FBI ransomeware help

M

mmaikeru

New Member
Thread author
Verified
Jun 7, 2013
17
I have gotten the FBI virus. So far I have followed the instructions about how to remove it, and have had success with malware bytes in removing it. I preformed the scan and then it removed the virus. when I try to then resume connection I get locked out. after doing another virus scan, it detects the same infected files that hours earlier I got rid of. I don't know how to get rid of this thing
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:
  • I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />

Which Operating system are you using?
 
M

mmaikeru

New Member
Thread author
Verified
Jun 7, 2013
17
OTL Extras logfile created on: 6/7/2013 11:51:59 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Upstairs computer\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 66.32% Memory free
6.20 Gb Paging File | 5.16 Gb Available in Paging File | 83.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.05 Gb Total Space | 57.35 Gb Free Space | 42.15% Space Free | Partition Type: NTFS
Drive D: | 583.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: UPSTAIRS | User Name: WALL_E_Machine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{132C0866-EA1B-4C22-B406-F59F9F50F887}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{3EF15C61-5FDA-4ADB-B075-8CE9C4172E93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{448F2443-5419-4C95-8376-9D415350E738}" = lport=138 | protocol=17 | dir=in | app=system |
"{5CF0E473-20C0-459D-A04B-FB882DA33FDD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{663D4056-21CF-428A-8482-02AAB9B3E22C}" = lport=137 | protocol=17 | dir=in | app=system |
"{79FFCC95-75AC-4F4E-A41F-E316732452E3}" = rport=138 | protocol=17 | dir=out | app=system |
"{87F184C2-3ECB-4DDD-97FD-1BC8A2BB378E}" = lport=445 | protocol=6 | dir=in | app=system |
"{8AB212A4-919E-48E7-9213-F39FCCC3C703}" = rport=137 | protocol=17 | dir=out | app=system |
"{95D3B83D-39BC-44C3-9760-C6DF6D012D9C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B82B8DEE-B8BB-4779-BD27-B29B3F4F27E6}" = lport=139 | protocol=6 | dir=in | app=system |
"{D3F4D7E5-88DD-45FF-8417-74E58AF1282C}" = rport=139 | protocol=6 | dir=out | app=system |
"{DD2F7BA0-94DC-49B6-BFFA-2880990944EF}" = rport=445 | protocol=6 | dir=out | app=system |
"{EF10F2ED-8101-4456-BDC4-3C13616D915E}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D8135C-B6E2-471A-A2A3-30A312F6D43F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0119D704-146F-4134-BACA-BEC6D49A6BF9}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{0BE69BD7-3880-4328-B804-B803651F3BF0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1423F8F3-3E55-4251-A966-5A48738FCFD5}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1FCC71B3-8206-4D1B-9EDB-35C404E98440}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{26328B94-F200-45FF-803B-60F027CDE63B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2778C178-494C-4FD2-85B8-BF1E87B2A800}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{2967839C-C33B-48B9-8EF4-A4EB78BE04FF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{2BD6E723-E848-4BB2-BEED-268472765DF4}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{2F6A9D3D-6641-431C-9325-BF1090DA63F9}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{33416A3B-6A35-4172-B9CC-649B4A0BFCDC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{42D18F2C-36CF-4D3B-BFED-B379714348C0}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe |
"{5F874A84-DA44-4669-8D59-C19116F01B18}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7522DC56-3BFE-4440-B700-190BB68271E2}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{82345E63-93E1-4581-894B-985609B40AFF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8E8D0710-FB89-45F1-93F6-28C832583EF0}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{913BE182-3CCC-4D34-9BCC-795FE29CC14F}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{9321DC5E-A171-443A-A4FA-56C63D0B3956}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A046FF93-C82E-468D-99D9-EB6AAF58A8E6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A7AE32E1-295E-4660-891F-6C9900E416D8}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{C644A2D7-FD83-4651-9F3F-AFAF718FB03B}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{C97E4A7B-5F63-439B-B186-18AC1F650FD3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D074946B-BB42-44C4-9D17-6A82B070C8E5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DC6AFFF4-BD80-4B77-88BC-008BC0599B44}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{E4DD6134-F93C-41AB-A83C-3CE952D85075}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe |
"{F1E8285B-E4A1-47DC-BA5D-DD6D2CF23A96}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"TCP Query User{9F17FD20-8B27-4603-AD01-F9DAFFB9B7DA}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"TCP Query User{FEC3420A-5BDE-40AD-BF2C-D85E8526C16B}C:\windows\lmi65f5.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\windows\lmi65f5.tmp\lmi_rescue.exe |
"UDP Query User{061A3D26-13C8-453B-8006-648B1B7BE2FB}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{86798896-D991-4226-BEF1-72064902B90D}C:\windows\lmi65f5.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\windows\lmi65f5.tmp\lmi_rescue.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1EF75089-392B-4771-B791-17316E27EBA6}" = Real War Rogue States
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 29
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3408E5D6-4925-4496-AB67-AB8643C3685C}_is1" = Mouse and Keyboard Recorder 3.2.2.8
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{582E9125-32B6-4CBA-AB48-3E33CE3DB389}" = NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
"{5E6ACA2E-60D5-461C-8FD3-04BA9C174B27}_is1" = Mouse Recorder Pro 1.3
"{5FCA3E78-219B-457B-8316-2C906EA0A91D}" = Recorder
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}" = Belkin USB Wireless Adaptor
"{85BF0E64-6ABB-4EA1-A026-A3DEA6554A60}" = Do It Again
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BC6AB96-3613-4676-ABE8-4B7F55D7D8E7}" = DriverUpdate
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"BFlix" = BFlix
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}" = Belkin USB Wireless Adaptor
"InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys Dual-Band Wireless-N USB Network Adapter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MS Access 97 SP2" = MS Access 97 SP2
"NIS" = Norton Internet Security
"Norton Utilities_is1" = Norton Utilities
"NVIDIA Drivers" = NVIDIA Drivers
"Risk" = Risk
"ShadowExplorer_is1" = ShadowExplorer 0.8
"SimCity 3000 Unlimited" = SimCity 3000 Unlimited
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"WildTangent emachines Master Uninstall" = eMachines Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2a7a433177cfa3a6" = Macro Recorder
"Applet" = Applet
"Color Vision" = Color Vision
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/30/2013 1:07:44 AM | Computer Name = UPSTAIRS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18999, time stamp
0x4ccf92fb, faulting module mshtml.dll, version 8.0.6001.18999, time stamp 0x4ccfa8d4,
exception code 0xc0000005, fault offset 0x00095a22, process id 0x1630, application
start time 0x01ce456091b164b0.

Error - 5/5/2013 12:01:09 PM | Computer Name = UPSTAIRS | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 6.0.6000.16386, time stamp
0x4549b0e1, faulting module NvCpl.dll, version 7.15.11.8120, time stamp 0x4954aa1a,
exception code 0xc0000005, fault offset 0x000e6f04, process id 0xea0, application
start time 0x01ce49a9b8c0b8d2.

Error - 5/5/2013 12:01:22 PM | Computer Name = UPSTAIRS | Source = WinMgmt | ID = 10
Description =

Error - 5/14/2013 12:32:18 AM | Computer Name = UPSTAIRS | Source = Windows Search Service | ID = 3013
Description =

Error - 5/15/2013 3:58:56 PM | Computer Name = UPSTAIRS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18999, time stamp
0x4ccf92fb, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc0000005, fault offset 0x000659c3, process id 0x107c, application
start time 0x01ce51a5d259b070.

