Jump to content

Chrome being blocked to a malicious IP?


Recommended Posts

I did run a quick scan with Malwarebytes', and it found nothing.

I use google chrome as my main browser, and the sites I browse are not bad.

However, a random popup occurs.

MysteriousPopup.png

I don't get why this appears, because most sites I use have no off-site advertising.

It comes up at random times, no matter what site I'm using in the browser.

Link to post
Share on other sites

Hello ihaveamac! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Download DDS and save it to your desktop from here or here or here.

Double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Link to post
Share on other sites

DDS (Ver_10-12-12.02) - NTFSx86

Run by ihaveamac at 12:07:41.05 on Tue 01/04/2011

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2814.1602 [GMT -8:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\TeamViewer\Version5\TeamViewer.exe

C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Sandboxie\SbieCtrl.exe

C:\Windows\iexplore.exe

C:\Program Files\TrueCrypt\TrueCrypt.exe

C:\Program Files\TechSmith\Snagit 10\Snagit32.exe

C:\Users\ihaveamac\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Users\ihaveamac\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\Program Files\TechSmith\Snagit 10\TSCHelp.exe

C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\TechSmith\Snagit 10\snagiteditor.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Users\ihaveamac\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=c:\windows\system32\userinit.exe

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\8.0.552.224\npchrome_frame.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [sandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"

uRun: [ProcessExplorer] "c:\windows\iexplore.exe" /t

uRun: [Google Update] "c:\users\ihaveamac\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [TrueCrypt] "c:\program files\truecrypt\TrueCrypt.exe" /q preferences /a logon

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe

StartupFolder: c:\users\ihavea~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\ihaveamac\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 10\Snagit32.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\8.0.552.224\npchrome_frame.dll

IFEO: taskmgr.exe - "c:\windows\IEXPLORE.EXE"

================= FIREFOX ===================

FF - ProfilePath - c:\users\ihavea~1\appdata\roaming\mozilla\firefox\profiles\t7hg2h63.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\users\ihaveamac\appdata\roaming\mozilla\firefox\profiles\t7hg2h63.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll

FF - component: c:\users\ihaveamac\appdata\roaming\mozilla\firefox\profiles\t7hg2h63.default\extensions\glasser@sixxgate.com\components\dwmxpcom.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\users\ihaveamac\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\users\ihaveamac\appdata\roaming\mozilla\firefox\profiles\t7hg2h63.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll

FF - plugin: c:\windows\system32\wat\npWatWeb.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}

FF - Ext: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - %profile%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}

FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Ext: gTranslate: {aff87fa2-a58e-4edd-b852-0a20203c1e17} - %profile%\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}

FF - Ext: Glasser: glasser@sixxgate.com - %profile%\extensions\glasser@sixxgate.com

FF - Ext: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - %profile%\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-2 363344]

R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-11-29 2011944]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2010-11-23 7168]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-2 20952]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048]

R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-7-4 119016]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-16 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-30 1343400]

=============== Created Last 30 ================

2011-01-04 06:38:53 -------- d-----w- c:\program files\VideoLAN

2011-01-04 05:52:55 158736 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2011-01-04 05:52:51 42960 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2011-01-04 05:52:48 -------- d-----w- c:\program files\Oracle

2011-01-02 02:09:38 -------- d-----w- c:\users\ihaveamac\Panther1.0

2011-01-01 04:15:18 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{202e64d8-4dc1-4bee-a25f-77ca071d050e}\mpengine.dll

2010-12-30 01:00:23 19805 ----a-w- c:\windows\system32\drivers\usbio.sys

2010-12-30 00:52:39 -------- d-----w- c:\program files\Datel

2010-12-30 00:39:20 -------- d-----w- c:\program files\MSXML 4.0

2010-12-29 06:44:16 -------- d-----w- c:\users\ihavea~1\appdata\roaming\TrueCrypt

2010-12-29 06:42:45 231248 ----a-w- c:\windows\system32\drivers\truecrypt.sys

2010-12-29 06:40:20 -------- d-----w- c:\program files\TrueCrypt

2010-12-27 04:13:20 -------- d-----w- c:\users\ihaveamac\Project64k

2010-12-27 02:45:30 -------- dc----w- c:\users\ihavea~1\appdata\local\MigWiz

2010-12-26 22:53:54 -------- d-----w- c:\program files\Project64 1.7

2010-12-26 22:17:55 -------- d-----w- c:\users\ihaveamac\N64 Roms

2010-12-26 22:16:47 -------- d-----w- c:\program files\Project64 1.6

2010-12-25 17:46:59 -------- d-----w- c:\users\ihavea~1\appdata\local\Apple Computer

2010-12-25 17:46:04 -------- d-----w- c:\program files\iPod

2010-12-25 17:46:03 -------- d-----w- c:\program files\iTunes

2010-12-25 17:46:03 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-12-25 17:42:22 -------- d-----w- c:\program files\Bonjour

2010-12-22 23:31:36 109328 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2010-12-22 23:31:34 120208 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2010-12-22 23:31:32 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll

2010-12-18 04:55:47 -------- d-----w- c:\program files\CCleaner

2010-12-18 04:23:55 388096 ----a-r- c:\users\ihavea~1\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2010-12-18 04:23:55 -------- d-----w- c:\program files\Trend Micro

2010-12-18 04:01:54 -------- d-----w- c:\program files\Lame For Audacity

2010-12-18 03:58:28 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)

2010-12-17 03:09:17 16384 ----a-w- C:\Project1.exe

2010-12-16 06:25:11 -------- d-----w- C:\winpe_test

2010-12-16 06:20:54 -------- d-----w- c:\program files\Windows Imaging

2010-12-16 06:19:28 -------- d-----w- c:\program files\Windows AIK

2010-12-16 02:13:58 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-12-16 02:13:58 294400 ----a-w- c:\windows\system32\atmfd.dll

2010-12-16 02:13:56 314368 ----a-w- c:\windows\system32\webio.dll

2010-12-16 02:13:55 101760 ----a-w- c:\windows\system32\consent.exe

2010-12-12 01:57:19 -------- d-----w- c:\windows\system32\Anti-Malware

2010-12-12 01:33:01 -------- d-----w- c:\program files\WinImage

==================== Find3M ====================

2010-12-03 02:03:44 3015032 ----a-w- c:\windows\procmon.exe

2010-11-30 01:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-30 01:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-22 07:36:45 4155256 ----a-w- c:\windows\iexplore.exe

2010-11-13 02:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-11 18:04:52 51248 ----a-w- c:\windows\system32\vmnetbridge.dll

2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll

2010-11-04 05:50:20 1246544 ----a-w- c:\windows\system32\LogiLDA.DLL

2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec

2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-11-04 02:20:31 147456 ----a-w- c:\windows\system32\XTab.ocx

2010-11-04 02:20:31 108336 ----a-w- c:\windows\system32\MSWINSCK.ocx

2010-11-04 02:20:30 389120 ----a-w- c:\windows\system32\actskn43.ocx

2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll

2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll

2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll

2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe

2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe

2010-10-30 17:50:53 158520 ----a-w- c:\windows\system32\whois.exe

2010-10-30 16:31:32 0 ----a-w- c:\windows\ativpsrm.bin

2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll

2010-10-20 03:00:24 2327552 ----a-w- c:\windows\system32\win32k.sys

2010-10-19 18:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-10-07 20:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-10-07 20:23:02 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2010-10-07 20:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll

2010-10-07 20:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 12:15:44.92 ===============

Attach.zip

Link to post
Share on other sites

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, change it to Cure and then click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Link to post
Share on other sites

2011/01/05 12:21:57.0754 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46

2011/01/05 12:21:57.0754 ================================================================================

2011/01/05 12:21:57.0754 SystemInfo:

2011/01/05 12:21:57.0754

2011/01/05 12:21:57.0754 OS Version: 6.1.7600 ServicePack: 0.0

2011/01/05 12:21:57.0754 Product type: Workstation

2011/01/05 12:21:57.0754 ComputerName: KIDSPC

2011/01/05 12:21:57.0761 UserName: ihaveamac

2011/01/05 12:21:57.0761 Windows directory: C:\Windows

2011/01/05 12:21:57.0761 System windows directory: C:\Windows

2011/01/05 12:21:57.0761 Processor architecture: Intel x86

2011/01/05 12:21:57.0761 Number of processors: 2

2011/01/05 12:21:57.0761 Page size: 0x1000

2011/01/05 12:21:57.0761 Boot type: Normal boot

2011/01/05 12:21:57.0761 ================================================================================

