2011-10-24 07:42 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\m33oonFF4am5s 2011-10-24 07:41 . 2011-10-24 07:41 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\EaaaQJJ6dWK8RLh 2011-10-19 04:15 . 2011-10-19 04:20 -------- d-----w- c:\users\Roland\AppData\Roaming\Notepad++ . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-16 03:41 . 2011-01-30 01:34 30528 ----a-w- c:\windows\GVTDrv64.sys 2011-11-16 03:41 . 2011-01-30 01:34 25640 ----a-w- c:\windows\gdrv.sys 2011-10-01 06:15 . 2011-05-30 15:54 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-28 22:45 . 2011-09-28 22:45 15453832 ----a-w- c:\windows\SysWow64\xlive.dll 2011-09-28 22:45 . 2011-09-28 22:45 13642888 ----a-w- c:\windows\SysWow64\xlivefnt.dll 2011-09-08 03:27 . 2011-09-08 03:27 0 ----a-w- c:\windows\DXT8511.tmp 2011-09-08 03:27 . 2011-09-08 03:27 0 ----a-w- c:\windows\DXT84B2.tmp 2011-09-08 03:27 . 2011-09-08 03:27 0 ----a-w- c:\windows\DXT82ED.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768] "Akamai NetSession Interface"="c:\users\Roland\AppData\Local\Akamai\netsession_win.exe" [2011-11-15 3303000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496] "EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R1 ksleovbm;ksleovbm;c:\windows\system32\drivers\ksleovbm.sys [x] R1 zjlxuskj;zjlxuskj;c:\windows\system32\drivers\zjlxuskj.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x] R3 dump_wmimmc;dump_wmimmc;c:\gpotato\Rappelz\GameGuard\dump_wmimmc.sys [x] R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-05-19 25640] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-19 1431888] R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-11-16 30528] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S2 3d-io License Server v2.0;3d-io License Server v2.0;c:\program files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe [2009-12-15 34816] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464] S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-18 68136] S2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2010-06-16 86016] S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464] S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-14 114688] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 10.1.10.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll FF - ProfilePath - c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ytff-devicevm&type=IEBD&p= . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-Blender - c:\program files (x86)\Blender Foundation\Blender\uninstall.exe AddRemove-L4D2SP - c:\users\Roland\Downloads\Left 4 Dead 2 V2.0.2.7 Full-Rip {blaze69}\Uninstall SP.exe AddRemove-NSS - c:\program files (x86)\Norton Security Scan\Engine\3.1.1.6\InstWrap.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe AddRemove-SystemRequirementsLab - c:\program files (x86)\SystemRequirementsLab\Uninstall.exe AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files (x86)\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742} AddRemove-{EAD475E8-14E5-4854-8AF5-CE6B4024237C}_is1 - c:\gpotato\Rappelz\unins000.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_3c5db2f.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2750241520-802747955-1049020851-1000\Software\SecuROM\License information*] "datasecu"=hex:b7,c4,ae,7c,56,78,a7,c5,b8,b5,d3,a9,38,9f,3b,6a,7a,27,41,9e,52, 65,32,8c,4d,e9,94,44,dc,8b,5e,14,64,58,19,66,3e,7a,26,df,39,98,01,63,6b,4d,\ "rkeysecu"=hex:16,9c,be,ed,91,41,cb,0f,88,80,e3,87,20,f8,fa,08 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*] @=hex:b1,5d,8e,62,5e,fa,cb,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*] @=hex:f3,d4,a9,62,5e,fa,cb,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*] @=hex:ab,94,9c,5f,5e,fa,cb,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*] @=hex:d5,9d,ba,62,5e,fa,cb,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe c:\program files (x86)\Steam\Steam.exe c:\program files (x86)\steam\steamapps\ramoneb\sourcesdk\bin\SDKLauncher.exe c:\program files (x86)\steam\steamapps\ramoneb\sourcesdk\bin\source2009\bin\hlmv.exe . ************************************************************************** . Completion time: 2011-11-15 23:04:24 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-16 04:04 ComboFix2.txt 2011-11-07 07:03 . Pre-Run: 317,682,085,888 bytes free Post-Run: 317,273,100,288 bytes free . - - End Of File - - 131218699097B055A2D9A1BE63CA797F 21:28:49.0106 3900 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15 21:28:49.0409 3900 ============================================================ 21:28:49.0409 3900 Current date / time: 2011/11/15 21:28:49.0409 21:28:49.0409 3900 SystemInfo: 21:28:49.0409 3900 