Error - 5/18/2013 10:04:24 PM | Computer Name = UPSTAIRS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18999, time stamp
0x4ccf92fb, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc0000005, fault offset 0x000659c3, process id 0x1090, application
start time 0x01ce5434e533e8a0.

Error - 5/19/2013 12:34:47 AM | Computer Name = UPSTAIRS | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 6.0.6000.16386, time stamp
0x4549b0e1, faulting module NvCpl.dll, version 7.15.11.8120, time stamp 0x4954aa1a,
exception code 0xc0000005, fault offset 0x000e6f04, process id 0xefc, application
start time 0x01ce544a2e6714ab.

Error - 5/19/2013 12:34:48 AM | Computer Name = UPSTAIRS | Source = WinMgmt | ID = 10
Description =

Error - 5/27/2013 7:51:17 AM | Computer Name = UPSTAIRS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18999, time stamp
0x4ccf92fb, faulting module IEShims.dll, version 8.0.6001.18999, time stamp 0x4ccfa85d,
exception code 0xc0000005, fault offset 0x00021e16, process id 0x1f44, application
start time 0x01ce5ad07ed97140.

Error - 5/27/2013 9:09:26 AM | Computer Name = UPSTAIRS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18999, time stamp
0x4ccf92fb, faulting module IEShims.dll, version 8.0.6001.18999, time stamp 0x4ccfa85d,
exception code 0xc0000005, fault offset 0x00021e16, process id 0x1cf8, application
start time 0x01ce5adb69d30da0.

[ OSession Events ]
Error - 4/9/2013 11:49:35 PM | Computer Name = UPSTAIRS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 172558
seconds with 1740 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/7/2013 2:40:50 PM | Computer Name = UPSTAIRS | Source = DCOM | ID = 10005
Description =

Error - 6/7/2013 2:40:57 PM | Computer Name = UPSTAIRS | Source = DCOM | ID = 10005
Description =

Error - 6/7/2013 2:41:04 PM | Computer Name = UPSTAIRS | Source = Service Control Manager | ID = 7001
Description =

Error - 6/7/2013 2:41:04 PM | Computer Name = UPSTAIRS | Source = Service Control Manager | ID = 7026
Description =

Error - 6/7/2013 2:43:48 PM | Computer Name = UPSTAIRS | Source = HTTP | ID = 15016
Description =

Error - 6/7/2013 2:44:19 PM | Computer Name = UPSTAIRS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.164 for the Network Card with network
address 08863B94B521 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/7/2013 2:45:22 PM | Computer Name = UPSTAIRS | Source = Service Control Manager | ID = 7000
Description =

Error - 6/7/2013 2:45:22 PM | Computer Name = UPSTAIRS | Source = Service Control Manager | ID = 7026
Description =

Error - 6/7/2013 2:45:56 PM | Computer Name = UPSTAIRS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 08863B94B521 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/7/2013 2:58:53 PM | Computer Name = UPSTAIRS | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by +86345 seconds. The time service will not change the system time by more than
+54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->64.4.10.33:123) is working
properly.


< End of report >
 
M

mmaikeru

New Member
Thread author
Verified
Jun 7, 2013
17
OTL logfile created on: 6/7/2013 11:51:59 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Upstairs computer\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 66.32% Memory free
6.20 Gb Paging File | 5.16 Gb Available in Paging File | 83.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.05 Gb Total Space | 57.35 Gb Free Space | 42.15% Space Free | Partition Type: NTFS
Drive D: | 583.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: UPSTAIRS | User Name: WALL_E_Machine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Upstairs computer\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\ShadowExplorer\sesvc.exe (www.shadowexplorer.com)
PRC - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
PRC - C:\Windows\vVX6000.exe (Microsoft Corporation
)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
PRC - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\Program Files\QuickTime\QTSystem\QTCF.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll ()
MOD - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()