2011/01/05 12:21:59.0071 Initialize success

2011/01/05 12:22:13.0918 ================================================================================

2011/01/05 12:22:13.0919 Scan started

2011/01/05 12:22:13.0919 Mode: Manual;

2011/01/05 12:22:13.0919 ================================================================================

2011/01/05 12:22:15.0779 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

2011/01/05 12:22:16.0288 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

2011/01/05 12:22:16.0602 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

2011/01/05 12:22:16.0971 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/01/05 12:22:17.0256 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/01/05 12:22:17.0559 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/01/05 12:22:17.0832 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys

2011/01/05 12:22:18.0315 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys

2011/01/05 12:22:18.0607 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

2011/01/05 12:22:19.0171 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/01/05 12:22:19.0690 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

2011/01/05 12:22:19.0982 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

2011/01/05 12:22:20.0190 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

2011/01/05 12:22:20.0547 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/01/05 12:22:20.0801 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/01/05 12:22:21.0036 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys

2011/01/05 12:22:21.0405 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/01/05 12:22:21.0649 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys

2011/01/05 12:22:21.0835 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

2011/01/05 12:22:22.0095 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/01/05 12:22:22.0308 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/01/05 12:22:22.0709 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/01/05 12:22:23.0053 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

2011/01/05 12:22:23.0631 athr (ac4adac154563ab41cc79b0257bc685a) C:\Windows\system32\DRIVERS\athr.sys

2011/01/05 12:22:24.0377 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/01/05 12:22:25.0131 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/01/05 12:22:25.0530 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/01/05 12:22:25.0972 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/01/05 12:22:26.0243 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/01/05 12:22:26.0489 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys

2011/01/05 12:22:26.0734 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/01/05 12:22:26.0932 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/01/05 12:22:27.0265 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/01/05 12:22:27.0658 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/01/05 12:22:27.0933 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/01/05 12:22:28.0244 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/01/05 12:22:28.0420 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/01/05 12:22:28.0698 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/01/05 12:22:29.0560 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

2011/01/05 12:22:30.0224 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/01/05 12:22:30.0375 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/01/05 12:22:30.0602 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/01/05 12:22:30.0772 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

2011/01/05 12:22:31.0034 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/01/05 12:22:31.0288 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/01/05 12:22:31.0499 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

2011/01/05 12:22:31.0723 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/01/05 12:22:32.0025 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

2011/01/05 12:22:32.0256 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys

2011/01/05 12:22:32.0412 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/01/05 12:22:32.0579 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/01/05 12:22:32.0782 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/01/05 12:22:32.0943 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys

2011/01/05 12:22:33.0247 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/01/05 12:22:33.0546 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/01/05 12:22:33.0708 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

2011/01/05 12:22:33.0981 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/01/05 12:22:34.0282 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/01/05 12:22:34.0457 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/01/05 12:22:34.0630 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/01/05 12:22:34.0790 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/01/05 12:22:34.0946 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/01/05 12:22:35.0223 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/01/05 12:22:35.0388 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/01/05 12:22:35.0544 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/01/05 12:22:35.0720 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

2011/01/05 12:22:35.0892 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys

2011/01/05 12:22:36.0063 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/01/05 12:22:36.0259 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/01/05 12:22:36.0459 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/01/05 12:22:36.0630 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

2011/01/05 12:22:36.0805 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/01/05 12:22:36.0949 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/01/05 12:22:37.0112 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/01/05 12:22:37.0334 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/01/05 12:22:37.0528 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

2011/01/05 12:22:37.0840 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

2011/01/05 12:22:38.0137 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

2011/01/05 12:22:38.0357 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

2011/01/05 12:22:38.0570 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/01/05 12:22:38.0932 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys

2011/01/05 12:22:39.0314 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/01/05 12:22:39.0586 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

2011/01/05 12:22:39.0776 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/01/05 12:22:39.0989 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/01/05 12:22:40.0224 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2011/01/05 12:22:40.0431 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/01/05 12:22:40.0650 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/01/05 12:22:40.0876 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

2011/01/05 12:22:41.0120 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/01/05 12:22:41.0477 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/01/05 12:22:41.0654 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/01/05 12:22:41.0912 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

2011/01/05 12:22:42.0091 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

2011/01/05 12:22:42.0590 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/01/05 12:22:42.0913 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/01/05 12:22:43.0193 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/01/05 12:22:43.0678 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/01/05 12:22:43.0983 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/01/05 12:22:44.0229 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/01/05 12:22:44.0524 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\Windows\system32\drivers\mbam.sys

2011/01/05 12:22:44.0806 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/01/05 12:22:45.0093 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/01/05 12:22:45.0311 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/01/05 12:22:45.0577 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/01/05 12:22:45.0814 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2011/01/05 12:22:46.0056 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/01/05 12:22:46.0302 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

2011/01/05 12:22:46.0627 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

2011/01/05 12:22:46.0930 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/01/05 12:22:47.0191 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

2011/01/05 12:22:47.0548 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/01/05 12:22:47.0808 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/01/05 12:22:48.0029 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/01/05 12:22:48.0305 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

2011/01/05 12:22:48.0629 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

2011/01/05 12:22:48.0927 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/01/05 12:22:49.0234 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/01/05 12:22:49.0449 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

2011/01/05 12:22:49.0702 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/01/05 12:22:50.0191 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/01/05 12:22:50.0624 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/01/05 12:22:50.0921 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/01/05 12:22:51.0107 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/01/05 12:22:51.0335 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/01/05 12:22:51.0655 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/01/05 12:22:51.0910 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/01/05 12:22:52.0433 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/01/05 12:22:52.0854 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

2011/01/05 12:22:53.0098 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/01/05 12:22:53.0343 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/01/05 12:22:53.0788 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/01/05 12:22:54.0187 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/01/05 12:22:54.0653 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

2011/01/05 12:22:54.0875 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/01/05 12:22:55.0227 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

2011/01/05 12:22:55.0627 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/01/05 12:22:55.0805 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/01/05 12:22:55.0960 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/01/05 12:22:56.0256 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys

2011/01/05 12:22:56.0485 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/01/05 12:22:56.0757 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys

2011/01/05 12:22:56.0946 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys

2011/01/05 12:22:57.0121 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

2011/01/05 12:22:57.0296 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/01/05 12:22:57.0516 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/01/05 12:22:57.0683 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

2011/01/05 12:22:57.0867 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/01/05 12:22:58.0047 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

2011/01/05 12:22:58.0218 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

2011/01/05 12:22:58.0386 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/01/05 12:22:58.0592 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/01/05 12:22:59.0077 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/01/05 12:22:59.0593 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/01/05 12:22:59.0780 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/01/05 12:23:00.0210 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/01/05 12:23:00.0555 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/01/05 12:23:00.0839 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/01/05 12:23:01.0721 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/01/05 12:23:01.0878 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/01/05 12:23:02.0090 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/01/05 12:23:02.0269 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/01/05 12:23:02.0503 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/01/05 12:23:02.0694 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/01/05 12:23:02.0853 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

2011/01/05 12:23:03.0000 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/01/05 12:23:03.0188 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/01/05 12:23:03.0348 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

2011/01/05 12:23:03.0539 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/01/05 12:23:03.0814 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/01/05 12:23:03.0967 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

2011/01/05 12:23:04.0202 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

2011/01/05 12:23:04.0421 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/01/05 12:23:04.0586 RTL8167 (d5ede44ca85899e0478208c8413c1c31) C:\Windows\system32\DRIVERS\Rt86win7.sys

2011/01/05 12:23:04.0752 SbieDrv (2cdab8553e703c7754be9ce1c4454eb5) C:\Program Files\Sandboxie\SbieDrv.sys

2011/01/05 12:23:04.0935 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

2011/01/05 12:23:05.0143 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

2011/01/05 12:23:05.0380 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/01/05 12:23:05.0542 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/01/05 12:23:05.0681 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/01/05 12:23:05.0831 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/01/05 12:23:06.0002 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

2011/01/05 12:23:06.0151 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2011/01/05 12:23:06.0308 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys

2011/01/05 12:23:06.0452 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/01/05 12:23:06.0611 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

2011/01/05 12:23:06.0779 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/01/05 12:23:07.0013 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/01/05 12:23:07.0358 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/01/05 12:23:07.0746 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/01/05 12:23:08.0040 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys

2011/01/05 12:23:08.0200 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys

2011/01/05 12:23:08.0425 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys

2011/01/05 12:23:08.0631 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/01/05 12:23:08.0819 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