21:28:49.0409 3900 OS Version: 6.1.7600 ServicePack: 0.0 21:28:49.0409 3900 Product type: Workstation 21:28:49.0410 3900 ComputerName: ROLAND714 21:28:49.0410 3900 UserName: Roland 21:28:49.0410 3900 Windows directory: C:\Windows 21:28:49.0410 3900 System windows directory: C:\Windows 21:28:49.0410 3900 Running under WOW64 21:28:49.0410 3900 Processor architecture: Intel x64 21:28:49.0410 3900 Number of processors: 8 21:28:49.0410 3900 Page size: 0x1000 21:28:49.0410 3900 Boot type: Normal boot 21:28:49.0410 3900 ============================================================ 21:28:50.0623 3900 Initialize success 21:28:51.0391 3160 ============================================================ 21:28:51.0391 3160 Scan started 21:28:51.0391 3160 Mode: Manual; 21:28:51.0391 3160 ============================================================ 21:28:54.0285 3160 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 21:28:54.0290 3160 1394ohci - ok 21:28:54.0341 3160 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 21:28:54.0344 3160 ACPI - ok 21:28:54.0363 3160 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 21:28:54.0364 3160 AcpiPmi - ok 21:28:54.0392 3160 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 21:28:54.0396 3160 adp94xx - ok 21:28:54.0431 3160 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 21:28:54.0435 3160 adpahci - ok 21:28:54.0451 3160 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 21:28:54.0454 3160 adpu320 - ok 21:28:54.0508 3160 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys 21:28:54.0513 3160 AFD - ok 21:28:54.0527 3160 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 21:28:54.0529 3160 agp440 - ok 21:28:54.0550 3160 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 21:28:54.0551 3160 aliide - ok 21:28:54.0567 3160 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 21:28:54.0569 3160 amdide - ok 21:28:54.0581 3160 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 21:28:54.0582 3160 AmdK8 - ok 21:28:54.0594 3160 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 21:28:54.0595 3160 AmdPPM - ok 21:28:54.0607 3160 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys 21:28:54.0609 3160 amdsata - ok 21:28:54.0621 3160 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 21:28:54.0622 3160 amdsbs - ok 21:28:54.0642 3160 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys 21:28:54.0643 3160 amdxata - ok 21:28:54.0664 3160 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 21:28:54.0666 3160 AppID - ok 21:28:54.0723 3160 AppleCharger (a632d9ea15f37d2605a7fcaf3892ec96) C:\Windows\system32\DRIVERS\AppleCharger.sys 21:28:54.0724 3160 AppleCharger - ok 21:28:54.0745 3160 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 21:28:54.0747 3160 arc - ok 21:28:54.0764 3160 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 21:28:54.0765 3160 arcsas - ok 21:28:54.0783 3160 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 21:28:54.0784 3160 AsyncMac - ok 21:28:54.0799 3160 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 21:28:54.0800 3160 atapi - ok 21:28:54.0825 3160 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 21:28:54.0830 3160 b06bdrv - ok 21:28:54.0842 3160 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 21:28:54.0844 3160 b57nd60a - ok 21:28:54.0866 3160 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 21:28:54.0867 3160 Beep - ok 21:28:54.0902 3160 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 21:28:54.0903 3160 blbdrive - ok 21:28:54.0972 3160 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 21:28:54.0983 3160 bowser - ok 21:28:54.0996 3160 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 21:28:54.0997 3160 BrFiltLo - ok 21:28:55.0010 3160 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 21:28:55.0011 3160 BrFiltUp - ok 21:28:55.0021 3160 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 21:28:55.0024 3160 Brserid - ok 21:28:55.0031 3160 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 21:28:55.0032 3160 BrSerWdm - ok 21:28:55.0055 3160 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 21:28:55.0057 3160 BrUsbMdm - ok 21:28:55.0073 3160 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 21:28:55.0074 3160 BrUsbSer - ok 21:28:55.0081 3160 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 21:28:55.0082 3160 BTHMODEM - ok 21:28:55.0115 3160 catchme - ok 21:28:55.0140 3160 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 21:28:55.0142 3160 cdfs - ok 21:28:55.0155 3160 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 21:28:55.0157 3160 cdrom - ok 21:28:55.0165 3160 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 21:28:55.0166 3160 circlass - ok 