Full Member
I recently noticed the 2012 windows security virus on my computer, followed instructions online and removed it with malwarebytes.
Afterwards, I noticed that from time to time when I open an internet page, or refresh a page, another window opens with several tabs of each of the words that I've recently google searched for. For instance, if I searched for "how to find". Then after browsing the internet for awhile a new window would suddenly open with 3 tabs of the 1st page of results for "how" "to" and "find".
Also, seemingly randomly, Advertisements show up in new windows. Its ranged from random websites to "You've won! Click here!" pages.
I followed the instructions on how to post, here are the logs:
(1st Log from removing virus)
Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Database version: 8348
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
12/10/2011 12:24:26 PM
mbam-log-2011-12-10 (12-24-26).txt
Scan type: Full scan (C:\|X:\|)
Objects scanned: 374910
Time elapsed: 32 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\rob's computer\AppData\Local\htn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\rob's computer\AppData\Local\yam.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\rob's computer\AppData\Local\Temp\xxytgxialf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\rob's computer\AppData\Local\Temp\heh.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\rob's computer\documents\0mkg4.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\Sony\vegas pro 10.0\keygen di v1.9.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\program files\Sony\vegas pro 10.0\keygen di v1.9\keygen di v1.9.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
(2nd log after virus was removed)
Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Database version: 8356
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
12/12/2011 8:07:35 AM
mbam-log-2011-12-12 (08-07-35).txt
Scan type: Full scan (C:\|X:\|)
Objects scanned: 385616
Time elapsed: 41 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
(GMER)
GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-12-14 06:01:47
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Intel___ rev.1.0.
Running: cji98hz4.exe; Driver: C:\Users\ROB'SC~1\AppData\Local\Temp\ufkiipog.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x943D5BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x943D59D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x943D5B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E84599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EA8F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntkrnlpa.exe!ZwLoadDriver 82FE2279 7 Bytes JMP 943D5B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83049FA7 5 Bytes JMP 943D15D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 83063CA7 5 Bytes JMP 943D3012 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 83071D23 7 Bytes JMP 943D59D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 8311BEAA 7 Bytes JMP 943D5BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1512] kernel32.dll!SetUnhandledExceptionFilter 754C3162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtClose 77054930 5 Bytes JMP 01DF6E80 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtMapViewOfSection 77055090 5 Bytes JMP 01DF8E40 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] ntdll.dll!NtQueryDirectoryFile 77055400 5 Bytes JMP 01DF5640 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!CopyFileW 754A8C8F 5 Bytes JMP 01DF9CC0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!MoveFileW 754AA173 5 Bytes JMP 01DFA150 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!FlushFileBuffers 754AC112 5 Bytes JMP 01DF7520 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!SetFileTime 754B086B 5 Bytes JMP 01DF7DE0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!_hread 754B2963 5 Bytes JMP 01DF8300 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!_llseek 754B2991 5 Bytes JMP 01DF8440 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!SetFilePointerEx 754B2A2A 5 Bytes JMP 01DF76F0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!CreateFileMappingW 754B3A51 5 Bytes JMP 01DF8A60 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!GetFileTime 754B44AF 5 Bytes JMP 01DF7CE0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!SetEndOfFile 754B4502 5 Bytes JMP 01DF79D0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!GetFileSize 754B5D47 5 Bytes JMP 01DF7830 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!GetFileAttributesExW 754B5F4D 5 Bytes JMP 01DF7BF0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!DeleteFileW 754B656B 5 Bytes JMP 01DF81C0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!DeleteFileA 754B8BB6 5 Bytes JMP 01DF8080 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!MoveFileExW 754BBF28 5 Bytes JMP 01DFA3C0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!GetFileSizeEx 754BCA51 5 Bytes JMP 01DF7900 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!FindNextFileW 754BCB2D 5 Bytes JMP 01DF88A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!FindNextFileA 754BD593 5 Bytes JMP 01DF8830 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!ReadFile 754BDAA9 5 Bytes JMP 01DF6FF0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!DuplicateHandle 754C0656 5 Bytes JMP 01DFA750 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!CreateFileW 754C0B7D 5 Bytes JMP 01DF9560 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!FindFirstFileW 754C107A 5 Bytes JMP 01DF85C0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!WriteFile 754C11EC 5 Bytes JMP 01DF7270 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!GetFileAttributesW 754C13EE 5 Bytes JMP 01DF7B70 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!GetFileType 754C1C62 5 Bytes JMP 01DF7EE0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!CreateFileA 754C291C 5 Bytes JMP 01DF9040 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!GetFileAttributesA 754C2A3F 5 Bytes JMP 01DF7AF0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!OpenFileMappingW 754C2A7F 5 Bytes JMP 01DF8D20 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!SetFilePointer 754C351F 5 Bytes JMP 01DF75A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!FindClose 754C353A 5 Bytes JMP 01DF87C0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!FindFirstFileExW 754C35A7 5 Bytes JMP 01DF86B0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!FindFirstFileA 754CF346 5 Bytes JMP 01DF84D0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!ReplaceFile 754D3660 5 Bytes JMP 01DFA650 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!CopyFileA 754D7D1C 5 Bytes JMP 01DF9AA0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!UnlockFile 754D87F2 5 Bytes JMP 01DF7FF0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!LockFile 754D880A 5 Bytes JMP 01DF7F60 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!GetShortPathNameA 754D96FF 5 Bytes JMP 01DF8910 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!MoveFileA 754FAD89 5 Bytes JMP 01DF9EE0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] kernel32.dll!_hwrite 754FC3F4 5 Bytes JMP 01DF83A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] USER32.dll!GetDCEx 75644516 5 Bytes JMP 01DF5BD0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] USER32.dll!GetWindowDC 756468EA 5 Bytes JMP 01DF5C50 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] USER32.dll!GetDC 75647041 5 Bytes JMP 01DF5B60 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] USER32.dll!ReleaseDC 75647055 5 Bytes JMP 01DF61B0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] USER32.dll!PrintWindow 75694DD3 5 Bytes JMP 01DF6340 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] GDI32.dll!DeleteDC 75CA6A2C 5 Bytes JMP 01DF6240 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] GDI32.dll!BitBlt 75CA7180 5 Bytes JMP 01DF5CC0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] GDI32.dll!CreateDCA 75CA9975 5 Bytes JMP 01DF57A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] GDI32.dll!CreateDCW 75CABD21 5 Bytes JMP 01DF5980 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] GDI32.dll!GetPixel 75CAC714 5 Bytes JMP 01DF5E70 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] GDI32.dll!StretchBlt 75CAF418 5 Bytes JMP 01DF6070 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] GDI32.dll!GetMetaFileW 75CB0FD8 5 Bytes JMP 01DF6840 