========== Services (SafeList) ==========

SRV - (Norton Internet Security) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (sesvc) -- C:\Program Files\ShadowExplorer\sesvc.exe (www.shadowexplorer.com)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (ETService) -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (SASKUTIL) -- E:\SASKUTIL.SYS File not found
DRV - (SASDIFSV) -- E:\SASDIFSV.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20110730.002\NAVEX15.SYS File not found
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20110730.002\NAVENG.SYS File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\drivers\NIS\1109000.00C\symtdiv.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1109000.00C\symefa.sys (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\System32\drivers\NIS\1109000.00C\cchpx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20110723.001\BHDrvx86.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20110729.030\IDSvix86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1109000.00C\ironx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1109000.00C\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1109000.00C\srtspx.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1109000.00C\symds.sys (Symantec Corporation)
DRV - (VX6000) -- C:\Windows\System32\drivers\VX6000Xp.sys (Microsoft Corporation
)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (WPN111) -- C:\Windows\System32\drivers\WPN111v.sys (Atheros Communications, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc. )
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (DNISp50) -- C:\Windows\System32\drivers\DNISP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (DNIMp50) -- C:\Windows\System32\drivers\DNIMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0409&m=et1300
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0409&m=et1300
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0409&m=et1300
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/webhp?rls=ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {36054807-1BD1-4CE0-A2D0-4C0E060A5C71}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{36054807-1BD1-4CE0-A2D0-4C0E060A5C71}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_enUS333US333
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7ACEW_enUS333US333&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=-KBeFeMju4ZriHxvZ52qEEEqWyo?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.4.17: C:\Users\WALL_E_Machine\AppData\Local\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ [2013/06/04 23:25:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn_2010_9_0_6 [2013/06/07 11:44:13 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Yahoo! BrowserPlus Plugin (Enabled) = C:\Users\WALL_E_Machine\AppData\Local\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\WALL_E_Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\WALL_E_Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\WALL_E_Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\WALL_E_Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Bflix = C:\Users\WALL_E_Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpojpihgafjhbgkgaglhighomjceieff\1.4_0\
CHR - Extension: Gmail = C:\Users\WALL_E_Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\WALL_E_Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (BFlix Class) - {0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} - C:\Program Files\BFlix\Bflix.dll (BFlix)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [VX6000] C:\Windows\vVX6000.exe (Microsoft Corporation
)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Adobe CSS5.1 Manager] C:\Users\WALL_E_Machine\AppData\Local\26f3a422-fb45-4176-b216-398128ebb437ad\fafbbebbad.exe ()
O4 - HKCU..\Run: [BigFix] C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\RMTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] E:\SUPERAntiSpyware.exe File not found
O4 - HKCU..\RunOnce: [Adobe CSS5.1 Manager] C:\Users\WALL_E_Machine\AppData\Local\26f3a422-fb45-4176-b216-398128ebb437ad\fafbbebbad.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8255289D-93FA-4FF1-95CA-C62151A829B6}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9094F924-0A5E-4AC1-A743-EFDC01E1D46A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\WALL_E_Machine\AppData\Roaming\dbu32.ocx) - C:\Users\WALL_E_Machine\AppData\Roaming\dbu32.ocx ()
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\eM3_Wide.bmp
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\eM3_Wide.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/07/12 14:57:16 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1e3fda8d-ea6f-11de-93a1-002511104264}\Shell\AutoRun\command - "" = WDSetup.exe
O33 - MountPoints2\{4ef772a6-3618-11de-a766-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4ef772a6-3618-11de-a766-806e6f6e6963}\Shell\AutoRun\command - "" = D:\_aomg.exe -- [2004/07/16 14:07:36 | 000,045,056 | R--- | M] ()
O33 - MountPoints2\{797262f6-6ad2-11df-b9df-002511104264}\Shell\AutoRun\command - "" = RECYCLE\D-0-060-0000000000-1111111-2222222\rYan.exe
O33 - MountPoints2\{797262f6-6ad2-11df-b9df-002511104264}\Shell\open\command - "" = RECYCLE\D-0-060-0000000000-1111111-2222222\rYan.exe
O33 - MountPoints2\{a1f9aa2a-bb40-11e1-99f1-002511104264}\Shell - "" = AutoRun
O33 - MountPoints2\{a1f9aa2a-bb40-11e1-99f1-002511104264}\Shell\AutoRun\command - "" = E:\LiteAuto.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/07 07:41:21 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\skype74991.exe
[2013/06/07 07:30:23 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\jqs389835.exe
[2013/06/07 07:30:22 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\iexplore547765.exe
[2013/06/07 07:00:03 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\csrss465821.exe
[2013/06/07 07:00:01 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\ctfmon430808.exe
[2013/06/07 06:54:18 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\teamviewer680284.exe
[2013/06/07 06:39:31 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\csrss390766.exe
[2013/06/07 06:34:45 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\iexplore.exe
[2013/06/07 06:34:45 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\ctfmon.exe
[2013/06/06 22:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\uulcb
[2013/06/06 13:45:06 | 000,156,160 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\acrobat544243.exe
[2013/06/06 12:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/06 12:16:08 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/06/06 11:16:06 | 000,156,160 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\teamviewer.exe
[2013/06/06 11:11:34 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\AppData\Local\26f3a422-fb45-4176-b216-398128ebb437ad
[2013/06/06 09:27:51 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\Documents\Macro Scheduler 14
[2013/06/05 23:25:52 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\AppData\Roaming\RobotSoft
[2013/06/05 23:25:39 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\Documents\RobotSoft
[2013/06/05 23:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\RobotSoft
[2013/06/05 23:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse and Keyboard Recorder
[2013/06/05 23:00:20 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\Documents\Recorder
[2013/06/05 23:00:20 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\AppData\Roaming\Recorder
[2013/06/05 22:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recorder
[2013/06/05 22:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\KraTronic
[2013/06/05 22:23:52 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\AppData\Local\Nemex
[2013/06/05 22:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Recorder Pro
[2013/06/05 22:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\Nemex
[2013/06/05 21:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\Do It Again
[2013/06/04 22:30:50 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\AppData\Roaming\Tific
[2013/06/04 22:30:36 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\AppData\Local\Symantec
[2013/06/01 21:12:15 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\AppData\Roaming\wabEventSupport16
[2013/05/22 22:36:35 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\AppData\Local\BigFix
[2013/05/22 21:04:39 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\Documents\Meal Management project
[2008/01/20 19:25:01 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\AppData\Roaming\skype.dat
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/07 11:48:34 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/07 11:48:34 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/07 11:44:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/07 11:44:07 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2013/06/07 11:43:51 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013/06/07 11:43:50 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/07 11:43:50 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/07 11:43:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/07 11:43:41 | 3219,619,840 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/07 11:36:03 | 000,000,004 | ---- | M] () -- C:\Users\WALL_E_Machine\AppData\Roaming\skype.ini
[2013/06/07 11:32:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/07 11:00:01 | 000,000,356 | -H-- | M] () -- C:\Windows\tasks\{6CE62994-09EA-4605-B43E-BACBFB498952}.job
[2013/06/07 10:59:12 | 000,001,356 | ---- | M] () -- C:\Users\WALL_E_Machine\AppData\Local\d3d9caps.dat
[2013/06/07 07:41:50 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\notepad195278.exe
[2013/06/07 07:41:45 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\firefox460819.exe
[2013/06/07 07:41:44 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jucheck909716.exe
[2013/06/07 07:41:44 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jqs146643.exe
[2013/06/07 07:41:43 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\skype74991.exe
[2013/06/07 07:30:59 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\flashplayer847836.exe
[2013/06/07 07:30:50 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\msconfig741009.exe
[2013/06/07 07:30:49 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\iexplore547765.exe
[2013/06/07 07:30:49 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jucheck349047.exe
[2013/06/07 07:30:49 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\iexplore206868.exe
[2013/06/07 07:30:39 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\acrobatreader104475.exe
[2013/06/07 07:30:31 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\flashplayer616566.exe
[2013/06/07 07:30:30 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\jqs389835.exe
[2013/06/07 07:30:30 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\windowsupdate78939.exe
[2013/06/07 07:30:30 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jucheck124054.exe
[2013/06/07 07:00:21 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\alg823879.exe
[2013/06/07 07:00:16 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\spoolsv308296.exe
[2013/06/07 07:00:16 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\opera203257.exe
[2013/06/07 07:00:16 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\mstsc480472.exe
[2013/06/07 07:00:15 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\windowsupdate429439.exe
[2013/06/07 07:00:15 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\ctfmon430808.exe
[2013/06/07 07:00:10 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\winlogon272365.exe
[2013/06/07 07:00:10 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\mstsc41734.exe
[2013/06/07 07:00:09 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\csrss465821.exe
[2013/06/07 07:00:09 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\icq258255.exe
[2013/06/07 06:54:29 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\alg922821.exe
[2013/06/07 06:54:23 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\java14167.exe