21:28:55.0213 3160 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 21:28:55.0217 3160 CLFS - ok 21:28:55.0238 3160 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 21:28:55.0239 3160 CmBatt - ok 21:28:55.0251 3160 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 21:28:55.0252 3160 cmdide - ok 21:28:55.0275 3160 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 21:28:55.0279 3160 CNG - ok 21:28:55.0299 3160 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 21:28:55.0300 3160 Compbatt - ok 21:28:55.0319 3160 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 21:28:55.0320 3160 CompositeBus - ok 21:28:55.0339 3160 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 21:28:55.0340 3160 crcdisk - ok 21:28:55.0458 3160 CrystalSysInfo (5228b7a738dc90a06ae4f4a7412cb1e9) C:\Program Files\MediaCoder\SysInfoX64.sys 21:28:55.0459 3160 CrystalSysInfo - ok 21:28:55.0474 3160 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys 21:28:55.0479 3160 CSC - ok 21:28:55.0533 3160 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 21:28:55.0535 3160 DfsC - ok 21:28:55.0545 3160 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 21:28:55.0546 3160 discache - ok 21:28:55.0568 3160 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 21:28:55.0570 3160 Disk - ok 21:28:55.0617 3160 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 21:28:55.0617 3160 drmkaud - ok 21:28:55.0660 3160 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 21:28:55.0662 3160 dtsoftbus01 - ok 21:28:55.0674 3160 dump_wmimmc - ok 21:28:55.0739 3160 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 21:28:55.0757 3160 DXGKrnl - ok 21:28:55.0816 3160 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 21:28:55.0872 3160 ebdrv - ok 21:28:55.0903 3160 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 21:28:55.0908 3160 elxstor - ok 21:28:55.0924 3160 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 21:28:55.0927 3160 ErrDev - ok 21:28:55.0990 3160 etdrv (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys 21:28:55.0991 3160 etdrv - ok 21:28:56.0001 3160 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 21:28:56.0004 3160 exfat - ok 21:28:56.0027 3160 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 21:28:56.0029 3160 fastfat - ok 21:28:56.0045 3160 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 21:28:56.0046 3160 fdc - ok 21:28:56.0065 3160 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 21:28:56.0066 3160 FileInfo - ok 21:28:56.0075 3160 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 21:28:56.0076 3160 Filetrace - ok 21:28:56.0093 3160 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 21:28:56.0094 3160 flpydisk - ok 21:28:56.0118 3160 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 21:28:56.0121 3160 FltMgr - ok 21:28:56.0136 3160 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 21:28:56.0137 3160 FsDepends - ok 21:28:56.0145 3160 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 21:28:56.0146 3160 Fs_Rec - ok 21:28:56.0159 3160 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 21:28:56.0163 3160 fvevol - ok 21:28:56.0170 3160 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 21:28:56.0171 3160 gagp30kx - ok 21:28:56.0200 3160 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys 21:28:56.0201 3160 gdrv - ok 21:28:56.0257 3160 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 21:28:56.0258 3160 GEARAspiWDM - ok 21:28:56.0371 3160 GGSAFERDriver - ok 21:28:56.0419 3160 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys 21:28:56.0421 3160 GVTDrv64 - ok 21:28:56.0457 3160 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys 21:28:56.0458 3160 hamachi - ok 21:28:56.0475 3160 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 21:28:56.0476 3160 hcw85cir - ok 21:28:56.0527 3160 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 21:28:56.0530 3160 HdAudAddService - ok 21:28:56.0549 3160 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 21:28:56.0551 3160 HDAudBus - ok 21:28:56.0593 3160 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 21:28:56.0594 3160 HidBatt - ok 21:28:56.0601 3160 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 21:28:56.0602 3160 HidBth - ok 21:28:56.0609 3160 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 21:28:56.0610 3160 HidIr - ok 21:28:56.0675 3160 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 21:28:56.0676 3160 HidUsb - ok 21:28:56.0709 3160 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 21:28:56.0710 3160 HpSAMD - ok 21:28:56.0744 3160 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 21:28:56.0751 3160 HTTP - ok 21:28:56.0768 3160 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 