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] GDI32.dll!GetEnhMetaFileW 75CB10B9 5 Bytes JMP 01DF6950 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] GDI32.dll!CopyMetaFileW 75CB4402 5 Bytes JMP 01DF6A60 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] GDI32.dll!GetMetaFileA 75CD3DA9 5 Bytes JMP 01DF6410 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] GDI32.dll!CopyMetaFileA 75CD489A 5 Bytes JMP 01DF6630 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] GDI32.dll!StartDocW 75CD5BB6 5 Bytes JMP 01DFD190 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] GDI32.dll!StartDocA 75CD60E1 5 Bytes JMP 01DFC1E0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] GDI32.dll!CopyEnhMetaFileW 75CDD611 5 Bytes JMP 01DF6C70 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] GDI32.dll!GetEnhMetaFileA 75CDD718 5 Bytes JMP 01DF6520 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Windows\System32\spoolsv.exe[1964] ole32.dll!DoDragDrop 7593A1CA 5 Bytes JMP 01DF8F40 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] ntdll.dll!NtClose 77054930 5 Bytes JMP 01756E80 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] ntdll.dll!NtMapViewOfSection 77055090 5 Bytes JMP 01758E40 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] ntdll.dll!NtQueryDirectoryFile 77055400 5 Bytes JMP 01755640 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!CopyFileW 754A8C8F 5 Bytes JMP 01759CC0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!MoveFileW 754AA173 5 Bytes JMP 0175A150 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!FlushFileBuffers 754AC112 5 Bytes JMP 01757520 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!SetFileTime 754B086B 5 Bytes JMP 01757DE0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!_hread 754B2963 5 Bytes JMP 01758300 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!_llseek 754B2991 5 Bytes JMP 01758440 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!SetFilePointerEx 754B2A2A 5 Bytes JMP 017576F0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!CreateFileMappingW 754B3A51 5 Bytes JMP 01758A60 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!GetFileTime 754B44AF 5 Bytes JMP 01757CE0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!SetEndOfFile 754B4502 5 Bytes JMP 017579D0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!GetFileSize 754B5D47 5 Bytes JMP 01757830 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!GetFileAttributesExW 754B5F4D 5 Bytes JMP 01757BF0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!DeleteFileW 754B656B 5 Bytes JMP 017581C0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!DeleteFileA 754B8BB6 5 Bytes JMP 01758080 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!MoveFileExW 754BBF28 5 Bytes JMP 0175A3C0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!GetFileSizeEx 754BCA51 5 Bytes JMP 01757900 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!FindNextFileW 754BCB2D 5 Bytes JMP 017588A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!FindNextFileA 754BD593 5 Bytes JMP 01758830 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!ReadFile 754BDAA9 5 Bytes JMP 01756FF0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!DuplicateHandle 754C0656 5 Bytes JMP 0175A750 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!CreateFileW 754C0B7D 5 Bytes JMP 01759560 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!FindFirstFileW 754C107A 5 Bytes JMP 017585C0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!WriteFile 754C11EC 5 Bytes JMP 01757270 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!GetFileAttributesW 754C13EE 5 Bytes JMP 01757B70 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!GetFileType 754C1C62 5 Bytes JMP 01757EE0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!CreateFileA 754C291C 5 Bytes JMP 01759040 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!GetFileAttributesA 754C2A3F 5 Bytes JMP 01757AF0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!OpenFileMappingW 754C2A7F 5 Bytes JMP 01758D20 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!SetFilePointer 754C351F 5 Bytes JMP 017575A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!FindClose 754C353A 5 Bytes JMP 017587C0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!FindFirstFileExW 754C35A7 5 Bytes JMP 017586B0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!FindFirstFileA 754CF346 5 Bytes JMP 017584D0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!ReplaceFile 754D3660 5 Bytes JMP 0175A650 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!CopyFileA 754D7D1C 5 Bytes JMP 01759AA0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!UnlockFile 754D87F2 5 Bytes JMP 01757FF0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!LockFile 754D880A 5 Bytes JMP 01757F60 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!GetShortPathNameA 754D96FF 5 Bytes JMP 01758910 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!MoveFileA 754FAD89 5 Bytes JMP 01759EE0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] kernel32.dll!_hwrite 754FC3F4 5 Bytes JMP 017583A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] USER32.dll!GetDCEx 75644516 5 Bytes JMP 01755BD0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] USER32.dll!GetWindowDC 756468EA 5 Bytes JMP 01755C50 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] USER32.dll!GetDC 75647041 5 Bytes JMP 01755B60 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] USER32.dll!ReleaseDC 75647055 5 Bytes JMP 017561B0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] USER32.dll!PrintWindow 75694DD3 5 Bytes JMP 01756340 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] GDI32.dll!DeleteDC 75CA6A2C 5 Bytes JMP 01756240 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] GDI32.dll!BitBlt 75CA7180 5 Bytes JMP 01755CC0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] GDI32.dll!CreateDCA 75CA9975 5 Bytes JMP 017557A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] GDI32.dll!CreateDCW 75CABD21 5 Bytes JMP 01755980 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] GDI32.dll!GetPixel 75CAC714 5 Bytes JMP 01755E70 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] GDI32.dll!StretchBlt 75CAF418 5 Bytes JMP 01756070 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] GDI32.dll!GetMetaFileW 75CB0FD8 5 Bytes JMP 01756840 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] GDI32.dll!GetEnhMetaFileW 75CB10B9 5 Bytes JMP 01756950 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] GDI32.dll!CopyMetaFileW 75CB4402 5 Bytes JMP 01756A60 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] GDI32.dll!GetMetaFileA 75CD3DA9 5 Bytes JMP 01756410 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] GDI32.dll!CopyMetaFileA 75CD489A 5 Bytes JMP 01756630 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] GDI32.dll!StartDocW 75CD5BB6 5 Bytes JMP 0175D190 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] GDI32.dll!StartDocA 75CD60E1 5 Bytes JMP 0175C1E0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] GDI32.dll!CopyEnhMetaFileW 75CDD611 5 Bytes JMP 01756C70 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] GDI32.dll!GetEnhMetaFileA 75CDD718 5 Bytes JMP 01756520 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3184] ole32.dll!DoDragDrop 7593A1CA 5 Bytes JMP 01758F40 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\System32\XSrvSetup.exe[2128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [750B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\XSrvSetup.exe[2128] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [750B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\XSrvSetup.exe[2128] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [750B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\XSrvSetup.exe[2128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [750B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\XSrvSetup.exe[2128] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [750B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [750B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3080] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [750B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [750B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [750B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3400] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [750B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3400] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [750B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3400] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [750B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3400] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [750B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3400] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [750B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Files - GMER 1.0.15 ----