[2013/06/07 06:54:23 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\alg454437.exe
[2013/06/07 06:54:22 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\teamviewer680284.exe
[2013/06/07 06:54:22 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\googleupdate151685.exe
[2013/06/07 06:39:54 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\alg532148.exe
[2013/06/07 06:39:49 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\icq847123.exe
[2013/06/07 06:39:48 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\csrss390766.exe
[2013/06/07 06:39:48 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\opera558248.exe
[2013/06/07 06:39:48 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\flashplayer283708.exe
[2013/06/07 06:35:03 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\csrss426490.exe
[2013/06/07 06:35:00 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\conhost.exe
[2013/06/07 06:34:54 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\winlogon.exe
[2013/06/07 06:34:53 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\ctfmon.exe
[2013/06/07 06:34:53 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\spoolsv.exe
[2013/06/07 06:34:53 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\googleupdate.exe
[2013/06/07 06:34:53 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\firefox.exe
[2013/06/07 06:34:53 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\csrss.exe
[2013/06/07 06:34:52 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\iexplore.exe
[2013/06/07 06:34:52 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\rundll32.exe
[2013/06/06 21:43:25 | 000,001,940 | ---- | M] () -- C:\Users\WALL_E_Machine\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2013/06/06 21:35:25 | 000,013,024 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/06/06 13:45:26 | 000,229,376 | ---- | M] () -- C:\Users\WALL_E_Machine\acrobat460929.exe
[2013/06/06 13:45:20 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\windowsupdate698494.exe
[2013/06/06 13:45:19 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\csrss482630.exe
[2013/06/06 13:45:16 | 000,156,160 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\acrobat544243.exe
[2013/06/06 13:44:18 | 000,229,376 | ---- | M] () -- C:\Users\WALL_E_Machine\mstsc.exe
[2013/06/06 13:44:14 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\skype.exe
[2013/06/06 13:16:34 | 000,229,376 | ---- | M] () -- C:\Users\WALL_E_Machine\msconfig.exe
[2013/06/06 13:16:07 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jucheck.exe
[2013/06/06 13:16:02 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\opera.exe
[2013/06/06 13:15:57 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\alg.exe
[2013/06/06 12:16:14 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/06 11:55:45 | 000,229,376 | ---- | M] () -- C:\Users\WALL_E_Machine\notepad.exe
[2013/06/06 11:55:38 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\flashplayer.exe
[2013/06/06 11:55:37 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\acrobatreader.exe
[2013/06/06 11:30:53 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\icq.exe
[2013/06/06 11:16:46 | 000,229,376 | ---- | M] () -- C:\Users\WALL_E_Machine\java.exe
[2013/06/06 11:16:21 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\vlcplayer.exe
[2013/06/06 11:16:21 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jqs.exe
[2013/06/06 11:16:16 | 000,156,160 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\teamviewer.exe
[2013/06/06 11:11:25 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\acrobat.exe
[2013/06/06 11:11:10 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\windowsupdate.exe
[2013/06/06 11:11:10 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\chrome.exe
[2013/06/06 09:27:32 | 000,005,105 | ---- | M] () -- C:\ProgramData\iqrjmdeq.fak
[2013/06/06 09:27:25 | 000,001,674 | ---- | M] () -- C:\Users\Public\Desktop\Macro Scheduler 14.lnk
[2013/06/05 23:25:39 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\Mouse and Keyboard Recorder.lnk
[2013/06/05 23:13:02 | 000,002,627 | ---- | M] () -- C:\Users\WALL_E_Machine\Desktop\Microsoft Office Word 2007.lnk
[2013/06/05 22:59:23 | 000,001,906 | ---- | M] () -- C:\Users\Public\Desktop\Recorder.lnk
[2013/06/05 22:23:26 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Mouse Recorder Pro.lnk
[2013/06/05 22:14:21 | 000,002,355 | ---- | M] () -- C:\Users\WALL_E_Machine\Desktop\Do It Again.lnk
[2013/06/05 21:40:04 | 264,978,361 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/05/13 21:33:41 | 000,748,794 | ---- | M] () -- C:\Users\WALL_E_Machine\Desktop\Matt's Eagle Project.pdf
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/07 11:43:41 | 3219,619,840 | -HS- | C] () -- C:\hiberfil.sys
[2013/06/07 07:41:46 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\notepad195278.exe
[2013/06/07 07:41:45 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\firefox460819.exe
[2013/06/07 07:41:44 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jucheck909716.exe
[2013/06/07 07:41:44 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jqs146643.exe
[2013/06/07 07:30:50 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\flashplayer847836.exe
[2013/06/07 07:30:50 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\msconfig741009.exe
[2013/06/07 07:30:49 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jucheck349047.exe
[2013/06/07 07:30:49 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\iexplore206868.exe
[2013/06/07 07:30:32 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\acrobatreader104475.exe
[2013/06/07 07:30:31 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\flashplayer616566.exe
[2013/06/07 07:30:30 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\windowsupdate78939.exe
[2013/06/07 07:30:30 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jucheck124054.exe
[2013/06/07 07:00:16 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\alg823879.exe
[2013/06/07 07:00:16 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\spoolsv308296.exe
[2013/06/07 07:00:16 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\opera203257.exe
[2013/06/07 07:00:16 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\mstsc480472.exe
[2013/06/07 07:00:11 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\windowsupdate429439.exe
[2013/06/07 07:00:10 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\winlogon272365.exe
[2013/06/07 07:00:10 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\mstsc41734.exe
[2013/06/07 07:00:09 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\icq258255.exe
[2013/06/07 06:54:24 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\alg922821.exe
[2013/06/07 06:54:23 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\java14167.exe
[2013/06/07 06:54:23 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\alg454437.exe
[2013/06/07 06:54:22 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\googleupdate151685.exe
[2013/06/07 06:39:49 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\alg532148.exe
[2013/06/07 06:39:49 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\icq847123.exe
[2013/06/07 06:39:48 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\opera558248.exe
[2013/06/07 06:39:48 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\flashplayer283708.exe
[2013/06/07 06:37:58 | 000,000,004 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Roaming\skype.ini
[2013/06/07 06:34:54 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\csrss426490.exe
[2013/06/07 06:34:54 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\conhost.exe
[2013/06/07 06:34:54 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\winlogon.exe
[2013/06/07 06:34:53 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\spoolsv.exe
[2013/06/07 06:34:53 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\googleupdate.exe
[2013/06/07 06:34:53 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\firefox.exe
[2013/06/07 06:34:53 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\csrss.exe
[2013/06/07 06:34:52 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\rundll32.exe
[2013/06/06 13:45:21 | 000,229,376 | ---- | C] () -- C:\Users\WALL_E_Machine\acrobat460929.exe
[2013/06/06 13:45:20 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\windowsupdate698494.exe
[2013/06/06 13:45:19 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\csrss482630.exe
[2013/06/06 13:44:15 | 000,229,376 | ---- | C] () -- C:\Users\WALL_E_Machine\mstsc.exe
[2013/06/06 13:44:14 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\skype.exe
[2013/06/06 13:16:07 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jucheck.exe
[2013/06/06 13:16:06 | 000,229,376 | ---- | C] () -- C:\Users\WALL_E_Machine\msconfig.exe
[2013/06/06 13:16:02 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\opera.exe
[2013/06/06 13:15:57 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\alg.exe
[2013/06/06 12:16:14 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/06 11:55:38 | 000,229,376 | ---- | C] () -- C:\Users\WALL_E_Machine\notepad.exe
[2013/06/06 11:55:38 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\flashplayer.exe
[2013/06/06 11:55:37 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\acrobatreader.exe
[2013/06/06 11:30:53 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\icq.exe
[2013/06/06 11:16:22 | 000,229,376 | ---- | C] () -- C:\Users\WALL_E_Machine\java.exe
[2013/06/06 11:16:21 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\vlcplayer.exe
[2013/06/06 11:16:21 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jqs.exe
[2013/06/06 11:11:34 | 000,000,356 | -H-- | C] () -- C:\Windows\tasks\{6CE62994-09EA-4605-B43E-BACBFB498952}.job
[2013/06/06 11:11:25 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\acrobat.exe
[2013/06/06 11:11:10 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\windowsupdate.exe
[2013/06/06 11:11:10 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\chrome.exe
[2013/06/06 09:27:32 | 000,005,105 | ---- | C] () -- C:\ProgramData\iqrjmdeq.fak
[2013/06/06 09:27:25 | 000,001,674 | ---- | C] () -- C:\Users\Public\Desktop\Macro Scheduler 14.lnk
[2013/06/05 23:25:39 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\Mouse and Keyboard Recorder.lnk
[2013/06/05 22:59:23 | 000,001,906 | ---- | C] () -- C:\Users\Public\Desktop\Recorder.lnk
[2013/06/05 22:23:26 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Mouse Recorder Pro.lnk
[2013/06/05 22:01:07 | 000,002,355 | ---- | C] () -- C:\Users\WALL_E_Machine\Desktop\Do It Again.lnk
[2013/06/05 21:58:26 | 000,001,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Do It Again.lnk
[2013/04/23 16:28:14 | 000,013,024 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/03/30 20:32:05 | 000,192,000 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Roaming\dbu32.ocx
[2012/09/06 22:22:18 | 000,000,632 | RHS- | C] () -- C:\Users\WALL_E_Machine\ntuser.pol
[2012/06/26 09:39:13 | 000,000,058 | ---- | C] () -- C:\Users\WALL_E_Machine\jagex_cl_runescape_LIVE_BETA.dat
[2012/06/26 09:39:13 | 000,000,024 | ---- | C] () -- C:\Users\WALL_E_Machine\random.dat
[2011/11/06 18:40:51 | 000,000,040 | ---- | C] () -- C:\Users\WALL_E_Machine\jagex_cl_runescape_LIVE.dat
[2011/08/25 18:19:33 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Local\{FADB0738-F621-45C3-A7EE-C33A9127BE25}
[2011/01/04 18:43:31 | 000,001,940 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/11/12 23:44:53 | 000,001,356 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Local\d3d9caps.dat
[2010/04/05 21:38:46 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jagex__preferences3.dat
[2010/02/20 14:48:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/04 17:32:42 | 000,038,400 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/03 16:17:17 | 000,000,129 | ---- | C] () -- C:\Users\WALL_E_Machine\jagex_runescape_preferences2.dat
[2009/08/15 09:49:38 | 000,000,452 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Roaming\wklnhst.dat
[2009/06/27 11:00:27 | 000,000,046 | ---- | C] () -- C:\Users\WALL_E_Machine\jagex_runescape_preferences.dat