21:28:56.0769 3160 hwpolicy - ok 21:28:56.0778 3160 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 21:28:56.0779 3160 i8042prt - ok 21:28:56.0804 3160 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys 21:28:56.0809 3160 iaStorV - ok 21:28:56.0824 3160 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 21:28:56.0826 3160 iirsp - ok 21:28:56.0899 3160 IntcAzAudAddService (163f94ebf8f8a98616a6b804af08d736) C:\Windows\system32\drivers\RTKVHD64.sys 21:28:56.0938 3160 IntcAzAudAddService - ok 21:28:56.0988 3160 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 21:28:56.0990 3160 intelide - ok 21:28:57.0016 3160 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 21:28:57.0017 3160 intelppm - ok 21:28:57.0026 3160 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 21:28:57.0028 3160 IPMIDRV - ok 21:28:57.0035 3160 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 21:28:57.0037 3160 IPNAT - ok 21:28:57.0071 3160 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 21:28:57.0071 3160 IRENUM - ok 21:28:57.0079 3160 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 21:28:57.0079 3160 isapnp - ok 21:28:57.0119 3160 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 21:28:57.0123 3160 iScsiPrt - ok 21:28:57.0138 3160 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 21:28:57.0139 3160 kbdclass - ok 21:28:57.0146 3160 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 21:28:57.0147 3160 kbdhid - ok 21:28:57.0160 3160 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 21:28:57.0162 3160 KSecDD - ok 21:28:57.0178 3160 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 21:28:57.0180 3160 KSecPkg - ok 21:28:57.0196 3160 ksleovbm - ok 21:28:57.0210 3160 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 21:28:57.0211 3160 ksthunk - ok 21:28:57.0242 3160 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 21:28:57.0243 3160 lltdio - ok 21:28:57.0254 3160 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 21:28:57.0255 3160 LSI_FC - ok 21:28:57.0262 3160 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 21:28:57.0264 3160 LSI_SAS - ok 21:28:57.0270 3160 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 21:28:57.0272 3160 LSI_SAS2 - ok 21:28:57.0279 3160 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 21:28:57.0280 3160 LSI_SCSI - ok 21:28:57.0294 3160 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 21:28:57.0296 3160 luafv - ok 21:28:57.0304 3160 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 21:28:57.0305 3160 megasas - ok 21:28:57.0315 3160 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 21:28:57.0318 3160 MegaSR - ok 21:28:57.0355 3160 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 21:28:57.0357 3160 Modem - ok 21:28:57.0371 3160 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 21:28:57.0371 3160 monitor - ok 21:28:57.0381 3160 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 21:28:57.0383 3160 mouclass - ok 21:28:57.0394 3160 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 21:28:57.0395 3160 mouhid - ok 21:28:57.0414 3160 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 21:28:57.0415 3160 mountmgr - ok 21:28:57.0423 3160 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 21:28:57.0426 3160 mpio - ok 21:28:57.0436 3160 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 21:28:57.0438 3160 mpsdrv - ok 21:28:57.0458 3160 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 21:28:57.0460 3160 MRxDAV - ok 21:28:57.0502 3160 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 21:28:57.0504 3160 mrxsmb - ok 21:28:57.0549 3160 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:28:57.0552 3160 mrxsmb10 - ok 21:28:57.0564 3160 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:28:57.0567 3160 mrxsmb20 - ok 21:28:57.0574 3160 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 21:28:57.0575 3160 msahci - ok 21:28:57.0595 3160 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 21:28:57.0597 3160 msdsm - ok 21:28:57.0620 3160 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 21:28:57.0621 3160 Msfs - ok 21:28:57.0637 3160 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 21:28:57.0638 3160 mshidkmdf - ok 21:28:57.0648 3160 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 21:28:57.0649 3160 msisadrv - ok 21:28:57.0664 3160 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 21:28:57.0665 3160 MSKSSRV - ok 21:28:57.0680 3160 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 21:28:57.0681 3160 MSPCLOCK - ok 21:28:57.0694 3160 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 21:28:57.0695 3160 MSPQM - ok 21:28:57.0718 3160 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 