2011/01/05 12:23:09.0018 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys

2011/01/05 12:23:09.0264 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys

2011/01/05 12:23:09.0487 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys

2011/01/05 12:23:09.0666 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

2011/01/05 12:23:09.0829 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

2011/01/05 12:23:09.0984 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

2011/01/05 12:23:10.0145 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

2011/01/05 12:23:10.0347 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

2011/01/05 12:23:10.0586 truecrypt (be45dad1c73a3216edc8c485916f6594) C:\Windows\system32\drivers\truecrypt.sys

2011/01/05 12:23:10.0750 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/01/05 12:23:10.0923 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

2011/01/05 12:23:11.0121 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

2011/01/05 12:23:11.0351 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/01/05 12:23:11.0613 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

2011/01/05 12:23:11.0849 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

2011/01/05 12:23:12.0039 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

2011/01/05 12:23:12.0206 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/01/05 12:23:12.0393 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys

2011/01/05 12:23:12.0574 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/01/05 12:23:12.0839 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

2011/01/05 12:23:12.0997 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys

2011/01/05 12:23:13.0196 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys

2011/01/05 12:23:13.0392 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\Windows\system32\Drivers\usbio.sys

2011/01/05 12:23:13.0707 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

2011/01/05 12:23:13.0903 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/01/05 12:23:14.0093 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/01/05 12:23:14.0314 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/01/05 12:23:14.0551 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys

2011/01/05 12:23:14.0920 VBoxDrv (8b0a5f9bef05f89cd03644eb7af3c408) C:\Windows\system32\DRIVERS\VBoxDrv.sys

2011/01/05 12:23:15.0136 VBoxNetAdp (065f15e84f2cc4ef60594283e9d72617) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys

2011/01/05 12:23:15.0337 VBoxNetFlt (c6643b766eec08785e8a3b3aa52b7a9b) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys

2011/01/05 12:23:15.0517 VBoxUSBMon (e81d2740cd33450a0e11138cd8f0ed63) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys

2011/01/05 12:23:15.0704 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

2011/01/05 12:23:15.0946 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/01/05 12:23:16.0126 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/01/05 12:23:16.0306 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

2011/01/05 12:23:16.0491 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

2011/01/05 12:23:16.0644 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/01/05 12:23:16.0782 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

2011/01/05 12:23:17.0106 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

2011/01/05 12:23:17.0255 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/01/05 12:23:17.0421 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

2011/01/05 12:23:17.0589 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\Windows\system32\DRIVERS\vpchbus.sys

2011/01/05 12:23:17.0752 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\Windows\system32\DRIVERS\vpcnfltr.sys

2011/01/05 12:23:17.0924 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\Windows\system32\DRIVERS\vpcusb.sys

2011/01/05 12:23:18.0190 vpcvmm (5ed378d91e32134f3c0b3810860ffd71) C:\Windows\system32\drivers\vpcvmm.sys

2011/01/05 12:23:18.0421 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/01/05 12:23:18.0721 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/01/05 12:23:18.0966 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/01/05 12:23:19.0264 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/01/05 12:23:19.0505 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/01/05 12:23:19.0548 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/01/05 12:23:19.0857 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/01/05 12:23:20.0128 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/01/05 12:23:20.0444 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/01/05 12:23:20.0662 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys

2011/01/05 12:23:20.0855 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/01/05 12:23:21.0171 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/01/05 12:23:21.0391 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/01/05 12:23:21.0652 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/01/05 12:23:21.0889 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

2011/01/05 12:23:22.0063 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/01/05 12:23:22.0320 ================================================================================

2011/01/05 12:23:22.0320 Scan finished

2011/01/05 12:23:22.0320 ================================================================================

Link to post
Share on other sites

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

AFsAKgBd-Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

ComboFix 11-01-05.01 - ihaveamac 01/05/2011 14:32:20.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2814.1986 [GMT -8:00]

Running from: c:\users\ihaveamac\Desktop\Combo-Fix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\install.exe

.

((((((((((((((((((((((((( Files Created from 2010-12-05 to 2011-01-05 )))))))))))))))))))))))))))))))

.

2011-01-05 22:50 . 2011-01-05 22:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-01-05 22:50 . 2011-01-05 22:50 -------- d-----w- c:\users\David\AppData\Local\temp

2011-01-04 20:11 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A41D1E5E-58A6-4038-BBB6-F89889D0632B}\mpengine.dll

2011-01-04 06:39 . 2011-01-04 06:40 -------- d-----w- c:\users\ihaveamac\AppData\Roaming\vlc

2011-01-04 06:38 . 2011-01-04 06:38 -------- d-----w- c:\program files\VideoLAN

2011-01-04 05:52 . 2010-12-22 23:31 158736 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2011-01-04 05:52 . 2010-12-22 23:31 42960 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2011-01-04 05:52 . 2011-01-04 05:52 -------- d-----w- c:\program files\Oracle

2011-01-02 02:09 . 2011-01-02 02:11 -------- d-----w- c:\users\ihaveamac\Panther1.0

2010-12-30 01:00 . 2001-05-07 10:56 19805 ----a-w- c:\windows\system32\drivers\usbio.sys

2010-12-30 00:52 . 2010-12-30 00:52 -------- d-----w- c:\program files\Datel

2010-12-30 00:39 . 2010-12-30 00:39 -------- d-----w- c:\program files\MSXML 4.0

2010-12-29 06:44 . 2010-12-29 20:29 -------- d-----w- c:\users\ihaveamac\AppData\Roaming\TrueCrypt

2010-12-29 06:42 . 2010-12-29 06:42 231248 ----a-w- c:\windows\system32\drivers\truecrypt.sys

2010-12-29 06:40 . 2010-12-29 06:42 -------- d-----w- c:\program files\TrueCrypt

2010-12-27 04:13 . 2010-12-27 04:20 -------- d-----w- c:\users\ihaveamac\Project64k

2010-12-27 02:45 . 2010-12-27 02:45 -------- dc----w- c:\users\ihaveamac\AppData\Local\MigWiz

2010-12-26 22:53 . 2010-12-27 02:34 -------- d-----w- c:\program files\Project64 1.7

2010-12-26 22:17 . 2010-12-27 02:40 -------- d-----w- c:\users\ihaveamac\N64 Roms

2010-12-26 22:16 . 2010-12-26 22:52 -------- d-----w- c:\program files\Project64 1.6

2010-12-25 17:46 . 2010-12-25 18:01 -------- d-----w- c:\users\ihaveamac\AppData\Roaming\Apple Computer

2010-12-25 17:46 . 2010-12-25 17:46 -------- d-----w- c:\users\ihaveamac\AppData\Local\Apple Computer

2010-12-25 17:46 . 2010-12-25 17:46 -------- d-----w- c:\program files\iPod

2010-12-25 17:46 . 2010-12-25 17:46 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-12-25 17:46 . 2010-12-25 17:46 -------- d-----w- c:\program files\iTunes

2010-12-25 17:43 . 2010-12-25 17:43 -------- d-----w- c:\program files\Apple Software Update

2010-12-25 17:42 . 2010-12-25 17:42 -------- d-----w- c:\program files\Bonjour

2010-12-22 23:31 . 2010-12-22 23:31 109328 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2010-12-22 23:31 . 2010-12-22 23:31 120208 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2010-12-22 23:31 . 2010-12-22 23:31 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll

2010-12-18 04:55 . 2010-12-18 04:55 -------- d-----w- c:\program files\CCleaner

2010-12-18 04:23 . 2010-12-18 04:23 388096 ----a-r- c:\users\ihaveamac\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-12-18 04:23 . 2010-12-18 04:23 -------- d-----w- c:\program files\Trend Micro

2010-12-18 04:01 . 2010-12-18 04:01 -------- d-----w- c:\program files\Lame For Audacity

2010-12-18 03:58 . 2011-01-03 09:52 -------- d-----w- c:\users\ihaveamac\AppData\Roaming\Audacity

2010-12-18 03:58 . 2010-12-18 03:58 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)

2010-12-17 03:09 . 2010-12-17 03:09 16384 ----a-w- C:\Project1.exe

2010-12-16 06:25 . 2010-12-16 06:55 -------- d-----w- C:\winpe_test

2010-12-16 06:20 . 2010-12-16 06:20 -------- d-----w- c:\program files\Windows Imaging

2010-12-16 06:19 . 2010-12-16 06:20 -------- d-----w- c:\program files\Windows AIK

2010-12-16 02:13 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-12-16 02:13 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll

2010-12-16 02:13 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll

2010-12-16 02:13 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe

2010-12-12 01:57 . 2010-12-12 01:57 -------- d-----w- c:\windows\system32\Anti-Malware

2010-12-12 01:33 . 2010-12-12 01:33 -------- d-----w- c:\program files\WinImage

2010-12-11 19:16 . 2010-12-11 19:16 -------- d-----w- c:\users\David\AppData\Roaming\Malwarebytes

2010-12-11 01:10 . 2010-12-11 01:10 -------- d-----w- c:\users\David\AppData\Local\Apple

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-21 02:09 . 2010-12-03 06:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-21 02:08 . 2010-12-03 06:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-03 02:03 . 2010-12-03 02:03 3015032 ----a-w- c:\windows\procmon.exe

2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-22 07:36 . 2010-10-30 21:28 4155256 ----a-w- c:\windows\iexplore.exe

2010-11-13 02:53 . 2010-10-31 03:37 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-11 18:04 . 2010-11-11 18:04 51248 ----a-w- c:\windows\system32\vmnetbridge.dll

2010-11-04 05:50 . 2010-11-04 05:50 1246544 ----a-w- c:\windows\system32\LogiLDA.DLL

2010-11-04 02:20 . 2010-11-04 02:20 147456 ----a-w- c:\windows\system32\XTab.ocx

2010-11-04 02:20 . 2010-11-04 02:20 108336 ----a-w- c:\windows\system32\MSWINSCK.ocx

2010-11-04 02:20 . 2010-11-04 02:20 389120 ----a-w- c:\windows\system32\actskn43.ocx

2010-11-02 01:04 . 2010-11-02 01:02 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll

2010-10-30 17:50 . 2010-10-30 17:50 158520 ----a-w- c:\windows\system32\whois.exe

2010-10-19 18:41 . 2010-10-30 17:29 222080 ------w- c:\windows\system32\MpSigStub.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\ihaveamac\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\ihaveamac\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\ihaveamac\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-07-04 398568]

"ProcessExplorer"="c:\windows\iexplore.exe" [2010-11-22 4155256]

"Google Update"="c:\users\ihaveamac\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-31 136176]

"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2010-12-29 1496528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]

c:\users\ihaveamac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\ihaveamac\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-25 21979992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 136176]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-21 363344]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-30 1343400]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-12-22 158736]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-12-22 42960]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]

S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-21 20952]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-12-22 109328]

S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-12-22 120208]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD25

*NewlyCreated* - VBOXDRV

*NewlyCreated* - VBOXUSBMON

*Deregistered* - klmd25

*Deregistered* - PROCEXP141

.

Contents of the 'Scheduled Tasks' folder

2011-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-17 05:23]

2011-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-17 05:23]

2011-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-317150218-1899957464-60232715-1001Core.job

- c:\users\ihaveamac\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-31 05:23]

2011-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-317150218-1899957464-60232715-1001UA.job

- c:\users\ihaveamac\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-31 05:23]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\users\ihaveamac\AppData\Roaming\Mozilla\Firefox\Profiles\t7hg2h63.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}

FF - Ext: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - %profile%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}

FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Ext: gTranslate: {aff87fa2-a58e-4edd-b852-0a20203c1e17} - %profile%\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}

FF - Ext: Glasser: glasser@sixxgate.com - %profile%\extensions\glasser@sixxgate.com

FF - Ext: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - %profile%\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-01-05 14:56:20

ComboFix-quarantined-files.txt 2011-01-05 22:56

Pre-Run: 141,393,252,352 bytes free

Post-Run: 142,001,897,472 bytes free

- - End Of File - - A6C851AC334E8FA1E2998FACC8BEB8C7

Link to post
Share on other sites

I would like to add that one program (maybe combofix) removed a "Task Manager hijack", that runs another program when i try to run task manager.

I added this reg. key myself, so I can run Process Explorer (on my HD it's C:\Windows\iexplore.exe) and not Task Manager, which adds the ability to replace task manager. I know how Process Explorer works if you're wondering.

Link to post
Share on other sites

Probably ComboFix, because the behaviour of this file or similiar. Sorry about that!

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

Thanks!

  • Download OTL to your desktop. Otherwise, try OTL.com or OTL.scr .
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry[-/b] box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\Moved Files
    • in most cases this will be C:\_OTL\Moved Files

Link to post
Share on other sites

OTL.txt:

OTL logfile created on: 1/7/2011 1:32:04 PM - Run 1

OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\ihaveamac\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 219.73 Gb Total Space | 131.55 Gb Free Space | 59.87% Space Free | Partition Type: NTFS

Drive D: | 9.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 7.46 Gb Total Space | 1.38 Gb Free Space | 18.47% Space Free | Partition Type: FAT32

Drive F: | 931.51 Gb Total Space | 630.37 Gb Free Space | 67.67% Space Free | Partition Type: NTFS

Computer Name: KIDSPC | User Name: ihaveamac | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\ihaveamac\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Program Files\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)

PRC - C:\Program Files\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH)

PRC - C:\Windows\iexplore.exe (Sysinternals - www.sysinternals.com)

PRC - C:\Users\ihaveamac\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)

PRC - C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)

PRC - C:\Program Files\TechSmith\Snagit 10\TscHelp.exe (TechSmith Corporation)

PRC - C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe (TechSmith Corporation)

PRC - C:\Program Files\TechSmith\Snagit 10\SnagitEditor.exe (TechSmith Corporation)

PRC - C:\Program Files\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation)

PRC - C:\Users\ihaveamac\AppData\Roaming\Dropbox\bin\Dropbox.exe ()

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\atieclxx.exe (AMD)

PRC - C:\Windows\System32\atiesrxx.exe (AMD)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe ()

PRC - c:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe (Apache Software Foundation)

PRC - C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe (Apache Software Foundation)

PRC - C:\wamp\wampmanager.exe (Aestan Software)

PRC - C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)

========== Modules (SafeList) ==========

MOD - C:\Users\ihaveamac\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)

MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)

MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)

SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)

SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)

SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)

SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)

SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)

SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)

SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)

SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)

SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)

SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)

SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)

SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)

SRV - (wampmysqld) -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe ()

SRV - (wampapache) -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (Apache Software Foundation)

========== Driver Services (SafeList) ==========

DRV - (VMnetAdapter) -- C:\Windows\System32\DRIVERS\vmnetadapter.sys File not found

DRV - (catchme) -- C:\Users\IHAVEA~1\AppData\Local\Temp\catchme.sys File not found

DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)

DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation)

DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Oracle Corporation)

DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Oracle Corporation)

DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Oracle Corporation)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (tzuk)

DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek )

DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)

DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)

DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)

DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)

DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)

DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)

DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)

DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)

DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)

DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)

DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)

DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)

DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)

DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)

DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)

DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)

DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)

DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)

DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)

DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)

DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)

DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)

DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)

DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)

DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)

DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)

DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)

DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)

DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)

DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)

DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)

DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)

DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)

DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)

DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)

DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)

DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)

DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)

DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)

DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)

DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)

DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)

DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)

DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)

DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)

DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)

DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)

DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)

DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)

DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)

DRV - (AmdPPM) -- C:\Windows\System32\drivers\amdppm.sys (Microsoft Corporation)

DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)

DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)

DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)

DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)

DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)

DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)

DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)

DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)

DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (USBIO) USBIO Driver (usbio.sys) -- C:\Windows\System32\drivers\usbio.sys (Thesycon GmbH, Germany)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 A1 91 92 91 99 CB 01 [binary data]

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.95.20100933

FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.5.1

FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.1

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2

FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8

FF - prefs.js..extensions.enabledItems: glasser@sixxgate.com:3.5.2

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12

FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/17 19:41:59 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/17 19:41:59 | 000,000,000 | ---D | M]

[2010/10/30 10:19:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ihaveamac\AppData\Roaming\Mozilla\Extensions

[2010/10/30 10:19:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ihaveamac\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/12/26 14:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ihaveamac\AppData\Roaming\Mozilla\Firefox\Profiles\t7hg2h63.default\extensions

[2010/11/21 18:24:56 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\ihaveamac\AppData\Roaming\Mozilla\Firefox\Profiles\t7hg2h63.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}

[2010/11/10 17:16:14 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\ihaveamac\AppData\Roaming\Mozilla\Firefox\Profiles\t7hg2h63.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}

[2010/11/25 16:57:31 | 000,000,000 | ---D | M] (WOT) -- C:\Users\ihaveamac\AppData\Roaming\Mozilla\Firefox\Profiles\t7hg2h63.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2010/11/28 15:08:44 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\ihaveamac\AppData\Roaming\Mozilla\Firefox\Profiles\t7hg2h63.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}