========== ZeroAccess Check ==========

[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c\n. -- File not found

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008/11/06 06:14:25 | 011,580,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/02 21:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/20 19:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/12/22 12:48:34 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\DriverCure
[2012/08/01 23:40:51 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\Macro Recorder
[2010/12/22 12:48:33 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\ParetoLogic
[2013/06/05 23:00:20 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\Recorder
[2010/12/22 12:42:22 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\Registry Mechanic
[2013/06/05 23:25:52 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\RobotSoft
[2009/08/15 09:49:39 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\Template
[2013/06/04 22:30:50 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\Tific
[2013/06/04 20:56:51 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\wabEventSupport16
[2012/07/25 18:30:15 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\www.shadowexplorer.com

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:D287FACF
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
 
M

mmaikeru

New Member
Thread author
Verified
Jun 7, 2013
17
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-07 12:37:33
-----------------------------
12:37:33.063 OS Version: Windows 6.0.6001 Service Pack 1
12:37:33.063 Number of processors: 2 586 0x6B02
12:37:33.078 ComputerName: UPSTAIRS UserName:
12:37:33.687 Initialize success
12:37:36.906 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
12:37:36.921 Disk 0 Vendor: ST316081 4.AA Size: 152627MB BusType: 6
12:37:37.030 Disk 0 MBR read successfully
12:37:37.030 Disk 0 MBR scan
12:37:37.030 Disk 0 unknown MBR code
12:37:37.046 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
12:37:37.062 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 139313 MB offset 27265024
12:37:37.077 Disk 0 scanning sectors +312579760
12:37:37.155 Disk 0 scanning C:\Windows\system32\drivers
12:37:42.631 Service scanning
12:37:55.626 Modules scanning
12:38:00.800 Disk 0 trace - called modules:
12:38:00.815 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
12:38:00.831 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x862a3ac8]
12:38:00.831 3 CLASSPNP.SYS[8a3a6745] -> nt!IofCallDriver -> [0x84773258]
12:38:00.831 5 acpi.sys[806166a0] -> nt!IofCallDriver -> \Device\0000005e[0x84773c90]
12:38:00.846 Scan finished successfully
12:38:31.583 Disk 0 MBR has been saved successfully to "C:\Users\WALL_E_Machine\Documents\Matt's Work\MBR.dat"
12:38:31.583 The log file has been saved successfully to "C:\Users\WALL_E_Machine\Documents\Matt's Work\aswMBR.txt"
12:41:01.107 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
12:41:01.123 The log file has been saved successfully to "C:\aswMBR.txt"
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
STEP 1: Run the below OTL fix
<ol><li>Start <>OTL.exe</></li>
<li>Copy/paste the following text written <>inside of the code box</> into the <>Custom Scans/Fixes</> box located at the bottom of OTL
Code: 
:OTL
O4 - HKCU..\Run: [Adobe CSS5.1 Manager] C:\Users\WALL_E_Machine\AppData\Local\26f3a422-fb45-4176-b216-398128ebb437ad\fafbbebbad.exe ()
O4 - HKCU..\RunOnce: [Adobe CSS5.1 Manager] C:\Users\WALL_E_Machine\AppData\Local\26f3a422-fb45-4176-b216-398128ebb437ad\fafbbebbad.exe ()
O33 - MountPoints2\{797262f6-6ad2-11df-b9df-002511104264}\Shell\AutoRun\command - "" = RECYCLE\D-0-060-0000000000-1111111-2222222\rYan.exe
O33 - MountPoints2\{797262f6-6ad2-11df-b9df-002511104264}\Shell\open\command - "" = RECYCLE\D-0-060-0000000000-1111111-2222222\rYan.exe
[2013/06/07 07:41:21 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\skype74991.exe
[2013/06/07 07:30:23 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\jqs389835.exe
[2013/06/07 07:30:22 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\iexplore547765.exe
[2013/06/07 07:00:03 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\csrss465821.exe
[2013/06/07 07:00:01 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\ctfmon430808.exe
[2013/06/07 06:54:18 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\teamviewer680284.exe
[2013/06/07 06:39:31 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\csrss390766.exe
[2013/06/07 06:34:45 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\iexplore.exe
[2013/06/07 06:34:45 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\ctfmon.exe
[2013/06/06 22:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\uulcb
[2013/06/06 11:11:34 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\AppData\Local\26f3a422-fb45-4176-b216-398128ebb437ad
[2008/01/20 19:25:01 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\AppData\Roaming\skype.dat
[2013/06/07 11:48:34 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/07 11:48:34 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/07 11:36:03 | 000,000,004 | ---- | M] () -- C:\Users\WALL_E_Machine\AppData\Roaming\skype.ini
[2013/06/07 10:59:12 | 000,001,356 | ---- | M] () -- C:\Users\WALL_E_Machine\AppData\Local\d3d9caps.dat
[2013/06/07 07:41:50 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\notepad195278.exe
[2013/06/07 07:41:45 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\firefox460819.exe
[2013/06/07 07:41:44 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jucheck909716.exe
[2013/06/07 07:41:44 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jqs146643.exe
[2013/06/07 07:41:43 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\skype74991.exe
[2013/06/07 07:30:59 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\flashplayer847836.exe
[2013/06/07 07:30:50 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\msconfig741009.exe
[2013/06/07 07:30:49 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\iexplore547765.exe
[2013/06/07 07:30:49 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jucheck349047.exe
[2013/06/07 07:30:49 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\iexplore206868.exe
[2013/06/07 07:30:39 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\acrobatreader104475.exe
[2013/06/07 07:30:31 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\flashplayer616566.exe
[2013/06/07 07:30:30 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\jqs389835.exe
[2013/06/07 07:30:30 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\windowsupdate78939.exe
[2013/06/07 07:30:30 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jucheck124054.exe
[2013/06/07 07:00:21 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\alg823879.exe
[2013/06/07 07:00:16 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\spoolsv308296.exe
[2013/06/07 07:00:16 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\opera203257.exe
[2013/06/07 07:00:16 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\mstsc480472.exe
[2013/06/07 07:00:15 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\windowsupdate429439.exe
[2013/06/07 07:00:15 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\ctfmon430808.exe
[2013/06/07 07:00:10 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\winlogon272365.exe
[2013/06/07 07:00:10 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\mstsc41734.exe
[2013/06/07 07:00:09 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\csrss465821.exe
[2013/06/07 07:00:09 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\icq258255.exe
[2013/06/07 06:54:29 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\alg922821.exe
[2013/06/07 06:54:23 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\java14167.exe
[2013/06/07 06:54:23 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\alg454437.exe
[2013/06/07 06:54:22 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\teamviewer680284.exe
[2013/06/07 06:54:22 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\googleupdate151685.exe
[2013/06/07 06:39:54 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\alg532148.exe
[2013/06/07 06:39:49 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\icq847123.exe
[2013/06/07 06:39:48 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\csrss390766.exe
[2013/06/07 06:39:48 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\opera558248.exe
[2013/06/07 06:39:48 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\flashplayer283708.exe
[2013/06/07 06:35:03 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\csrss426490.exe
[2013/06/07 06:35:00 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\conhost.exe
[2013/06/07 06:34:54 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\winlogon.exe
[2013/06/07 06:34:53 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\ctfmon.exe