21:28:57.0722 3160 MsRPC - ok 21:28:57.0739 3160 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 21:28:57.0740 3160 mssmbios - ok 21:28:57.0756 3160 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 21:28:57.0757 3160 MSTEE - ok 21:28:57.0768 3160 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 21:28:57.0769 3160 MTConfig - ok 21:28:57.0813 3160 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 21:28:57.0815 3160 Mup - ok 21:28:57.0847 3160 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 21:28:57.0850 3160 NativeWifiP - ok 21:28:57.0890 3160 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 21:28:57.0899 3160 NDIS - ok 21:28:57.0920 3160 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 21:28:57.0921 3160 NdisCap - ok 21:28:57.0943 3160 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 21:28:57.0944 3160 NdisTapi - ok 21:28:57.0951 3160 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 21:28:57.0952 3160 Ndisuio - ok 21:28:57.0966 3160 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 21:28:57.0968 3160 NdisWan - ok 21:28:57.0983 3160 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 21:28:57.0984 3160 NDProxy - ok 21:28:58.0001 3160 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 21:28:58.0003 3160 NetBIOS - ok 21:28:58.0020 3160 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 21:28:58.0023 3160 NetBT - ok 21:28:58.0050 3160 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 21:28:58.0051 3160 nfrd960 - ok 21:28:58.0064 3160 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 21:28:58.0066 3160 Npfs - ok 21:28:58.0100 3160 NPPTNT2 - ok 21:28:58.0119 3160 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 21:28:58.0120 3160 nsiproxy - ok 21:28:58.0154 3160 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys 21:28:58.0179 3160 Ntfs - ok 21:28:58.0190 3160 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 21:28:58.0191 3160 Null - ok 21:28:58.0231 3160 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\DRIVERS\nusb3hub.sys 21:28:58.0232 3160 nusb3hub - ok 21:28:58.0248 3160 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\DRIVERS\nusb3xhc.sys 21:28:58.0250 3160 nusb3xhc - ok 21:28:58.0462 3160 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys 21:28:58.0646 3160 nvlddmkm - ok 21:28:58.0664 3160 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys 21:28:58.0666 3160 nvraid - ok 21:28:58.0675 3160 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys 21:28:58.0677 3160 nvstor - ok 21:28:58.0699 3160 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 21:28:58.0701 3160 nv_agp - ok 21:28:58.0708 3160 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 21:28:58.0709 3160 ohci1394 - ok 21:28:58.0725 3160 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 21:28:58.0726 3160 Parport - ok 21:28:58.0738 3160 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 21:28:58.0739 3160 partmgr - ok 21:28:58.0752 3160 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 21:28:58.0755 3160 pci - ok 21:28:58.0768 3160 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 21:28:58.0769 3160 pciide - ok 21:28:58.0791 3160 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 21:28:58.0793 3160 pcmcia - ok 21:28:58.0836 3160 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 21:28:58.0837 3160 pcw - ok 21:28:58.0858 3160 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 21:28:58.0865 3160 PEAUTH - ok 21:28:58.0962 3160 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 21:28:58.0965 3160 PptpMiniport - ok 21:28:58.0971 3160 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 21:28:58.0972 3160 Processor - ok 21:28:58.0997 3160 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 21:28:58.0998 3160 Psched - ok 21:28:59.0029 3160 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 21:28:59.0054 3160 ql2300 - ok 21:28:59.0063 3160 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 21:28:59.0064 3160 ql40xx - ok 21:28:59.0086 3160 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 21:28:59.0087 3160 QWAVEdrv - ok 21:28:59.0101 3160 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 21:28:59.0102 3160 RasAcd - ok 21:28:59.0137 3160 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 21:28:59.0138 3160 RasAgileVpn - ok 21:28:59.0154 3160 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 21:28:59.0156 3160 Rasl2tp - ok 21:28:59.0172 3160 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 21:28:59.0174 3160 RasPppoe - ok 21:28:59.0185 3160 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 21:28:59.0186 3160 RasSstp - ok 21:28:59.0202 3160 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 