File C:\Windows\$NtUninstallKB41173$\2123095646 0 bytes
File C:\Windows\$NtUninstallKB41173$\2123095646\@ 2048 bytes
File C:\Windows\$NtUninstallKB41173$\2123095646\bckfg.t mp 850 bytes
File C:\Windows\$NtUninstallKB41173$\2123095646\cfg.ini 199 bytes
File C:\Windows\$NtUninstallKB41173$\2123095646\Desktop .ini 4608 bytes
File C:\Windows\$NtUninstallKB41173$\2123095646\keyword s 323 bytes
File C:\Windows\$NtUninstallKB41173$\2123095646\kwrd.dl l 223744 bytes
File C:\Windows\$NtUninstallKB41173$\2123095646\L 0 bytes
File C:\Windows\$NtUninstallKB41173$\2123095646\L\xadqg nnk 83456 bytes
File C:\Windows\$NtUninstallKB41173$\2123095646\lsflt7. ver 5176 bytes
File C:\Windows\$NtUninstallKB41173$\2123095646\U 0 bytes
File C:\Windows\$NtUninstallKB41173$\2123095646\U\00000 001.@ 2048 bytes
File C:\Windows\$NtUninstallKB41173$\2123095646\U\00000 002.@ 224768 bytes
File C:\Windows\$NtUninstallKB41173$\2123095646\U\00000 004.@ 1024 bytes
File C:\Windows\$NtUninstallKB41173$\2123095646\U\80000 000.@ 1024 bytes
File C:\Windows\$NtUninstallKB41173$\2123095646\U\80000 004.@ 12800 bytes
File C:\Windows\$NtUninstallKB41173$\2123095646\U\80000 032.@ 98304 bytes
File C:\Windows\$NtUninstallKB41173$\3553505933 0 bytes
---- EOF - GMER 1.0.15 ----
(AWSMBR)
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-14 06:03:33
-----------------------------
06:03:33.690 OS Version: Windows 6.1.7600
06:03:33.690 Number of processors: 4 586 0x1E05
06:03:33.690 ComputerName: ROBSCOMPUTER-PC UserName: Rob's Computer
06:03:34.392 Initialize success
06:03:34.470 AVAST engine defs: 11121400
06:03:43.252 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
06:03:43.252 Disk 0 Vendor: Intel___ 1.0. Size: 1907750MB BusType: 8
06:03:43.315 Disk 0 MBR read successfully
06:03:43.315 Disk 0 MBR scan
06:03:43.315 Disk 0 Windows 7 default MBR code
06:03:43.315 Disk 0 scanning sectors +3907067904
06:03:43.377 Disk 0 scanning C:\Windows\system32\drivers
06:04:00.116 Service scanning
06:04:00.381 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
06:04:01.052 Modules scanning
06:04:10.506 Disk 0 trace - called modules:
06:04:10.521 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
06:04:10.521 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x884eaa40]
06:04:10.537 3 CLASSPNP.SYS[8d1a559e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8641a028]
06:04:11.021 AVAST engine scan C:\Windows
06:04:14.468 AVAST engine scan C:\Windows\system32
06:05:18.319 AVAST engine scan C:\Windows\system32\drivers
06:05:23.467 AVAST engine scan C:\Users\Rob's Computer
06:44:20.852 AVAST engine scan C:\ProgramData
07:04:58.321 Scan finished successfully
07:07:07.241 Disk 0 MBR has been saved successfully to "C:\Users\Rob's Computer\Desktop\MBR.dat"
07:07:07.256 The log file has been saved successfully to "C:\Users\Rob's Computer\Desktop\aswMBR.txt"
(DSS)
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29
Run by Rob's Computer at 7:07:48 on 2011-12-14
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3579.1918 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\XSrvSetup.exe
C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\GIGABYTE\smart6\dbios\SDBMSG.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Content Manager\CmTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhost.exe
C:\Program Files\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - c:\program files\devicevm\browser configuration utility\AddressBarSearch.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Magellan CmTray] c:\program files\content manager\CmTray.exe
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [BCU] "c:\program files\devicevm\browser configuration utility\BCU.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [sealmon.exe] c:\program files\oracle\information rights management\desktop\sealmon.exe
mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [Cm108Sound] RunDll32 cm108.cpl,CMICtrlWnd
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [DES2] c:\program files\gigabyte\energysaver2\des2.exe state
mRunOnce: [SDBOK] c:\program files\gigabyte\smart6\dbios\run.exe
StartupFolder: c:\users\rob'sc~1\appdata\roaming\micros~1\windows \startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{71EF6B14-A1C6-4205-A390-3AEEBB83AD86} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rob's computer\appdata\roaming\mozilla\firefox\profiles\ 3p6kb0ll.default\
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\users\rob's computer\appdata\roaming\mozilla\firefox\profiles\ 3p6kb0ll.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R1 AppleCharger;AppleCharger;c:\windows\system32\driv ers\AppleCharger.sys [2010-6-23 18472]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-1 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2010-7-1 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2010-7-1 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-2 40384]
R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2010-6-23 219360]
R2 DES2 Service;DES2 Service for Energy Saving.;c:\program files\gigabyte\energysaver2\des2svr.exe [2010-6-23 68136]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-6-23 13336]
R2 JMB36X;JMB36X;c:\windows\system32\XSrvSetup.exe [2010-6-23 65536]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-10 366152]
R2 Smart TimeLock;Smart TimeLock Service;c:\program files\gigabyte\smart6\timelock\TimeMgmtDaemon.exe [2010-6-23 114688]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2011-12-10 22216]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2009-10-26 58240]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2009-10-26 136704]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 233472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-6 136176]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-2 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-2 40384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 FLASHSYS;FLASHSYS;c:\program files\msi\live update 4\lu4\FlashSys.sys [2010-6-24 9216]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-6 136176]
S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2009-12-22 1515520]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-24 1343400]
.
=============== Created Last 30 ================
.
2011-12-10 16:45:35 -------- d-----w- c:\users\rob's computer\appdata\roaming\Malwarebytes
2011-12-10 16:45:30 -------- d-----w- c:\programdata\Malwarebytes
2011-12-10 16:45:27 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-10 16:45:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-21 16:24:47 -------- d-----w- c:\program files\iPod
2011-11-20 04:02:12 -------- d-----w- c:\program files\Fiddler2
.
==================== Find3M ====================
.
2011-12-13 17:28:44 17488 ----a-w- c:\windows\gdrv.sys
2011-12-10 17:27:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 7:08:10.92 ===============
(DSS ATTACH)
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 6/24/2010 7:39:15 AM
System Uptime: 12/13/2011 12:28:14 PM (19 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | P55-USB3
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz | Socket 1156 | 1197/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 391 GiB total, 310.439 GiB free.
D: is CDROM ()
E: is CDROM ()
X: is FIXED (NTFS) - 1472 GiB total, 1151.524 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {997b5d8d-c442-4f2e-baf3-9c8e671e9e21}
Description: Logitech GamePanel Devices (QVGA)
Device ID: ROOT\SIDESHOW\0000
Manufacturer: Logitech Inc
Name: Logitech GamePanel Devices (QVGA)
PNP Device ID: ROOT\SIDESHOW\0000
Service: WUDFRd
.
Class GUID: {997b5d8d-c442-4f2e-baf3-9c8e671e9e21}
Description: Logitech GamePanel Devices (Mono)
Device ID: ROOT\SIDESHOW\0001
Manufacturer: Logitech Inc
Name: Logitech GamePanel Devices (Mono)
PNP Device ID: ROOT\SIDESHOW\0001
Service: WUDFRd
.
Class GUID: {4d36e978-e325-11ce-bfc1-08002be10318}
Description: Communications Port
Device ID: ACPI\PNP0501\1
Manufacturer: (Standard port types)
Name: Communications Port (COM1)
PNP Device ID: ACPI\PNP0501\1
Service: Serial
.