[2013/06/07 06:34:53 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\spoolsv.exe
[2013/06/07 06:34:53 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\googleupdate.exe
[2013/06/07 06:34:53 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\firefox.exe
[2013/06/07 06:34:53 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\csrss.exe
[2013/06/07 06:34:52 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\iexplore.exe
[2013/06/07 06:34:52 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\rundll32.exe
[2013/06/06 21:43:25 | 000,001,940 | ---- | M] () -- C:\Users\WALL_E_Machine\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2013/06/06 13:45:26 | 000,229,376 | ---- | M] () -- C:\Users\WALL_E_Machine\acrobat460929.exe
[2013/06/06 13:45:20 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\windowsupdate698494.exe
[2013/06/06 13:45:19 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\csrss482630.exe
[2013/06/06 13:45:16 | 000,156,160 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\acrobat544243.exe
[2013/06/06 13:44:18 | 000,229,376 | ---- | M] () -- C:\Users\WALL_E_Machine\mstsc.exe
[2013/06/06 13:44:14 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\skype.exe
[2013/06/06 13:16:34 | 000,229,376 | ---- | M] () -- C:\Users\WALL_E_Machine\msconfig.exe
[2013/06/06 13:16:07 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jucheck.exe
[2013/06/06 13:16:02 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\opera.exe
[2013/06/06 13:15:57 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\alg.exe
[2013/06/06 11:55:45 | 000,229,376 | ---- | M] () -- C:\Users\WALL_E_Machine\notepad.exe
[2013/06/06 11:55:38 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\flashplayer.exe
[2013/06/06 11:55:37 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\acrobatreader.exe
[2013/06/06 11:30:53 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\icq.exe
[2013/06/06 11:16:46 | 000,229,376 | ---- | M] () -- C:\Users\WALL_E_Machine\java.exe
[2013/06/06 11:16:21 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\vlcplayer.exe
[2013/06/06 11:16:21 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jqs.exe
[2013/06/06 11:16:16 | 000,156,160 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\teamviewer.exe
[2013/06/06 11:11:25 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\acrobat.exe
[2013/06/06 11:11:10 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\windowsupdate.exe
[2013/06/06 11:11:10 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\chrome.exe
[2013/06/06 09:27:32 | 000,005,105 | ---- | M] () -- C:\ProgramData\iqrjmdeq.fak
[2013/06/07 07:41:46 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\notepad195278.exe
[2013/06/07 07:41:45 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\firefox460819.exe
[2013/06/07 07:41:44 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jucheck909716.exe
[2013/06/07 07:41:44 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jqs146643.exe
[2013/06/07 07:30:50 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\flashplayer847836.exe
[2013/06/07 07:30:50 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\msconfig741009.exe
[2013/06/07 07:30:49 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jucheck349047.exe
[2013/06/07 07:30:49 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\iexplore206868.exe
[2013/06/07 07:30:32 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\acrobatreader104475.exe
[2013/06/07 07:30:31 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\flashplayer616566.exe
[2013/06/07 07:30:30 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\windowsupdate78939.exe
[2013/06/07 07:30:30 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jucheck124054.exe
[2013/06/07 07:00:16 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\alg823879.exe
[2013/06/07 07:00:16 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\spoolsv308296.exe
[2013/06/07 07:00:16 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\opera203257.exe
[2013/06/07 07:00:16 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\mstsc480472.exe
[2013/06/07 07:00:11 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\windowsupdate429439.exe
[2013/06/07 07:00:10 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\winlogon272365.exe
[2013/06/07 07:00:10 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\mstsc41734.exe
[2013/06/07 07:00:09 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\icq258255.exe
[2013/06/07 06:54:24 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\alg922821.exe
[2013/06/07 06:54:23 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\java14167.exe
[2013/06/07 06:54:23 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\alg454437.exe
[2013/06/07 06:54:22 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\googleupdate151685.exe
[2013/06/07 06:39:49 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\alg532148.exe
[2013/06/07 06:39:49 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\icq847123.exe
[2013/06/07 06:39:48 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\opera558248.exe
[2013/06/07 06:39:48 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\flashplayer283708.exe
[2013/06/07 06:37:58 | 000,000,004 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Roaming\skype.ini
[2013/06/07 06:34:54 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\csrss426490.exe
[2013/06/07 06:34:54 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\conhost.exe
[2013/06/07 06:34:54 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\winlogon.exe
[2013/06/07 06:34:53 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\spoolsv.exe
[2013/06/07 06:34:53 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\googleupdate.exe
[2013/06/07 06:34:53 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\firefox.exe
[2013/06/07 06:34:53 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\csrss.exe
[2013/06/07 06:34:52 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\rundll32.exe
[2013/06/06 13:45:21 | 000,229,376 | ---- | C] () -- C:\Users\WALL_E_Machine\acrobat460929.exe
[2013/06/06 13:45:20 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\windowsupdate698494.exe
[2013/06/06 13:45:19 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\csrss482630.exe
[2013/06/06 13:44:15 | 000,229,376 | ---- | C] () -- C:\Users\WALL_E_Machine\mstsc.exe
[2013/06/06 13:44:14 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\skype.exe
[2013/06/06 13:16:07 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jucheck.exe
[2013/06/06 13:16:06 | 000,229,376 | ---- | C] () -- C:\Users\WALL_E_Machine\msconfig.exe
[2013/06/06 13:16:02 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\opera.exe
[2013/06/06 13:15:57 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\alg.exe
[2013/06/06 11:55:38 | 000,229,376 | ---- | C] () -- C:\Users\WALL_E_Machine\notepad.exe
[2013/06/06 11:55:38 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\flashplayer.exe
[2013/06/06 11:55:37 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\acrobatreader.exe
[2013/06/06 11:30:53 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\icq.exe
[2013/06/06 11:16:22 | 000,229,376 | ---- | C] () -- C:\Users\WALL_E_Machine\java.exe
[2013/06/06 11:16:21 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\vlcplayer.exe
[2013/06/06 11:16:21 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jqs.exe
[2013/06/06 11:11:25 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\acrobat.exe
[2013/06/06 11:11:10 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\windowsupdate.exe
[2013/06/06 11:11:10 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\chrome.exe
[2013/06/06 09:27:32 | 000,005,105 | ---- | C] () -- C:\ProgramData\iqrjmdeq.fak
[2013/03/30 20:32:05 | 000,192,000 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Roaming\dbu32.ocx
[2012/06/26 09:39:13 | 000,000,024 | ---- | C] () -- C:\Users\WALL_E_Machine\random.dat
[2011/11/06 18:40:51 | 000,000,040 | ---- | C] () -- C:\Users\WALL_E_Machine\jagex_cl_runescape_LIVE.dat
[2011/08/25 18:19:33 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Local\{FADB0738-F621-45C3-A7EE-C33A9127BE25}
[2011/01/04 18:43:31 | 000,001,940 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/11/12 23:44:53 | 000,001,356 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Local\d3d9caps.dat
[2010/04/05 21:38:46 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jagex__preferences3.dat
[2010/02/20 14:48:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/04 17:32:42 | 000,038,400 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/03 16:17:17 | 000,000,129 | ---- | C] () -- C:\Users\WALL_E_Machine\jagex_runescape_preferences2.dat
[2009/08/15 09:49:38 | 000,000,452 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Roaming\wklnhst.dat
[2009/06/27 11:00:27 | 000,000,046 | ---- | C] () -- C:\Users\WALL_E_Machine\jagex_runescape_preferences.dat