21:28:59.0205 3160 rdbss - ok 21:28:59.0220 3160 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 21:28:59.0221 3160 rdpbus - ok 21:28:59.0230 3160 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 21:28:59.0231 3160 RDPCDD - ok 21:28:59.0240 3160 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys 21:28:59.0242 3160 RDPDR - ok 21:28:59.0301 3160 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 21:28:59.0302 3160 RDPENCDD - ok 21:28:59.0317 3160 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 21:28:59.0317 3160 RDPREFMP - ok 21:28:59.0325 3160 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 21:28:59.0328 3160 RDPWD - ok 21:28:59.0341 3160 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 21:28:59.0343 3160 rdyboost - ok 21:28:59.0365 3160 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 21:28:59.0366 3160 rspndr - ok 21:28:59.0407 3160 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys 21:28:59.0410 3160 RTL8167 - ok 21:28:59.0428 3160 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys 21:28:59.0429 3160 s3cap - ok 21:28:59.0437 3160 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 21:28:59.0438 3160 sbp2port - ok 21:28:59.0463 3160 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 21:28:59.0464 3160 scfilter - ok 21:28:59.0481 3160 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 21:28:59.0483 3160 secdrv - ok 21:28:59.0503 3160 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 21:28:59.0504 3160 Serenum - ok 21:28:59.0511 3160 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 21:28:59.0512 3160 Serial - ok 21:28:59.0527 3160 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 21:28:59.0529 3160 sermouse - ok 21:28:59.0548 3160 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 21:28:59.0549 3160 sffdisk - ok 21:28:59.0562 3160 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 21:28:59.0563 3160 sffp_mmc - ok 21:28:59.0571 3160 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys 21:28:59.0572 3160 sffp_sd - ok 21:28:59.0580 3160 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 21:28:59.0581 3160 sfloppy - ok 21:28:59.0591 3160 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 21:28:59.0592 3160 SiSRaid2 - ok 21:28:59.0599 3160 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 21:28:59.0600 3160 SiSRaid4 - ok 21:28:59.0608 3160 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 21:28:59.0609 3160 Smb - ok 21:28:59.0631 3160 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 21:28:59.0632 3160 spldr - ok 21:28:59.0682 3160 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 21:28:59.0686 3160 srv - ok 21:28:59.0733 3160 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 21:28:59.0737 3160 srv2 - ok 21:28:59.0786 3160 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 21:28:59.0788 3160 srvnet - ok 21:28:59.0797 3160 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 21:28:59.0798 3160 stexstor - ok 21:28:59.0816 3160 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys 21:28:59.0817 3160 storflt - ok 21:28:59.0824 3160 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys 21:28:59.0825 3160 storvsc - ok 21:28:59.0836 3160 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 21:28:59.0837 3160 swenum - ok 21:28:59.0913 3160 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys 21:28:59.0946 3160 Tcpip - ok 21:28:59.0988 3160 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys 21:29:00.0002 3160 TCPIP6 - ok 21:29:00.0019 3160 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 21:29:00.0021 3160 tcpipreg - ok 21:29:00.0037 3160 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 21:29:00.0039 3160 TDPIPE - ok 21:29:00.0050 3160 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 21:29:00.0051 3160 TDTCP - ok 21:29:00.0072 3160 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 21:29:00.0074 3160 tdx - ok 21:29:00.0110 3160 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 21:29:00.0112 3160 TermDD - ok 21:29:00.0130 3160 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 21:29:00.0131 3160 tssecsrv - ok 21:29:00.0146 3160 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 21:29:00.0147 3160 tunnel - ok 21:29:00.0154 3160 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 21:29:00.0156 3160 uagp35 - ok 21:29:00.0168 3160 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 21:29:00.0172 3160 udfs - ok 21:29:00.0183 3160 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 21:29:00.0185 3160 uliagpkx - ok 21:29:00.0201 3160 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 21:29:00.0203 3160 umbus - ok 21:29:00.0219 3160 