==== System Restore Points ===================
.
RP1155: 12/7/2011 2:00:04 AM - Automatic creation
RP1157: 12/8/2011 2:00:09 AM - Automatic creation
RP1159: 12/9/2011 2:00:01 AM - Automatic creation
RP1164: 12/10/2011 1248 PM - Automatic creation
RP1166: 12/11/2011 2:00:06 AM - Automatic creation
RP1168: 12/12/2011 2:01:10 AM - Automatic creation
RP1172: 12/13/2011 12:58:43 PM - Automatic creation
RP1174: 12/14/2011 2:00:02 AM - Automatic creation
.
==== Installed Programs ======================
.
.
@BIOS
µTorrent
7-Zip 4.65
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 6.0.1
AIM 7
Antares Auto-Tune Evo VST
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bonjour
Borders Desktop
Browser Configuration Utility
CDDRV_Installer
ContentManager
Counter-Strike: Source
DES 2.0
Diablo II
Download Updater (AOL LLC)
erLT
Fiddler2
Fraps (remove only)
Galactic Magnate v1.2
GIF Movie Gear 4.2.3
Gigabyte Raid Cinfigurer
Google Chrome
Google Earth
Google Update Helper
Intel(R) Control Center
Intel(R) Rapid Storage Technology
Interlok driver setup x32
iTunes
Java Auto Updater
Java(TM) 6 Update 29
KhalInstallWrapper
Liveupdate4
Logitech GamePanel Software 3.06.109
Logitech SetPoint
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MobileMe Control Panel
Mozilla Firefox 8.0 (x86 en-US)
MSVCRT Redists
NEC Electronics USB 3.0 Host Controller Driver
Notepad2 (Notepad Replacement)
NVIDIA Display Control Panel
NVIDIA Drivers
ON_OFF Charge B10.0301.1
Oracle IRM Desktop 5.5.19 10gR3 PR5
Paint.NET v3.5.10
PokerStars
PVSonyDll
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
SING & SEE v1.4.9
Skype Click to Call
Skype™ 5.5
Smart 6 B0.0107.1
StarCraft II
Steam(TM)
System Requirements Lab
TopStyle Lite (Version 3.0)
Ultimate Paint 2.88 Freeware Edition
Update Manager B09.1008.1
USB PnP Sound Device
Vegas Pro 10.0
Ventrilo Client
World of Warcraft
XHD2 B09.1111.01
.
==== Event Viewer Messages From Past Week ========
.
12/14/2011 6:02:10 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
12/13/2011 12:28:54 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
12/13/2011 12:28:43 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
12/13/2011 12:28:41 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
12/13/2011 12:28:41 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
12/10/2011 12:27:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
12/10/2011 12:27:13 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
Please help and thank you as always
Senior Member
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running tools or applying updates other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
================================================== ========================
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode (How to...)
2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Rkill.com
Rkill.scr
Rkill.exe
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
If normal mode still doesn't work, run BOTH tools from safe mode.
In case #2, please post BOTH logs, rKill and Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Full Member
I ran combofix, a windows msg popped up saying "freeware implementation of XCACLS has stopped working" so I clicked close application and combofix continued running.
I then ran Rkill and it produced the log below. However, When I right clicked on Rkill, it didn't have the option to run as administrator (other files typically do.. like combofix has the option there. Rkill had a different list for some reason?), so I just ran it by double clicking it.
I'm sorry but I'm a little unsure as to this step:
"Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it."
Is this a step only for if you renamed combofix as "yourname.exe" as mentioned in the case if the program would not run?
So I just ran combofix and rkill, here are the logs for each, please let me know if there was a 3rd file I was suppose to run!
ComboFix 11-12-13.03 - Rob's Computer 12/15/2011 1:58.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3579.2538 [GMT -5:00]
Running from: c:\users\Rob's Computer\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB41173$
c:\windows\$NtUninstallKB41173$\2123095646\@
c:\windows\$NtUninstallKB41173$\2123095646\bckfg.t mp
c:\windows\$NtUninstallKB41173$\2123095646\cfg.ini
c:\windows\$NtUninstallKB41173$\2123095646\Desktop .ini
c:\windows\$NtUninstallKB41173$\2123095646\keyword s
c:\windows\$NtUninstallKB41173$\2123095646\kwrd.dl l
c:\windows\$NtUninstallKB41173$\2123095646\L\xadqg nnk
c:\windows\$NtUninstallKB41173$\2123095646\lsflt7. ver
c:\windows\$NtUninstallKB41173$\2123095646\U\00000 001.@
c:\windows\$NtUninstallKB41173$\2123095646\U\00000 002.@
c:\windows\$NtUninstallKB41173$\2123095646\U\00000 004.@
c:\windows\$NtUninstallKB41173$\2123095646\U\80000 000.@
c:\windows\$NtUninstallKB41173$\2123095646\U\80000 004.@
c:\windows\$NtUninstallKB41173$\2123095646\U\80000 032.@
c:\windows\$NtUninstallKB41173$\3553505933
X:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
.
.
2011-12-14 12:27 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-10 17:35 . 2011-12-10 17:35 -------- d-----w- c:\program files\Common Files\Java
2011-12-10 16:45 . 2011-12-10 16:45 -------- d-----w- c:\users\Rob's Computer\AppData\Roaming\Malwarebytes
2011-12-10 16:45 . 2011-12-10 16:45 -------- d-----w- c:\programdata\Malwarebytes
2011-12-10 16:45 . 2011-12-10 16:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-10 16:45 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-21 16:24 . 2011-11-21 16:24 -------- d-----w- c:\program files\iPod
2011-11-20 04:02 . 2011-11-20 04:02 -------- d-----w- c:\program files\Fiddler2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-12-15 07:18 . 2010-06-24 04:32 17488 ----a-w- c:\windows\gdrv.sys
2011-12-10 17:27 . 2011-05-25 01:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2010-07-02 00:10 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2010-07-02 00:10 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2010-07-02 00:10 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2010-07-02 00:10 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2010-07-02 00:10 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2010-07-02 00:10 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2010-07-02 00:10 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-03 10:06 . 2010-08-15 01:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-11 00:53 . 2011-05-17 21:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\i suspm.exe" [2005-02-17 221184]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-04 1242448]
"Magellan CmTray"="c:\program files\Content Manager\CmTray.exe" [2010-08-24 439296]
"Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-01-19 8452640]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"sealmon.exe"="c:\program files\Oracle\Information Rights Management\Desktop\sealmon.exe" [2010-01-13 370992]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 1809992]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 3649096]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"DES2"="c:\program files\GIGABYTE\EnergySaver2\des2.exe" [2010-03-01 354856]
"SDBOK"="c:\program files\GIGABYTE\smart6\dbios\run.exe" [2009-07-06 207400]
.
c:\users\Rob's Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-6-23 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 136176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys [2007-12-14 9216]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 136176]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2011-08-31 22216]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2010-12-30 1515520]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-24 1343400]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIV ERS\AppleCharger.sys [2010-03-01 18472]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2011-11-28 55128]
S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 JMB36X;JMB36X;c:\windows\System32\XSrvSetup.exe [2009-08-06 65536]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-26 58240]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-26 136704]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-27 233472]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 03:39]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 03:39]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Rob's Computer\AppData\Roaming\Mozilla\Firefox\Profiles\ 3p6kb0ll.default\
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Cm108Sound - cm108.cpl
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\conhost.exe
c:\program files\GIGABYTE\smart6\dbios\SDBMSG.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\windows\system32\taskhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\GIGABYTE\Smart6\Timelock\AlarmClock.exe
c:\windows\system32\sppsvc.exe
.