:commands
[emptytemp]
[reboot]
<>NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system</></li>
<li>Then click the <>Run Fix</> button at the top</li>
<li>Let the program run unhindered, reboot when it is done</li>
<li>Attach the new log produced by OTL (C:\_OTL)</li>
</ol>

<hr />
 
Last edited by a moderator:
M

mmaikeru

New Member
Thread author
Verified
Jun 7, 2013
17
kuttus said:
STEP 1: Run the below OTL fix
<ol><li>Start <>OTL.exe</></li>
<li>Copy/paste the following text written <>inside of the code box</> into the <>Custom Scans/Fixes</> box located at the bottom of OTL
Code: 
:OTL
O4 - HKCU..\Run: [Adobe CSS5.1 Manager] C:\Users\WALL_E_Machine\AppData\Local\26f3a422-fb45-4176-b216-398128ebb437ad\fafbbebbad.exe ()
O4 - HKCU..\RunOnce: [Adobe CSS5.1 Manager] C:\Users\WALL_E_Machine\AppData\Local\26f3a422-fb45-4176-b216-398128ebb437ad\fafbbebbad.exe ()
O33 - MountPoints2\{797262f6-6ad2-11df-b9df-002511104264}\Shell\AutoRun\command - "" = RECYCLE\D-0-060-0000000000-1111111-2222222\rYan.exe
O33 - MountPoints2\{797262f6-6ad2-11df-b9df-002511104264}\Shell\open\command - "" = RECYCLE\D-0-060-0000000000-1111111-2222222\rYan.exe
[2013/06/07 07:41:21 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\skype74991.exe
[2013/06/07 07:30:23 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\jqs389835.exe
[2013/06/07 07:30:22 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\iexplore547765.exe
[2013/06/07 07:00:03 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\csrss465821.exe
[2013/06/07 07:00:01 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\ctfmon430808.exe
[2013/06/07 06:54:18 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\teamviewer680284.exe
[2013/06/07 06:39:31 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\csrss390766.exe
[2013/06/07 06:34:45 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\iexplore.exe
[2013/06/07 06:34:45 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\ctfmon.exe
[2013/06/06 22:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\uulcb
[2013/06/06 11:11:34 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\AppData\Local\26f3a422-fb45-4176-b216-398128ebb437ad
[2008/01/20 19:25:01 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\AppData\Roaming\skype.dat
[2013/06/07 11:48:34 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/07 11:48:34 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/07 11:36:03 | 000,000,004 | ---- | M] () -- C:\Users\WALL_E_Machine\AppData\Roaming\skype.ini
[2013/06/07 10:59:12 | 000,001,356 | ---- | M] () -- C:\Users\WALL_E_Machine\AppData\Local\d3d9caps.dat
[2013/06/07 07:41:50 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\notepad195278.exe
[2013/06/07 07:41:45 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\firefox460819.exe
[2013/06/07 07:41:44 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jucheck909716.exe
[2013/06/07 07:41:44 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jqs146643.exe
[2013/06/07 07:41:43 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\skype74991.exe
[2013/06/07 07:30:59 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\flashplayer847836.exe
[2013/06/07 07:30:50 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\msconfig741009.exe
[2013/06/07 07:30:49 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\iexplore547765.exe
[2013/06/07 07:30:49 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jucheck349047.exe
[2013/06/07 07:30:49 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\iexplore206868.exe
[2013/06/07 07:30:39 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\acrobatreader104475.exe
[2013/06/07 07:30:31 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\flashplayer616566.exe
[2013/06/07 07:30:30 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\jqs389835.exe
[2013/06/07 07:30:30 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\windowsupdate78939.exe
[2013/06/07 07:30:30 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jucheck124054.exe
[2013/06/07 07:00:21 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\alg823879.exe
[2013/06/07 07:00:16 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\spoolsv308296.exe
[2013/06/07 07:00:16 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\opera203257.exe
[2013/06/07 07:00:16 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\mstsc480472.exe
[2013/06/07 07:00:15 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\windowsupdate429439.exe
[2013/06/07 07:00:15 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\ctfmon430808.exe
[2013/06/07 07:00:10 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\winlogon272365.exe
[2013/06/07 07:00:10 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\mstsc41734.exe
[2013/06/07 07:00:09 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\csrss465821.exe
[2013/06/07 07:00:09 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\icq258255.exe
[2013/06/07 06:54:29 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\alg922821.exe
[2013/06/07 06:54:23 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\java14167.exe
[2013/06/07 06:54:23 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\alg454437.exe
[2013/06/07 06:54:22 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\teamviewer680284.exe
[2013/06/07 06:54:22 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\googleupdate151685.exe
[2013/06/07 06:39:54 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\alg532148.exe
[2013/06/07 06:39:49 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\icq847123.exe
[2013/06/07 06:39:48 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\csrss390766.exe
[2013/06/07 06:39:48 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\opera558248.exe
[2013/06/07 06:39:48 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\flashplayer283708.exe
[2013/06/07 06:35:03 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\csrss426490.exe
[2013/06/07 06:35:00 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\conhost.exe
[2013/06/07 06:34:54 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\winlogon.exe
[2013/06/07 06:34:53 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\ctfmon.exe
[2013/06/07 06:34:53 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\spoolsv.exe
[2013/06/07 06:34:53 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\googleupdate.exe
[2013/06/07 06:34:53 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\firefox.exe
[2013/06/07 06:34:53 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\csrss.exe
[2013/06/07 06:34:52 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\iexplore.exe
[2013/06/07 06:34:52 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\rundll32.exe
[2013/06/06 21:43:25 | 000,001,940 | ---- | M] () -- C:\Users\WALL_E_Machine\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2013/06/06 13:45:26 | 000,229,376 | ---- | M] () -- C:\Users\WALL_E_Machine\acrobat460929.exe
[2013/06/06 13:45:20 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\windowsupdate698494.exe
[2013/06/06 13:45:19 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\csrss482630.exe
[2013/06/06 13:45:16 | 000,156,160 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\acrobat544243.exe
[2013/06/06 13:44:18 | 000,229,376 | ---- | M] () -- C:\Users\WALL_E_Machine\mstsc.exe
[2013/06/06 13:44:14 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\skype.exe
[2013/06/06 13:16:34 | 000,229,376 | ---- | M] () -- C:\Users\WALL_E_Machine\msconfig.exe
[2013/06/06 13:16:07 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jucheck.exe
[2013/06/06 13:16:02 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\opera.exe
[2013/06/06 13:15:57 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\alg.exe
[2013/06/06 11:55:45 | 000,229,376 | ---- | M] () -- C:\Users\WALL_E_Machine\notepad.exe
[2013/06/06 11:55:38 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\flashplayer.exe
[2013/06/06 11:55:37 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\acrobatreader.exe
[2013/06/06 11:30:53 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\icq.exe
[2013/06/06 11:16:46 | 000,229,376 | ---- | M] () -- C:\Users\WALL_E_Machine\java.exe
[2013/06/06 11:16:21 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\vlcplayer.exe
[2013/06/06 11:16:21 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jqs.exe
[2013/06/06 11:16:16 | 000,156,160 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\teamviewer.exe
[2013/06/06 11:11:25 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\acrobat.exe
[2013/06/06 11:11:10 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\windowsupdate.exe
[2013/06/06 11:11:10 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\chrome.exe
[2013/06/06 09:27:32 | 000,005,105 | ---- | M] () -- C:\ProgramData\iqrjmdeq.fak
[2013/06/07 07:41:46 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\notepad195278.exe
[2013/06/07 07:41:45 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\firefox460819.exe
[2013/06/07 07:41:44 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jucheck909716.exe
[2013/06/07 07:41:44 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jqs146643.exe
[2013/06/07 07:30:50 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\flashplayer847836.exe
[2013/06/07 07:30:50 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\msconfig741009.exe
[2013/06/07 07:30:49 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jucheck349047.exe
[2013/06/07 07:30:49 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\iexplore206868.exe
[2013/06/07 07:30:32 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\acrobatreader104475.exe
[2013/06/07 07:30:31 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\flashplayer616566.exe
[2013/06/07 07:30:30 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\windowsupdate78939.exe
[2013/06/07 07:30:30 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jucheck124054.exe
[2013/06/07 07:00:16 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\alg823879.exe
[2013/06/07 07:00:16 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\spoolsv308296.exe
[2013/06/07 07:00:16 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\opera203257.exe
[2013/06/07 07:00:16 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\mstsc480472.exe
[2013/06/07 07:00:11 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\windowsupdate429439.exe
[2013/06/07 07:00:10 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\winlogon272365.exe
[2013/06/07 07:00:10 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\mstsc41734.exe
[2013/06/07 07:00:09 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\icq258255.exe
[2013/06/07 06:54:24 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\alg922821.exe
[2013/06/07 06:54:23 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\java14167.exe
[2013/06/07 06:54:23 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\alg454437.exe
[2013/06/07 06:54:22 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\googleupdate151685.exe
[2013/06/07 06:39:49 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\alg532148.exe
[2013/06/07 06:39:49 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\icq847123.exe
[2013/06/07 06:39:48 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\opera558248.exe
[2013/06/07 06:39:48 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\flashplayer283708.exe
[2013/06/07 06:37:58 | 000,000,004 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Roaming\skype.ini
[2013/06/07 06:34:54 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\csrss426490.exe
[2013/06/07 06:34:54 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\conhost.exe
[2013/06/07 06:34:54 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\winlogon.exe
[2013/06/07 06:34:53 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\spoolsv.exe
[2013/06/07 06:34:53 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\googleupdate.exe
[2013/06/07 06:34:53 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\firefox.exe
[2013/06/07 06:34:53 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\csrss.exe
[2013/06/07 06:34:52 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\rundll32.exe
[2013/06/06 13:45:21 | 000,229,376 | ---- | C] () -- C:\Users\WALL_E_Machine\acrobat460929.exe
[2013/06/06 13:45:20 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\windowsupdate698494.exe
[2013/06/06 13:45:19 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\csrss482630.exe
[2013/06/06 13:44:15 | 000,229,376 | ---- | C] () -- C:\Users\WALL_E_Machine\mstsc.exe
[2013/06/06 13:44:14 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\skype.exe
[2013/06/06 13:16:07 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jucheck.exe
[2013/06/06 13:16:06 | 000,229,376 | ---- | C] () -- C:\Users\WALL_E_Machine\msconfig.exe
[2013/06/06 13:16:02 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\opera.exe
[2013/06/06 13:15:57 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\alg.exe
[2013/06/06 11:55:38 | 000,229,376 | ---- | C] () -- C:\Users\WALL_E_Machine\notepad.exe
[2013/06/06 11:55:38 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\flashplayer.exe
[2013/06/06 11:55:37 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\acrobatreader.exe
[2013/06/06 11:30:53 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\icq.exe
[2013/06/06 11:16:22 | 000,229,376 | ---- | C] () -- C:\Users\WALL_E_Machine\java.exe
[2013/06/06 11:16:21 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\vlcplayer.exe
[2013/06/06 11:16:21 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jqs.exe
[2013/06/06 11:11:25 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\acrobat.exe
[2013/06/06 11:11:10 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\windowsupdate.exe
[2013/06/06 11:11:10 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\chrome.exe
[2013/06/06 09:27:32 | 000,005,105 | ---- | C] () -- C:\ProgramData\iqrjmdeq.fak
[2013/03/30 20:32:05 | 000,192,000 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Roaming\dbu32.ocx
[2012/06/26 09:39:13 | 000,000,024 | ---- | C] () -- C:\Users\WALL_E_Machine\random.dat
[2011/11/06 18:40:51 | 000,000,040 | ---- | C] () -- C:\Users\WALL_E_Machine\jagex_cl_runescape_LIVE.dat
[2011/08/25 18:19:33 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Local\{FADB0738-F621-45C3-A7EE-C33A9127BE25}
[2011/01/04 18:43:31 | 000,001,940 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/11/12 23:44:53 | 000,001,356 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Local\d3d9caps.dat
[2010/04/05 21:38:46 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jagex__preferences3.dat
[2010/02/20 14:48:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/04 17:32:42 | 000,038,400 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/03 16:17:17 | 000,000,129 | ---- | C] () -- C:\Users\WALL_E_Machine\jagex_runescape_preferences2.dat
[2009/08/15 09:49:38 | 000,000,452 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Roaming\wklnhst.dat
[2009/06/27 11:00:27 | 000,000,046 | ---- | C] () -- C:\Users\WALL_E_Machine\jagex_runescape_preferences.dat