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 21:29:00.0220 3160 UmPass - ok 21:29:00.0238 3160 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys 21:29:00.0240 3160 usbccgp - ok 21:29:00.0247 3160 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 21:29:00.0249 3160 usbcir - ok 21:29:00.0263 3160 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys 21:29:00.0264 3160 usbehci - ok 21:29:00.0276 3160 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys 21:29:00.0279 3160 usbhub - ok 21:29:00.0296 3160 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 21:29:00.0297 3160 usbohci - ok 21:29:00.0324 3160 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 21:29:00.0325 3160 usbprint - ok 21:29:00.0370 3160 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 21:29:00.0371 3160 usbscan - ok 21:29:00.0393 3160 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:29:00.0395 3160 USBSTOR - ok 21:29:00.0402 3160 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 21:29:00.0404 3160 usbuhci - ok 21:29:00.0415 3160 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 21:29:00.0416 3160 vdrvroot - ok 21:29:00.0424 3160 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 21:29:00.0425 3160 vga - ok 21:29:00.0431 3160 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 21:29:00.0432 3160 VgaSave - ok 21:29:00.0447 3160 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 21:29:00.0455 3160 vhdmp - ok 21:29:00.0470 3160 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 21:29:00.0471 3160 viaide - ok 21:29:00.0479 3160 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys 21:29:00.0482 3160 vmbus - ok 21:29:00.0488 3160 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys 21:29:00.0489 3160 VMBusHID - ok 21:29:00.0505 3160 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 21:29:00.0506 3160 volmgr - ok 21:29:00.0522 3160 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 21:29:00.0526 3160 volmgrx - ok 21:29:00.0541 3160 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 21:29:00.0544 3160 volsnap - ok 21:29:00.0563 3160 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 21:29:00.0565 3160 vsmraid - ok 21:29:00.0584 3160 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 21:29:00.0585 3160 vwifibus - ok 21:29:00.0601 3160 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 21:29:00.0602 3160 WacomPen - ok 21:29:00.0618 3160 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 21:29:00.0620 3160 WANARP - ok 21:29:00.0623 3160 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 21:29:00.0623 3160 Wanarpv6 - ok 21:29:00.0645 3160 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 21:29:00.0646 3160 Wd - ok 21:29:00.0669 3160 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 21:29:00.0676 3160 Wdf01000 - ok 21:29:00.0698 3160 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 21:29:00.0699 3160 WfpLwf - ok 21:29:00.0711 3160 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 21:29:00.0712 3160 WIMMount - ok 21:29:00.0781 3160 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys 21:29:00.0783 3160 WinUsb - ok 21:29:00.0821 3160 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys 21:29:00.0822 3160 WmBEnum - ok 21:29:00.0856 3160 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys 21:29:00.0857 3160 WmFilter - ok 21:29:00.0872 3160 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 21:29:00.0873 3160 WmiAcpi - ok 21:29:00.0889 3160 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys 21:29:00.0890 3160 WmVirHid - ok 21:29:00.0903 3160 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys 21:29:00.0904 3160 WmXlCore - ok 21:29:00.0923 3160 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 21:29:00.0932 3160 ws2ifsl - ok 21:29:00.0954 3160 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 21:29:00.0955 3160 WudfPf - ok 21:29:00.0969 3160 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 21:29:00.0971 3160 WUDFRd - ok 21:29:00.0990 3160 zjlxuskj - ok 21:29:01.0002 3160 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 21:29:01.0010 3160 \Device\Harddisk0\DR0 - ok 21:29:01.0018 3160 Boot (0x1200) (860c0c7a50aedfcc59972bfb3aa9a22d) \Device\Harddisk0\DR0\Partition0 21:29:01.0019 3160 \Device\Harddisk0\DR0\Partition0 - ok 21:29:01.0019 3160 ============================================================ 21:29:01.0019 3160 Scan finished 21:29:01.0019 3160 ============================================================ 21:29:01.0026 1236 Detected object count: 0 21:29:01.0026 1236 Actual detected object count: 0 i need to post asap for some reason my browser keeps closing this is recent since i start the combo fix today ill post dds next 1