[2010/11/17 20:22:55 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\ihaveamac\AppData\Roaming\Mozilla\Firefox\Profiles\t7hg2h63.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}

[2010/10/30 21:24:21 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\ihaveamac\AppData\Roaming\Mozilla\Firefox\Profiles\t7hg2h63.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

[2010/11/08 20:27:38 | 000,000,000 | ---D | M] ("All-Glass Firefox mod, based on Glasser") -- C:\Users\ihaveamac\AppData\Roaming\Mozilla\Firefox\Profiles\t7hg2h63.default\extensions\allglassv2@ambroos.neowin.net

[2010/11/05 14:22:48 | 000,000,000 | ---D | M] (Webroot Blocker) -- C:\Users\ihaveamac\AppData\Roaming\Mozilla\Firefox\Profiles\t7hg2h63.default\extensions\blocker@webroot.com

[2010/11/21 18:25:56 | 000,000,000 | ---D | M] (Glasser) -- C:\Users\ihaveamac\AppData\Roaming\Mozilla\Firefox\Profiles\t7hg2h63.default\extensions\glasser@sixxgate.com

[2010/11/23 21:54:56 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\ihaveamac\AppData\Roaming\Mozilla\Firefox\Profiles\t7hg2h63.default\extensions\ietab@ip.cn

[2010/11/21 18:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ihaveamac\AppData\Roaming\Mozilla\Firefox\Profiles\t7hg2h63.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions

[2010/12/27 11:25:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/10/30 10:18:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/10/30 19:37:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/12/27 11:25:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2010/10/26 22:10:18 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/10/26 22:10:20 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2007/04/10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/10/26 22:10:21 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2007/03/22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

[2010/11/06 11:37:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2010/12/17 19:41:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2010/12/17 19:41:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2010/12/17 19:41:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2010/12/17 19:41:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2010/12/17 19:41:59 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2010/12/17 19:41:59 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2010/12/17 19:41:59 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2010/10/26 20:49:27 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/10/26 20:49:27 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/10/26 20:49:27 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/10/26 20:49:27 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/10/26 20:49:27 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/10/26 20:49:27 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/10/26 20:49:27 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/01/05 14:50:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\8.0.552.224\npchrome_frame.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)

O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKCU..\Run: [Google Update] C:\Users\ihaveamac\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - HKCU..\Run: [ProcessExplorer] C:\Windows\iexplore.exe (Sysinternals - www.sysinternals.com)

O4 - HKCU..\Run: [sandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)

O4 - HKCU..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)

O4 - Startup: C:\Users\ihaveamac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ihaveamac\AppData\Roaming\Dropbox\bin\Dropbox.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Google Search

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://www.google.com/search?q=%w

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.13 68.105.29.13 68.105.28.14 192.168.1.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\8.0.552.224\npchrome_frame.dll (Google Inc.)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2006/07/20 08:36:23 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/07 13:30:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ihaveamac\Desktop\OTL.exe

[2011/01/06 00:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker LE

[2011/01/06 00:59:30 | 000,000,000 | ---D | C] -- C:\Users\ihaveamac\Desktop\MustBeRandomlyNamed

[2011/01/06 00:59:09 | 000,719,574 | ---- | C] (UG North ) -- C:\Users\ihaveamac\Desktop\RkU3.8.388.590.exe

[2011/01/05 20:36:02 | 000,000,000 | ---D | C] -- C:\Users\ihaveamac\AppData\Roaming\ManyCam

[2011/01/05 14:56:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/01/05 14:56:22 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011/01/05 14:30:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/01/05 14:30:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/01/05 14:30:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/01/05 14:30:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/01/05 14:29:10 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/01/05 14:28:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2011/01/05 14:28:43 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

[2011/01/03 22:39:47 | 000,000,000 | ---D | C] -- C:\Users\ihaveamac\AppData\Roaming\vlc

[2011/01/03 22:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2011/01/03 22:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN

[2011/01/03 21:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox

[2011/01/03 21:52:55 | 000,158,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxDrv.sys

[2011/01/03 21:52:51 | 000,042,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxUSBMon.sys

[2011/01/03 21:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle

[2011/01/03 01:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gmail Notifier

[2011/01/03 01:20:25 | 000,000,000 | ---D | C] -- C:\Users\ihaveamac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gmail Notifier

[2011/01/01 18:09:38 | 000,000,000 | ---D | C] -- C:\Users\ihaveamac\Panther1.0

[2010/12/29 17:00:23 | 000,019,805 | ---- | C] (Thesycon GmbH, Germany) -- C:\Windows\System32\drivers\usbio.sys

[2010/12/29 16:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay Code Manager

[2010/12/29 16:52:39 | 000,000,000 | ---D | C] -- C:\Program Files\Datel

[2010/12/29 16:39:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0

[2010/12/29 16:35:00 | 000,000,000 | ---D | C] -- C:\Users\ihaveamac\Documents\Datel

[2010/12/28 23:10:00 | 000,000,000 | ---D | C] -- C:\Users\ihaveamac\Desktop\EPIC

[2010/12/28 22:44:16 | 000,000,000 | ---D | C] -- C:\Users\ihaveamac\AppData\Roaming\TrueCrypt

[2010/12/28 22:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt

[2010/12/28 22:42:45 | 000,231,248 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys

[2010/12/28 22:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt

[2010/12/27 11:25:45 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010/12/27 11:25:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010/12/27 11:25:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010/12/26 20:13:20 | 000,000,000 | ---D | C] -- C:\Users\ihaveamac\Project64k

[2010/12/26 18:45:30 | 000,000,000 | ---D | C] -- C:\Users\ihaveamac\AppData\Local\MigWiz

[2010/12/26 14:53:59 | 000,000,000 | ---D | C] -- C:\Users\ihaveamac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Project64 1.7

[2010/12/26 14:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project64 1.7

[2010/12/26 14:53:54 | 000,000,000 | ---D | C] -- C:\Program Files\Project64 1.7

[2010/12/26 14:17:55 | 000,000,000 | ---D | C] -- C:\Users\ihaveamac\N64 Roms

[2010/12/26 14:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\Project64 1.6

[2010/12/25 09:46:59 | 000,000,000 | ---D | C] -- C:\Users\ihaveamac\AppData\Roaming\Apple Computer

[2010/12/25 09:46:59 | 000,000,000 | ---D | C] -- C:\Users\ihaveamac\AppData\Local\Apple Computer

[2010/12/25 09:46:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2010/12/25 09:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/12/25 09:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/12/25 09:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/12/25 09:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2010/12/25 09:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010/12/22 15:31:36 | 000,109,328 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxNetAdp.sys

[2010/12/22 15:31:34 | 000,120,208 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxNetFlt.sys

[2010/12/22 15:31:32 | 000,133,648 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\VBoxNetFltNotify.dll

[2010/12/17 20:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2010/12/17 20:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2010/12/17 20:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/12/17 20:23:55 | 000,000,000 | ---D | C] -- C:\Users\ihaveamac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2010/12/17 20:01:54 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity

[2010/12/17 19:58:59 | 000,000,000 | ---D | C] -- C:\Users\ihaveamac\AppData\Roaming\Audacity

[2010/12/17 19:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)

[2010/12/17 19:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2010/12/17 19:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2010/12/16 19:09:17 | 000,016,384 | ---- | C] (BKHN) -- C:\Project1.exe

[2010/12/16 09:47:52 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\ihaveamac\Desktop\TDSSKiller.exe

[2010/12/15 22:56:17 | 000,000,000 | ---D | C] -- C:\Users\ihaveamac\Documents\VM Files

[2010/12/15 22:25:11 | 000,000,000 | ---D | C] -- C:\winpe_test

[2010/12/15 22:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows AIK

[2010/12/15 22:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Imaging

[2010/12/15 22:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows AIK

[2010/12/15 18:14:28 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll

[2010/12/15 18:14:28 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll

[2010/12/15 18:14:27 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll

[2010/12/15 18:14:27 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe

[2010/12/15 18:14:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010/12/15 18:14:20 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010/12/15 18:14:16 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2010/12/15 18:14:12 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2010/12/15 18:14:12 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010/12/15 18:14:12 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010/12/15 18:14:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010/12/15 18:14:12 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2010/12/15 18:14:12 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2010/12/15 18:14:11 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2010/12/15 18:14:11 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2010/12/15 18:14:11 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010/12/15 18:14:11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2010/12/15 18:13:58 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2010/12/15 18:13:58 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2010/12/15 18:13:56 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll

[2010/12/15 18:13:55 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe

[2010/12/11 17:57:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\Anti-Malware

[2010/12/11 17:33:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinImage

[2010/12/11 17:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\WinImage

[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/07 13:30:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ihaveamac\Desktop\OTL.exe

[2011/01/07 13:28:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-317150218-1899957464-60232715-1001UA.job

[2011/01/07 13:26:48 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/01/07 13:26:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/01/06 22:28:01 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-317150218-1899957464-60232715-1001Core.job

[2011/01/06 20:00:02 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/01/06 11:25:35 | 000,018,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/01/06 11:25:35 | 000,018,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/01/06 11:16:10 | 2212,884,480 | -HS- | M] () -- C:\hiberfil.sys

[2011/01/06 02:05:29 | 000,006,846 | ---- | M] () -- C:\Windows\Sandboxie.ini

[2011/01/05 21:54:05 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk

[2011/01/05 14:50:56 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011/01/05 12:21:26 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\ihaveamac\Desktop\TDSSKiller.exe

[2011/01/04 12:18:41 | 000,002,511 | ---- | M] () -- C:\Users\ihaveamac\Desktop\Attach.zip

[2011/01/03 22:39:25 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2011/01/03 21:52:56 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk

[2011/01/03 13:47:44 | 000,000,385 | ---- | M] () -- C:\scratchthumbs.db

[2011/01/03 13:40:33 | 000,000,000 | ---- | M] () -- C:\scrsave.SAV

[2011/01/03 00:44:36 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/01/02 23:18:38 | 000,000,851 | ---- | M] () -- C:\Users\ihaveamac\Desktop\Panther.lnk

[2010/12/30 19:09:08 | 000,747,422 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2010/12/30 19:09:08 | 000,747,266 | ---- | M] () -- C:\Windows\System32\perfh00A.dat

[2010/12/30 19:09:08 | 000,745,136 | ---- | M] () -- C:\Windows\System32\perfh013.dat

[2010/12/30 19:09:08 | 000,741,960 | ---- | M] () -- C:\Windows\System32\perfh015.dat

[2010/12/30 19:09:08 | 000,741,958 | ---- | M] () -- C:\Windows\System32\perfh010.dat

[2010/12/30 19:09:08 | 000,730,958 | ---- | M] () -- C:\Windows\System32\prfh0816.dat

[2010/12/30 19:09:08 | 000,726,490 | ---- | M] () -- C:\Windows\System32\perfh019.dat

[2010/12/30 19:09:08 | 000,715,746 | ---- | M] () -- C:\Windows\System32\prfh0416.dat

[2010/12/30 19:09:08 | 000,698,706 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2010/12/30 19:09:08 | 000,685,444 | ---- | M] () -- C:\Windows\System32\perfh00E.dat

[2010/12/30 19:09:08 | 000,670,462 | ---- | M] () -- C:\Windows\System32\perfh005.dat

[2010/12/30 19:09:08 | 000,665,706 | ---- | M] () -- C:\Windows\System32\perfh01D.dat

[2010/12/30 19:09:08 | 000,664,314 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/12/30 19:09:08 | 000,658,720 | ---- | M] () -- C:\Windows\System32\perfh01F.dat

[2010/12/30 19:09:08 | 000,608,642 | ---- | M] () -- C:\Windows\System32\perfh008.dat

[2010/12/30 19:09:08 | 000,511,264 | ---- | M] () -- C:\Windows\System32\perfh006.dat

[2010/12/30 19:09:08 | 000,496,540 | ---- | M] () -- C:\Windows\System32\perfh014.dat

[2010/12/30 19:09:08 | 000,483,404 | ---- | M] () -- C:\Windows\System32\perfh00B.dat

[2010/12/30 19:09:08 | 000,481,184 | ---- | M] () -- C:\Windows\System32\perfh001.dat

[2010/12/30 19:09:08 | 000,431,342 | ---- | M] () -- C:\Windows\System32\perfh012.dat

[2010/12/30 19:09:08 | 000,419,748 | ---- | M] () -- C:\Windows\System32\perfh011.dat

[2010/12/30 19:09:08 | 000,404,174 | ---- | M] () -- C:\Windows\System32\prfh0404.dat

[2010/12/30 19:09:08 | 000,394,750 | ---- | M] () -- C:\Windows\System32\perfh00D.dat

[2010/12/30 19:09:08 | 000,387,072 | ---- | M] () -- C:\Windows\System32\prfh0804.dat

[2010/12/30 19:09:08 | 000,170,930 | ---- | M] () -- C:\Windows\System32\perfc00E.dat

[2010/12/30 19:09:08 | 000,158,270 | ---- | M] () -- C:\Windows\System32\perfc00A.dat

[2010/12/30 19:09:08 | 000,155,546 | ---- | M] () -- C:\Windows\System32\perfc015.dat

[2010/12/30 19:09:08 | 000,152,862 | ---- | M] () -- C:\Windows\System32\perfc013.dat

[2010/12/30 19:09:08 | 000,152,834 | ---- | M] () -- C:\Windows\System32\prfc0816.dat

[2010/12/30 19:09:08 | 000,150,426 | ---- | M] () -- C:\Windows\System32\perfc019.dat

[2010/12/30 19:09:08 | 000,149,238 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2010/12/30 19:09:08 | 000,148,728 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2010/12/30 19:09:08 | 000,147,426 | ---- | M] () -- C:\Windows\System32\prfc0416.dat

[2010/12/30 19:09:08 | 000,146,734 | ---- | M] () -- C:\Windows\System32\perfc010.dat

[2010/12/30 19:09:08 | 000,142,420 | ---- | M] () -- C:\Windows\System32\perfc01D.dat

[2010/12/30 19:09:08 | 000,141,042 | ---- | M] () -- C:\Windows\System32\perfc005.dat

[2010/12/30 19:09:08 | 000,139,824 | ---- | M] () -- C:\Windows\System32\perfc01F.dat

[2010/12/30 19:09:08 | 000,122,140 | ---- | M] () -- C:\Windows\System32\perfc011.dat

[2010/12/30 19:09:08 | 000,122,140 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/12/30 19:09:08 | 000,120,428 | ---- | M] () -- C:\Windows\System32\perfc012.dat

[2010/12/30 19:09:08 | 000,120,000 | ---- | M] () -- C:\Windows\System32\prfc0804.dat

[2010/12/30 19:09:08 | 000,115,086 | ---- | M] () -- C:\Windows\System32\prfc0404.dat

[2010/12/30 19:09:08 | 000,110,938 | ---- | M] () -- C:\Windows\System32\perfc008.dat

[2010/12/30 19:09:08 | 000,101,078 | ---- | M] () -- C:\Windows\System32\perfc00B.dat

[2010/12/30 19:09:08 | 000,098,418 | ---- | M] () -- C:\Windows\System32\perfc006.dat

[2010/12/30 19:09:08 | 000,095,228 | ---- | M] () -- C:\Windows\System32\perfc014.dat

[2010/12/30 19:09:08 | 000,094,736 | ---- | M] () -- C:\Windows\System32\perfc001.dat

[2010/12/30 19:09:08 | 000,084,846 | ---- | M] () -- C:\Windows\System32\perfc00D.dat

[2010/12/29 20:24:50 | 396,684,874 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/12/29 16:52:40 | 000,001,179 | ---- | M] () -- C:\Users\ihaveamac\Desktop\Action Replay Code Manager.lnk

[2010/12/28 22:54:56 | 1073,741,824 | ---- | M] () -- C:\Users\ihaveamac\Documents\My Personal Stuff

[2010/12/28 22:42:52 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk

[2010/12/28 22:42:45 | 000,231,248 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys

[2010/12/26 20:20:49 | 000,000,402 | ---- | M] () -- C:\Windows\kaillera.ini

[2010/12/26 20:06:54 | 000,007,168 | ---- | M] () -- C:\Users\ihaveamac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/12/26 14:53:59 | 000,001,219 | ---- | M] () -- C:\Users\ihaveamac\Desktop\Project64 1.7.lnk

[2010/12/25 09:46:39 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/12/22 15:31:36 | 000,109,328 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxNetAdp.sys

[2010/12/22 15:31:34 | 000,158,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxDrv.sys

[2010/12/22 15:31:34 | 000,120,208 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxNetFlt.sys

[2010/12/22 15:31:34 | 000,042,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxUSBMon.sys

[2010/12/22 15:31:32 | 000,133,648 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\VBoxNetFltNotify.dll