************************************************** ************************
.
Completion time: 2011-12-15 02:20:08 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-15 07:20
.
Pre-Run: 333,672,292,352 bytes free
Post-Run: 335,356,456,960 bytes free
.
- - End Of File - - E05C05668CFBC939FD5FEC06EE4E352D
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 12/15/2011 at 2:25:28.
Operating System: Windows 7 Ultimate
Processes terminated by Rkill or while it was running:
C:\Windows\system32\sppsvc.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files\GIGABYTE\EnergySaver2\des2.exe
Rkill completed on 12/15/2011 at 2:25:32.
Senior Member
Looks good.
How are the issues?
Download OTL to your Desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Scan All Users checkbox.
- Under the Custom Scan box paste this in:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Full Member
Everything seems to be working fine now! Thanks!
The first time I ran the scan, I accidentally ran it without 'scan all users' checked. So I ran it again with it checked, but it didn't generate an 'extras' file. Here is the OTL.txt from the 2nd scan (it saved itself over the first one), and the results from the 1st scan's extras.txt
OTL logfile created on: 12/16/2011 12:50:14 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Rob's Computer\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.50 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 69.09% Memory free
6.99 Gb Paging File | 5.97 Gb Available in Paging File | 85.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 390.53 Gb Total Space | 313.29 Gb Free Space | 80.22% Space Free | Partition Type: NTFS
Drive X: | 1472.41 Gb Total Space | 1151.52 Gb Free Space | 78.21% Space Free | Partition Type: NTFS
Computer Name: ROBSCOMPUTER-PC | User Name: Rob's Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/12/16 06:44:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rob's Computer\Desktop\OTL.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/12/17 08:34:46 | 001,011,712 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files\GIGABYTE\smart6\timelock\AlarmClock.exe
PRC - [2009/12/01 13:13:08 | 000,035,880 | ---- | M] () -- C:\Program Files\GIGABYTE\smart6\dbios\SDBMSG.exe
PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/13 15:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
PRC - [2009/10/02 12:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/08/06 00:51:20 | 000,065,536 | R--- | M] () -- C:\Windows\System32\XSrvSetup.exe
PRC - [2009/08/04 16:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/17 15:13:06 | 000,068,136 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe
========== Modules (No Company Name) ==========
MOD - [2010/06/23 19:02:59 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\2e2e31c87004468796d3defa1a1df011 \System.Windows.Forms.ni.dll
MOD - [2009/12/01 13:13:08 | 000,035,880 | ---- | M] () -- C:\Program Files\GIGABYTE\smart6\dbios\SDBMSG.exe
MOD - [2009/07/13 23:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\ead6be8b410d56b5576b10e56af2c180\Syste m.Drawing.ni.dll
MOD - [2009/07/13 23:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xm l.ni.dll
MOD - [2009/07/13 23:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009/07/13 23:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\msc orlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni .dll
MOD - [2009/06/10 15:28:56 | 000,106,496 | ---- | M] () -- C:\Program Files\GIGABYTE\smart6\dbios\DBIOS.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/12/10 12:26:56 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/06/24 14:55:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/10/13 15:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Program Files\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009/10/02 12:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/08/06 00:51:20 | 000,065,536 | R--- | M] () [Auto | Running] -- C:\Windows\System32\XSrvSetup.exe -- (JMB36X)
SRV - [2009/08/04 16:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/07/20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/06/17 15:13:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service)
========== Driver Services (SafeList) ==========
DRV - [2011/12/15 02:24:52 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/12/30 15:02:21 | 001,515,520 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM108.sys -- (USBPNPA)
DRV - [2010/07/10 04:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/03/01 09:35:10 | 000,018,472 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AppleCharger.sys -- (AppleCharger)
DRV - [2009/11/23 16:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009/11/23 16:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009/10/29 03:14:32 | 000,099,440 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2009/10/26 10:19:02 | 000,136,704 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2009/10/26 10:19:00 | 000,058,240 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/06/17 11
DRV - [2009/06/17 11
DRV - [2009/06/17 11
DRV - [2009/05/21 13:39:54 | 000,090,472 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/12/14 0832 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3816233868-3723866253-954447219-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Messenger, Latest news, Sport, Music, Movies, Cars - MSN UK
IE - HKU\S-1-5-21-3816233868-3723866253-954447219-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3816233868-3723866253-954447219-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 E6 93 3D EA BB CC 01 [binary data]
IE - HKU\S-1-5-21-3816233868-3723866253-954447219-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-3816233868-3723866253-954447219-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3816233868-3723866253-954447219-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\fiddlerhook@fiddler2.com: C:\Program Files\Fiddler2\FiddlerHook [2011/11/19 23:02:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/21 11:26:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/21 11:26:20 | 000,000,000 | ---D | M]
[2010/06/23 19:20:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob's Computer\AppData\Roaming\Mozilla\Extensions
[2011/12/01 04:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob's Computer\AppData\Roaming\Mozilla\Firefox\Profiles\ 3p6kb0ll.default\extensions
[2011/12/10 12:34:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/10 12:27:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/12/10 12:34:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/19 23:02:12 | 000,000,000 | ---D | M] (FiddlerHook) -- C:\PROGRAM FILES\FIDDLER2\FIDDLERHOOK
() (No name found) -- C:\USERS\ROB'S COMPUTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ 3P6KB0LL.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2011/11/10 19:53:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/17 16:47:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 19:53:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrial Parameter}{google:instantFieldTrialGroupParameter} sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}{google:instantFieldTrialGroupParame ter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf 32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoo gleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.d ll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\Rob's Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfg npldfl\5.6.0.8442_0\
O1 HOSTS File: ([2011/12/15 02:18:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [sealmon.exe] C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe (Oracle Corporation)
O4 - HKU\S-1-5-21-3816233868-3723866253-954447219-1000..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-3816233868-3723866253-954447219-1000..\Run: [Magellan CmTray] C:\Program Files\Content Manager\CmTray.exe (MiTAC Digital Corporation.)
O4 - HKU\S-1-5-21-3816233868-3723866253-954447219-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [DES2] C:\Program Files\GIGABYTE\EnergySaver2\des2.exe ()
O4 - HKLM..\RunOnce: [SDBOK] C:\Program Files\GIGABYTE\smart6\dbios\Run.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3816233868-3723866253-954447219-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3816233868-3723866253-954447219-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{71EF6B14-A1C6-4205-A390-3AEEBB83AD86}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.ex e (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3816233868-3723866253-954447219-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/12/16 06:44:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Rob's Computer\Desktop\OTL.exe
[2011/12/15 02:20:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/15 02:18:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/15 02:16:42 | 000,000,000 | ---D | C] -- C:\Users\Rob's Computer\AppData\Local\temp
[2011/12/15 01:32:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/15 01:32:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/15 01:32:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/15 01:32:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/15 01:32:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/15 01:27:48 | 004,339,049 | R--- | C] (Swearware) -- C:\Users\Rob's Computer\Desktop\ComboFix.exe
[2011/12/14 07:27:38 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/12/10 12:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/10 12:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/12/10 11:45:35 | 000,000,000 | ---D | C] -- C:\Users\Rob's Computer\AppData\Roaming\Malwarebytes
[2011/12/10 11:45:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/10 11:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/10 11:45:27 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/10 11:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/03 08:09:41 | 000,000,000 | ---D | C] -- C:\Users\Rob's Computer\Desktop\backedup forum files
[2011/11/21 11:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/21 11:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/21 11:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/19 23:04:25 | 000,000,000 | ---D | C] -- C:\Users\Rob's Computer\Documents\Fiddler2
[2011/11/19 23:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\Fiddler2
[2011/11/18 21:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
========== Files - Modified Within 30 Days ==========
[2011/12/16 12:09:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/16 11:09:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/16 06:44:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rob's Computer\Desktop\OTL.exe
[2011/12/16 06:04:10 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/16 06:04:10 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/15 10:10:05 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/15 02:24:59 | 000,017,360 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/15 02:24:59 | 000,017,360 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/15 02:18:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/15 02:17:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/15 02:17:44 | 2814,996,480 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/15 01:28:20 | 001,008,141 | ---- | M] () -- C:\Users\Rob's Computer\Desktop\rkill.com
[2011/12/15 01:27:49 | 004,339,049 | R--- | M] (Swearware) -- C:\Users\Rob's Computer\Desktop\ComboFix.exe
[2011/12/14 07:27:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/12/10 12:27:47 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/10 12:25:58 | 000,327,680 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/12/10 12:25:29 | 000,023,984 | ---- | M] () -- C:\Users\Rob's Computer\AppData\Roaming\Notepad2.ini
[2011/12/10 11:45:31 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/10 11:17:38 | 000,011,246 | -HS- | M] () -- C:\Users\Rob's Computer\AppData\Local\wwjcuq7b2lbu6gei5hrv0j631y1 v
[2011/12/10 11:17:38 | 000,011,246 | -HS- | M] () -- C:\ProgramData\wwjcuq7b2lbu6gei5hrv0j631y1v
[2011/12/09 11:08:13 | 000,019,547 | ---- | M] () -- C:\Users\Rob's Computer\Desktop\kittenavatar.png
[2011/12/06 21:26:51 | 000,074,489 | ---- | M] () -- C:\Users\Rob's Computer\Desktop\kitten.png
[2011/12/06 19:52:40 | 000,034,332 | ---- | M] () -- C:\Users\Rob's Computer\Desktop\lp.jpg
[2011/12/05 23:20:25 | 000,107,426 | ---- | M] () -- C:\Users\Rob's Computer\Desktop\rbm2.jpg
[2011/12/05 23:13:32 | 000,111,152 | ---- | M] () -- C:\Users\Rob's Computer\Desktop\rbm1.jpg
[2011/12/05 16:52:24 | 000,057,333 | ---- | M] () -- C:\Users\Rob's Computer\Desktop\r1.jpg
[2011/12/04 07:58:40 | 000,046,468 | ---- | M] () -- C:\Users\Rob's Computer\Desktop\quotedepth.jpg
[2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 13:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/11/23 20:57:33 | 004,769,021 | ---- | M] () -- C:\Users\Rob's Computer\Desktop\king henry vs clint eastwood.mp3
[2011/11/21 11:26:16 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/21 11:25:12 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/18 21:10:08 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/16 18:55:28 | 000,038,858 | ---- | M] () -- C:\Users\Rob's Computer\Desktop\erbohidea.jpg
[2011/11/16 18:48:49 | 000,040,558 | ---- | M] () -- C:\Users\Rob's Computer\Desktop\erbohcontest.jpg
========== Files Created - No Company Name ==========
[2011/12/15 01:32:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/15 01:32:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/15 01:32:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/15 01:32:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/15 01:32:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/15 01:28:15 | 001,008,141 | ---- | C] () -- C:\Users\Rob's Computer\Desktop\rkill.com
[2011/12/10 12:27:47 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/10 11:45:31 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/10 11:11:59 | 000,011,246 | -HS- | C] () -- C:\Users\Rob's Computer\AppData\Local\wwjcuq7b2lbu6gei5hrv0j631y1 v
[2011/12/10 11:11:59 | 000,011,246 | -HS- | C] () -- C:\ProgramData\wwjcuq7b2lbu6gei5hrv0j631y1v
[2011/12/09 11:08:09 | 000,019,547 | ---- | C] () -- C:\Users\Rob's Computer\Desktop\kittenavatar.png
[2011/12/06 21:26:48 | 000,074,489 | ---- | C] () -- C:\Users\Rob's Computer\Desktop\kitten.png
[2011/12/06 19:52:40 | 000,034,332 | ---- | C] () -- C:\Users\Rob's Computer\Desktop\lp.jpg
[2011/12/05 23:14:56 | 000,107,426 | ---- | C] () -- C:\Users\Rob's Computer\Desktop\rbm2.jpg
[2011/12/05 23:13:32 | 000,111,152 | ---- | C] () -- C:\Users\Rob's Computer\Desktop\rbm1.jpg
[2011/12/05 16:52:24 | 000,057,333 | ---- | C] () -- C:\Users\Rob's Computer\Desktop\r1.jpg
[2011/12/04 07:54:56 | 000,046,468 | ---- | C] () -- C:\Users\Rob's Computer\Desktop\quotedepth.jpg
[2011/11/23 20:57:24 | 004,769,021 | ---- | C] () -- C:\Users\Rob's Computer\Desktop\king henry vs clint eastwood.mp3
[2011/11/21 11:26:16 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/21 11:25:12 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/19 23:02:12 | 000,001,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiddler2.lnk
[2011/11/18 21:10:08 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/16 18:55:28 | 000,038,858 | ---- | C] () -- C:\Users\Rob's Computer\Desktop\erbohidea.jpg
[2011/11/16 18:48:49 | 000,040,558 | ---- | C] () -- C:\Users\Rob's Computer\Desktop\erbohcontest.jpg
[2011/06/28 10:23:33 | 000,023,984 | ---- | C] () -- C:\Users\Rob's Computer\AppData\Roaming\Notepad2.ini
[2011/06/28 10:09:31 | 000,072,192 | ---- | C] () -- C:\Windows\unlite3.exe
[2011/06/13 04:13:40 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2011/06/13 04:13:40 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2011/06/13 04:13:40 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2011/06/13 04:11:41 | 000,036,239 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/01/02 21:57:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/30 15:02:36 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix108.dll
[2010/12/30 15:02:35 | 000,557,056 | ---- | C] () -- C:\Windows\System32\Cmeau108.exe