[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/12/17 20:55:49 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2010/12/17 20:23:55 | 000,002,983 | ---- | M] () -- C:\Users\ihaveamac\Desktop\HiJackThis.lnk

[2010/12/17 19:58:35 | 000,001,019 | ---- | M] () -- C:\Users\ihaveamac\Desktop\Audacity 1.3 Beta (Unicode).lnk

[2010/12/17 19:41:49 | 000,001,826 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010/12/16 19:09:18 | 000,016,384 | ---- | M] (BKHN) -- C:\Project1.exe

[2010/12/16 18:27:10 | 000,415,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/12/15 22:53:45 | 261,259,709 | ---- | M] () -- C:\boot.wim

[2010/12/15 18:21:23 | 000,000,305 | ---- | M] () -- C:\Users\ihaveamac\Desktop\Restart WinImage trial.VBS

[2010/12/15 17:36:02 | 000,002,423 | ---- | M] () -- C:\Users\ihaveamac\Desktop\Google Chrome.lnk

[2010/12/11 17:33:02 | 000,000,970 | ---- | M] () -- C:\Users\Public\Desktop\WinImage (administrator).lnk

[2010/12/11 17:33:02 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\WinImage.lnk

[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/05 21:54:05 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk

[2011/01/05 14:30:24 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2011/01/05 14:30:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/01/05 14:30:24 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe

[2011/01/05 14:30:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/01/05 14:30:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/01/04 12:18:41 | 000,002,511 | ---- | C] () -- C:\Users\ihaveamac\Desktop\Attach.zip

[2011/01/03 22:39:25 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2011/01/03 21:52:56 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk

[2011/01/03 13:47:44 | 000,000,385 | ---- | C] () -- C:\scratchthumbs.db

[2011/01/01 18:11:36 | 000,000,851 | ---- | C] () -- C:\Users\ihaveamac\Desktop\Panther.lnk

[2010/12/29 16:52:40 | 000,001,179 | ---- | C] () -- C:\Users\ihaveamac\Desktop\Action Replay Code Manager.lnk

[2010/12/28 22:54:33 | 1073,741,824 | ---- | C] () -- C:\Users\ihaveamac\Documents\My Personal Stuff

[2010/12/28 22:42:52 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk

[2010/12/26 20:14:15 | 000,000,402 | ---- | C] () -- C:\Windows\kaillera.ini

[2010/12/26 14:55:48 | 396,684,874 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2010/12/26 14:53:59 | 000,001,219 | ---- | C] () -- C:\Users\ihaveamac\Desktop\Project64 1.7.lnk

[2010/12/25 09:46:39 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/12/17 20:55:49 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2010/12/17 20:23:55 | 000,002,983 | ---- | C] () -- C:\Users\ihaveamac\Desktop\HiJackThis.lnk

[2010/12/17 19:58:35 | 000,001,019 | ---- | C] () -- C:\Users\ihaveamac\Desktop\Audacity 1.3 Beta (Unicode).lnk

[2010/12/17 19:41:49 | 000,001,826 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010/12/15 22:46:39 | 261,259,709 | ---- | C] () -- C:\boot.wim

[2010/12/11 17:36:29 | 000,000,305 | ---- | C] () -- C:\Users\ihaveamac\Desktop\Restart WinImage trial.VBS

[2010/12/11 17:33:02 | 000,000,970 | ---- | C] () -- C:\Users\Public\Desktop\WinImage (administrator).lnk

[2010/12/11 17:33:02 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\WinImage.lnk

[2010/10/31 08:32:00 | 000,007,168 | ---- | C] () -- C:\Users\ihaveamac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/30 14:28:44 | 000,006,846 | ---- | C] () -- C:\Windows\Sandboxie.ini

[2010/10/30 13:32:12 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2009/12/03 08:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/11/08 10:48:45 | 000,000,000 | ---D | M] -- C:\Users\ihaveamac\AppData\Roaming\.minecraft

[2011/01/03 01:52:04 | 000,000,000 | ---D | M] -- C:\Users\ihaveamac\AppData\Roaming\Audacity

[2011/01/06 11:36:41 | 000,000,000 | ---D | M] -- C:\Users\ihaveamac\AppData\Roaming\Dropbox

[2010/10/30 22:08:02 | 000,000,000 | ---D | M] -- C:\Users\ihaveamac\AppData\Roaming\dutstkrr

[2011/01/05 20:56:53 | 000,000,000 | ---D | M] -- C:\Users\ihaveamac\AppData\Roaming\ManyCam

[2010/11/15 15:34:46 | 000,000,000 | ---D | M] -- C:\Users\ihaveamac\AppData\Roaming\Notepad++

[2010/11/01 18:52:22 | 000,000,000 | ---D | M] -- C:\Users\ihaveamac\AppData\Roaming\PeaZip

[2010/12/02 16:48:13 | 000,000,000 | ---D | M] -- C:\Users\ihaveamac\AppData\Roaming\TeamViewer

[2010/11/19 17:20:40 | 000,000,000 | ---D | M] -- C:\Users\ihaveamac\AppData\Roaming\Tific

[2010/12/29 12:29:49 | 000,000,000 | ---D | M] -- C:\Users\ihaveamac\AppData\Roaming\TrueCrypt

[2009/07/13 20:53:46 | 000,030,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:DE189863

< End of report >

Extras.txt:

OTL Extras logfile created on: 1/7/2011 1:32:04 PM - Run 1

OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\ihaveamac\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 219.73 Gb Total Space | 131.55 Gb Free Space | 59.87% Space Free | Partition Type: NTFS

Drive D: | 9.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 7.46 Gb Total Space | 1.38 Gb Free Space | 18.47% Space Free | Partition Type: FAT32

Drive F: | 931.51 Gb Total Space | 630.37 Gb Free Space | 67.67% Space Free | Partition Type: NTFS

Computer Name: KIDSPC | User Name: ihaveamac | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PeaZip] -- Reg Error: Value error.

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [runas] -- cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode

"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 23

"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support

"{31E8F586-4EF7-4500-844D-BA8756474FF1}" = Windows Automated Installation Kit

"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{401879D1-AC26-43CD-BDDE-E0D5D5608083}" = TOSHIBA Supervisor Password

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0

"{49471DB8-7F3C-42DB-89C2-AC50FA0C5290}" = Camtasia Studio 7

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects

"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU

"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 3.4

"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10

"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1

"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{D2ED9361-BA49-4BDC-9A1D-0EA9CAA0881D}" = Oracle VM VirtualBox 4.0.0

"{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1" = Rootkit Unhooker LE 3.8 SR 2

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"Action Replay Code Manager_is1" = Action Replay Code Manager

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)

"CCleaner" = CCleaner

"Google Chrome Frame" = Google Chrome Frame

"LAME for Audacity_is1" = LAME v3.98.3 for Audacity

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0

"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU

"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)

"NBRTWizard" = Norton Bootable Recovery Tool Wizard

"Notepad++" = Notepad++

"Project64 1.7" = Project64 1.7

"Sandboxie" = Sandboxie 3.46

"Scratch" = Scratch

"Simple Port Forwarding" = Simple Port Forwarding

"ST4UNST #1" = Windows Prank Kit DEMO

"Steam App 10" = Counter-Strike

"Steam App 4000" = Garry's Mod

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TeamViewer 5" = TeamViewer 5