[2010/12/30 15:02:35 | 000,000,103 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2010/12/30 15:02:28 | 000,002,029 | ---- | C] () -- C:\Windows\Cm108.ini.cfg
[2010/12/30 15:02:28 | 000,000,172 | ---- | C] () -- C:\Windows\Cm108.ini.imi
[2010/12/30 15:02:27 | 000,001,318 | ---- | C] () -- C:\Windows\cm108.ini
[2010/12/30 13:36:25 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2010/10/30 13:38:11 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/10/30 12:20:01 | 000,007,620 | ---- | C] () -- C:\Users\Rob's Computer\AppData\Local\Resmon.ResmonCfg
[2010/10/06 15:48:23 | 000,004,608 | ---- | C] () -- C:\Users\Rob's Computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/01 11:20:37 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/08/11 23:17:06 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys
[2010/06/23 22:59:31 | 000,208,896 | ---- | C] () -- C:\Windows\System32\CommCmd.dll
[2010/06/23 19:30:57 | 000,018,472 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys
[2010/06/23 19:30:24 | 000,065,536 | R--- | C] () -- C:\Windows\System32\XSrvSetup.exe
[2010/06/23 19:29:35 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/06/23 19:26:12 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/08/27 02:04:14 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,412,432 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,623,940 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ==========
[2011/03/16 23:00:01 | 000,000,000 | ---D | M] -- C:\Users\Rob's Computer\AppData\Roaming\.minecraft
[2011/01/05 20:32:34 | 000,000,000 | ---D | M] -- C:\Users\Rob's Computer\AppData\Roaming\acccore
[2010/11/06 22:03:39 | 000,000,000 | ---D | M] -- C:\Users\Rob's Computer\AppData\Roaming\Antares
[2010/12/31 17:19:52 | 000,000,000 | ---D | M] -- C:\Users\Rob's Computer\AppData\Roaming\Galactic Magnate
[2010/06/23 23:54:13 | 000,000,000 | ---D | M] -- C:\Users\Rob's Computer\AppData\Roaming\Leadertech
[2010/11/06 22:12:03 | 000,000,000 | ---D | M] -- C:\Users\Rob's Computer\AppData\Roaming\PACE Anti-Piracy
[2010/11/01 18:54:15 | 000,000,000 | ---D | M] -- C:\Users\Rob's Computer\AppData\Roaming\Publish Providers
[2010/11/01 19:04:26 | 000,000,000 | ---D | M] -- C:\Users\Rob's Computer\AppData\Roaming\Sony
[2010/11/08 13:53:56 | 000,000,000 | ---D | M] -- C:\Users\Rob's Computer\AppData\Roaming\Sony Creative Software Inc
[2010/09/29 20:42:35 | 000,000,000 | ---D | M] -- C:\Users\Rob's Computer\AppData\Roaming\SystemRequirementsLab
[2011/12/12 01:51:44 | 000,000,000 | ---D | M] -- C:\Users\Rob's Computer\AppData\Roaming\uTorrent
[2011/03/13 17:36:33 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2011/12/15 02:20:08 | 000,011,864 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/06/23 19:30:59 | 000,000,180 | ---- | M] () -- C:\csb.log
[2011/12/15 02:17:44 | 2814,996,480 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/23 19:29:47 | 000,000,217 | ---- | M] () -- C:\Install.log
[2010/10/30 15:43:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/04/07 11:25:59 | 000,000,716 | -H-- | M] () -- C:\IPH.PH
[2010/06/24 00:04:41 | 000,021,636 | ---- | M] () -- C:\LU4.log
[2010/10/30 15:43:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/12/15 02:17:49 | 3753,332,736 | -HS- | M] () -- C:\pagefile.sys
[2010/06/23 19:29:21 | 000,002,007 | ---- | M] () -- C:\RHDSetup.log
[2011/12/15 02:25:32 | 000,000,480 | ---- | M] () -- C:\rkill.log
[2010/10/29 13:50:03 | 000,000,078 | ---- | M] () -- C:\video.pass
< %systemroot%\Fonts\*.com >
[2009/07/13 23:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/06/10 16:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/13 20:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.d ll
[2006/10/26 18
[2009/07/13 20:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint .dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2009/07/13 23:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/06/24 06:42:30 | 000,000,221 | -HS- | M] () -- C:\Users\Rob's Computer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2011/12/15 01:27:49 | 004,339,049 | R--- | M] (Swearware) -- C:\Users\Rob's Computer\Desktop\ComboFix.exe
[2010/09/22 19:27:14 | 003,198,976 | ---- | M] () -- C:\Users\Rob's Computer\Desktop\Oracle IRM Desktop EN 5.5.19.0.exe
[2011/12/16 06:44:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rob's Computer\Desktop\OTL.exe
[2011/06/28 10:09:13 | 001,845,669 | ---- | M] () -- C:\Users\Rob's Computer\Desktop\ts3lite.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2010/08/05 12:06:40 | 000,000,402 | -HS- | M] () -- C:\Users\Rob's Computer\Favorites\desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
[2011/12/10 11:17:38 | 000,011,246 | -HS- | M] () -- C:\ProgramData\wwjcuq7b2lbu6gei5hrv0j631y1v
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.* >
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
OTL Extras logfile created on: 12/16/2011 6:45:32 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Rob's Computer\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.50 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 69.16% Memory free
6.99 Gb Paging File | 5.92 Gb Available in Paging File | 84.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 390.53 Gb Total Space | 313.34 Gb Free Space | 80.24% Space Free | Partition Type: NTFS
Drive X: | 1472.41 Gb Total Space | 1151.52 Gb Free Space | 78.21% Space Free | Partition Type: NTFS
Computer Name: ROBSCOMPUTER-PC | User Name: Rob's Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Cinfigurer
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B0.0107.1
"{3B78608F-D09A-11DF-A54E-0013D3D69929}" = Vegas Pro 10.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0301.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B09.1008.1
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B3B662EB-4C08-4BA2-90F2-D7CA9AB5F4E4}" = Oracle IRM Desktop 5.5.19 10gR3 PR5
"{B64BC516-2406-43AE-A21A-1E387A2343B1}" = ContentManager
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DE15D01F-0446-4C8C-AEEF-AD4530A28276}" = XHD2 B09.1111.01
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFF74EC9-1FF4-4456-99E3-4F05129F4FAB}" = Antares Auto-Tune Evo VST
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM_7" = AIM 7
"avast" = avast! Free Antivirus
"Borders Desktop" = Borders Desktop
"C-Media CM108 Like Sound Driver" = USB PnP Sound Device
"Diablo II" = Diablo II
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fiddler2" = Fiddler2
"Fraps" = Fraps (remove only)
"Galactic Magnate_is1" = Galactic Magnate v1.2
"GIF Movie Gear_is1" = GIF Movie Gear 4.2.3
"Google Chrome" = Google Chrome
"InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B09.1008.1
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Liveupdate4_is1" = Liveupdate4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Notepad2" = Notepad2 (Notepad Replacement)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"SING & SEE PROFESSIONAL_is1" = SING & SEE v1.4.9
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StarCraft II" = StarCraft II
"SystemRequirementsLab" = System Requirements Lab
"TopStyle Lite (Version 3.0)" = TopStyle Lite (Version 3.0)
"UP286_is1" = Ultimate Paint 2.88 Freeware Edition
"uTorrent" = µTorrent
"World of Warcraft" = World of Warcraft
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/14/2011 1:31:11 AM | Computer Name = RobsComputer-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\borders
desktop\drivers\dpinst64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture=" amd64",publicKeyToken="6595b64144ccf1df",type="win 32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 12/14/2011 9:00:16 AM | Computer Name = RobsComputer-PC | Source = VSS | ID = 8194
Description =
Error - 12/15/2011 12:10:44 AM | Computer Name = RobsComputer-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 8.0.0.4325 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 15ac Start
Time: 01ccbad49ddfb5b2 Termination Time: 73 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: b96be95b-26d2-11e1-b71a-6cf049b9a931
Error - 12/15/2011 1:40:55 AM | Computer Name = RobsComputer-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2. Multiple
requestedPrivileges elements are not allowed in manifest.
Error - 12/15/2011 1:42:02 AM | Computer Name = RobsComputer-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\borders
desktop\drivers\dpinst64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture=" amd64",publicKeyToken="6595b64144ccf1df",type="win 32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 12/15/2011 2:54:56 AM | Computer Name = RobsComputer-PC | Source = Application Error | ID = 1000
Description = Faulting application name: swxcacls.3XE, version: 1.0.1.1, time stamp:
0x2a425e19 Faulting module name: swxcacls.3XE, version: 1.0.1.1, time stamp: 0x2a425e19
Exception
code: 0xc0000005 Fault offset: 0x00004b2a Faulting process id: 0xfe0 Faulting application
start time: 0x01ccbaf38de0af8b Faulting application path: C:\ComboFix\swxcacls.3XE
Faulting
module path: C:\ComboFix\swxcacls.3XE Report Id: b1e20670-26e9-11e1-b71a-6cf049b9a931
Error - 12/15/2011 3:00:02 AM | Computer Name = RobsComputer-PC | Source = VSS | ID = 8194
Description =
Error - 12/15/2011 3:47:59 AM | Computer Name = RobsComputer-PC | Source = VSS | ID = 8194
Description =
Error - 12/16/2011 1:30:05 AM | Computer Name = RobsComputer-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2. Multiple
requestedPrivileges elements are not allowed in manifest.
Error - 12/16/2011 1:30:40 AM | Computer Name = RobsComputer-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\borders
desktop\drivers\dpinst64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture=" amd64",publicKeyToken="6595b64144ccf1df",type="win 32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
[ OSession Events ]
Error - 12/21/2010 12:27:04 PM | Computer Name = RobsComputer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
Error - 12/21/2010 12:27:14 PM | Computer Name = RobsComputer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 6/5/2011 5:11:51 PM | Computer Name = RobsComputer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 6/19/2011 6:18:23 AM | Computer Name = RobsComputer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 4/26/2011 10:36:15 PM | Computer Name = RobsComputer-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.
Error - 4/26/2011 10:36:15 PM | Computer Name = RobsComputer-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.
Error - 4/27/2011 2:52:18 AM | Computer Name = RobsComputer-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.
Error - 4/27/2011 2:52:18 AM | Computer Name = RobsComputer-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.
Error - 5/24/2011 9:27:39 PM | Computer Name = RobsComputer-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.
Error - 5/24/2011 9:27:39 PM | Computer Name = RobsComputer-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053
Error - 6/5/2011 4:33:07 PM | Computer Name = RobsComputer-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:09:56 PM on ?6/?5/?2011 was unexpected.
Error - 6/5/2011 4:33:08 PM | Computer Name = ROBSCOMPUTER-PC | Source = BugCheck | ID = 1001
Description =
Error - 6/5/2011 4:34:19 PM | Computer Name = RobsComputer-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.
Error - 6/5/2011 4:34:19 PM | Computer Name = RobsComputer-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053
< End of report >
Senior Member
Good news
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code::OTL O37 - HKU\S-1-5-21-3816233868-3723866253-954447219-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found [2011/12/10 11:17:38 | 000,011,246 | -HS- | M] () -- C:\Users\Rob's Computer\AppData\Local\wwjcuq7b2lbu6gei5hrv0j631y1 v [2011/12/10 11:17:38 | 000,011,246 | -HS- | M] () -- C:\ProgramData\wwjcuq7b2lbu6gei5hrv0j631y1v :Commands [purity] [emptytemp] [emptyflash] [Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
================================================== ==========
Last scans...
1. Download Security Check from HERE, and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.
2. Download Temp File Cleaner (TFC)
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
3. Please run a free online scan with the ESET Online Scanner
- Disable your antivirus program
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- Accept any security warnings from your browser.
- Check Scan archives
- Click Start
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, click on List of found threats
- Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- NOTE. If Eset won't find any threats, it won't produce any log.
Full Member
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3816233868-3723866253-954447219-1000_Classes\.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3816233868-3723866253-954447219-1000_Classes\ComFile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!
File C:\Users\Rob's Computer\AppData\Local\wwjcuq7b2lbu6gei5hrv0j631y1 v not found.
C:\ProgramData\wwjcuq7b2lbu6gei5hrv0j631y1v moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Rob's Computer
->Temp folder emptied: 1808510 bytes
->Temporary Internet Files folder emptied: 160850460 bytes
->Java cache emptied: 4576269 bytes
->FireFox cache emptied: 299053439 bytes
->Google Chrome cache emptied: 186634167 bytes
->Flash cache emptied: 3991 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 297580 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 623.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: Rob's Computer
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 12172011_110153
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Results of screen317's Security Check version 0.99.24
Windows 7 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 29
Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Alwil Software Avast5 AvastSvc.exe
``````````End of Log````````````
Senior Member
...and Eset....
Full Member
Sorry I did the 2 and posted them then did the other 2
Eset took a while!
here it is though:
C:\Documents and Settings\Rob's Computer\Downloads\SoftonicDownloader_for_topstyle .exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
Senior Member
Your computer is clean
1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code::OTL :Commands [purity] [emptytemp] [EMPTYFLASH] [CLEARALLRESTOREPOINTS] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Post resulting log.
2. Now, we'll remove all tools, we used during our cleaning process
Clean up with OTL:
- Double-click OTL.exe to start the program.
- Close all other programs apart from OTL as this step will require a reboot
- On the OTL main screen, press the CLEANUP button
- Say Yes to the prompt and then allow the program to reboot your computer.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
3. Make sure, Windows Updates are current.
4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
5. Download, and install WOT (Web OF Trust): Safe Browsing Tool | WOT (Web of Trust). It'll warn you (in most cases) about dangerous web sites.
6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
7. Run Temporary File Cleaner (TFC) weekly.
8. Download and install Secunia Personal Software Inspector (PSI): Free Computer Security - Personal Software Inspector (PSI) - Secunia. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
10. (Windows XP only) Run defrag at your convenience.
11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
12. Read How did I get infected?, With steps so it does not happen again!: How did I get infected?
13. Please, let me know, how your computer is doing.