"TeamViewer 6" = TeamViewer 6

"TrueCrypt" = TrueCrypt

"UBCD4Win_is1" = UBCD4Win 3.60

"Virus Effect Remover - Version 3.2.2.26_20100312_is1" = Virus Effect Remover

Link to post
Share on other sites

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:OTL
[2010/12/30 19:09:08 | 000,747,422 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/12/30 19:09:08 | 000,747,266 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2010/12/30 19:09:08 | 000,745,136 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2010/12/30 19:09:08 | 000,741,960 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2010/12/30 19:09:08 | 000,741,958 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2010/12/30 19:09:08 | 000,730,958 | ---- | M] () -- C:\Windows\System32\prfh0816.dat
[2010/12/30 19:09:08 | 000,726,490 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2010/12/30 19:09:08 | 000,715,746 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2010/12/30 19:09:08 | 000,698,706 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010/12/30 19:09:08 | 000,685,444 | ---- | M] () -- C:\Windows\System32\perfh00E.dat
[2010/12/30 19:09:08 | 000,670,462 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010/12/30 19:09:08 | 000,665,706 | ---- | M] () -- C:\Windows\System32\perfh01D.dat
[2010/12/30 19:09:08 | 000,664,314 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/30 19:09:08 | 000,658,720 | ---- | M] () -- C:\Windows\System32\perfh01F.dat
[2010/12/30 19:09:08 | 000,608,642 | ---- | M] () -- C:\Windows\System32\perfh008.dat
[2010/12/30 19:09:08 | 000,511,264 | ---- | M] () -- C:\Windows\System32\perfh006.dat
[2010/12/30 19:09:08 | 000,496,540 | ---- | M] () -- C:\Windows\System32\perfh014.dat
[2010/12/30 19:09:08 | 000,483,404 | ---- | M] () -- C:\Windows\System32\perfh00B.dat
[2010/12/30 19:09:08 | 000,481,184 | ---- | M] () -- C:\Windows\System32\perfh001.dat
[2010/12/30 19:09:08 | 000,431,342 | ---- | M] () -- C:\Windows\System32\perfh012.dat
[2010/12/30 19:09:08 | 000,419,748 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2010/12/30 19:09:08 | 000,404,174 | ---- | M] () -- C:\Windows\System32\prfh0404.dat
[2010/12/30 19:09:08 | 000,394,750 | ---- | M] () -- C:\Windows\System32\perfh00D.dat
[2010/12/30 19:09:08 | 000,387,072 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2010/12/30 19:09:08 | 000,170,930 | ---- | M] () -- C:\Windows\System32\perfc00E.dat
[2010/12/30 19:09:08 | 000,158,270 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2010/12/30 19:09:08 | 000,155,546 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2010/12/30 19:09:08 | 000,152,862 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2010/12/30 19:09:08 | 000,152,834 | ---- | M] () -- C:\Windows\System32\prfc0816.dat
[2010/12/30 19:09:08 | 000,150,426 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2010/12/30 19:09:08 | 000,149,238 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/12/30 19:09:08 | 000,148,728 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010/12/30 19:09:08 | 000,147,426 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2010/12/30 19:09:08 | 000,146,734 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2010/12/30 19:09:08 | 000,142,420 | ---- | M] () -- C:\Windows\System32\perfc01D.dat
[2010/12/30 19:09:08 | 000,141,042 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010/12/30 19:09:08 | 000,139,824 | ---- | M] () -- C:\Windows\System32\perfc01F.dat
[2010/12/30 19:09:08 | 000,122,140 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2010/12/30 19:09:08 | 000,122,140 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/30 19:09:08 | 000,120,428 | ---- | M] () -- C:\Windows\System32\perfc012.dat
[2010/12/30 19:09:08 | 000,120,000 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2010/12/30 19:09:08 | 000,115,086 | ---- | M] () -- C:\Windows\System32\prfc0404.dat
[2010/12/30 19:09:08 | 000,110,938 | ---- | M] () -- C:\Windows\System32\perfc008.dat
[2010/12/30 19:09:08 | 000,101,078 | ---- | M] () -- C:\Windows\System32\perfc00B.dat
[2010/12/30 19:09:08 | 000,098,418 | ---- | M] () -- C:\Windows\System32\perfc006.dat
[2010/12/30 19:09:08 | 000,095,228 | ---- | M] () -- C:\Windows\System32\perfc014.dat
[2010/12/30 19:09:08 | 000,094,736 | ---- | M] () -- C:\Windows\System32\perfc001.dat
[2010/12/30 19:09:08 | 000,084,846 | ---- | M] () -- C:\Windows\System32\perfc00D.dat
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:DE189863

:files
C:\*.tmp

:Commands
[purity]
[emptytemp]
[emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.

Link to post
Share on other sites

All processes killed

========== OTL ==========

C:\Windows\System32\perfh00C.dat moved successfully.

C:\Windows\System32\perfh00A.dat moved successfully.

C:\Windows\System32\perfh013.dat moved successfully.

C:\Windows\System32\perfh015.dat moved successfully.

C:\Windows\System32\perfh010.dat moved successfully.

C:\Windows\System32\prfh0816.dat moved successfully.

C:\Windows\System32\perfh019.dat moved successfully.

C:\Windows\System32\prfh0416.dat moved successfully.

C:\Windows\System32\perfh007.dat moved successfully.

C:\Windows\System32\perfh00E.dat moved successfully.

C:\Windows\System32\perfh005.dat moved successfully.

C:\Windows\System32\perfh01D.dat moved successfully.

C:\Windows\System32\perfh009.dat moved successfully.

C:\Windows\System32\perfh01F.dat moved successfully.

C:\Windows\System32\perfh008.dat moved successfully.

C:\Windows\System32\perfh006.dat moved successfully.

C:\Windows\System32\perfh014.dat moved successfully.

C:\Windows\System32\perfh00B.dat moved successfully.

C:\Windows\System32\perfh001.dat moved successfully.

C:\Windows\System32\perfh012.dat moved successfully.

C:\Windows\System32\perfh011.dat moved successfully.

C:\Windows\System32\prfh0404.dat moved successfully.

C:\Windows\System32\perfh00D.dat moved successfully.

C:\Windows\System32\prfh0804.dat moved successfully.

C:\Windows\System32\perfc00E.dat moved successfully.

C:\Windows\System32\perfc00A.dat moved successfully.

C:\Windows\System32\perfc015.dat moved successfully.

C:\Windows\System32\perfc013.dat moved successfully.

C:\Windows\System32\prfc0816.dat moved successfully.

C:\Windows\System32\perfc019.dat moved successfully.

C:\Windows\System32\perfc00C.dat moved successfully.

C:\Windows\System32\perfc007.dat moved successfully.

C:\Windows\System32\prfc0416.dat moved successfully.

C:\Windows\System32\perfc010.dat moved successfully.

C:\Windows\System32\perfc01D.dat moved successfully.

C:\Windows\System32\perfc005.dat moved successfully.

C:\Windows\System32\perfc01F.dat moved successfully.

C:\Windows\System32\perfc011.dat moved successfully.

C:\Windows\System32\perfc009.dat moved successfully.

C:\Windows\System32\perfc012.dat moved successfully.

C:\Windows\System32\prfc0804.dat moved successfully.

C:\Windows\System32\prfc0404.dat moved successfully.

C:\Windows\System32\perfc008.dat moved successfully.

C:\Windows\System32\perfc00B.dat moved successfully.

C:\Windows\System32\perfc006.dat moved successfully.

C:\Windows\System32\perfc014.dat moved successfully.

C:\Windows\System32\perfc001.dat moved successfully.

C:\Windows\System32\perfc00D.dat moved successfully.

ADS C:\ProgramData\TEMP:DE189863 deleted successfully.

========== FILES ==========

C:\IExp0.tmp folder moved successfully.

C:\IExp1.tmp folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: David

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 294871 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 3956802 bytes

->Flash cache emptied: 57776 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56502 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: ihaveamac

->Temp folder emptied: 2282910 bytes

->Temporary Internet Files folder emptied: 20958864 bytes

->Java cache emptied: 102780134 bytes

->FireFox cache emptied: 51169364 bytes

->Google Chrome cache emptied: 437191373 bytes

->Flash cache emptied: 27393 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 7578 bytes

RecycleBin emptied: 75608952 bytes

Total Files Cleaned = 662.00 mb

[EMPTYFLASH]

User: All Users

User: David

->Flash cache emptied: 0 bytes

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: ihaveamac

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.1 log created on 01072011_141218

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Now click on Advanced Settings and select the following:

    • Remove found threats
    • Scan archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

Sorry for the late reply, this week has been a busy week for me.

The first time I ran the scanner, the scanner quarantined threats, but my computer kept sleeping and hibernating. When I started my computer started up, the scanner wasn't open, I went to the log but it had no info. I redid the scan with sleeping and hibernating disabled, it found no threats and made a log, the quarantined items were still in there. This is the log after the second scan.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)

# OnlineScanner.ocx=1.0.0.6419

# api_version=3.0.2

# EOSSerial=cc63440c41f6dd40b74e48817d94ea6e

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-01-14 03:57:18

# local_time=2011-01-13 07:57:18 (-0800, Pacific Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=512 16777215 100 0 1402706 1402706 0 0

# compatibility_mode=5893 16776573 100 94 0 46511732 0 0

# compatibility_mode=8192 67108863 100 0 92738 92738 0 0

# scanned=391256

# found=0

# cleaned=0

# scan_time=10498

Link to post
Share on other sites

When looking through the logs, I saw the last time I got an IP block message to that IP was in log "protection-log-2011-01-03.txt" on line 30.

21:06:43	ihaveamac	IP-BLOCK	213.174.153.59 (Type: outgoing, Port: 50289, Process: chrome.exe)

And yes, I looked through every protection log from today going back one day until I saw that IP. I have notepad++ which made it easier.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.