:commands
[emptytemp]
[reboot]
<>NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system</></li>
<li>Then click the <>Run Fix</> button at the top</li>
<li>Let the program run unhindered, reboot when it is done</li>
<li>Attach the new log produced by OTL (C:\_OTL)</li>
</ol>

<hr />
Click to expand...


here is the log afterward, now what do i do, should that have removed the virus?
 
Last edited by a moderator:
M

mmaikeru

New Member
Thread author
Verified
Jun 7, 2013
17
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager not found.
File C:\Users\WALL_E_Machine\AppData\Local\26f3a422-fb45-4176-b216-398128ebb437ad\fafbbebbad.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe CSS5.1 Manager not found.
File C:\Users\WALL_E_Machine\AppData\Local\26f3a422-fb45-4176-b216-398128ebb437ad\fafbbebbad.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{797262f6-6ad2-11df-b9df-002511104264}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{797262f6-6ad2-11df-b9df-002511104264}\ not found.
File C:\RECYCLE\D-0-060-0000000000-1111111-2222222\rYan.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{797262f6-6ad2-11df-b9df-002511104264}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{797262f6-6ad2-11df-b9df-002511104264}\ not found.
File C:\RECYCLE\D-0-060-0000000000-1111111-2222222\rYan.exe not found.
File C:\Users\WALL_E_Machine\skype74991.exe not found.
File C:\Users\WALL_E_Machine\jqs389835.exe not found.
File C:\Users\WALL_E_Machine\iexplore547765.exe not found.
File C:\Users\WALL_E_Machine\csrss465821.exe not found.
File C:\Users\WALL_E_Machine\ctfmon430808.exe not found.
File C:\Users\WALL_E_Machine\teamviewer680284.exe not found.
File C:\Users\WALL_E_Machine\csrss390766.exe not found.
File C:\Users\WALL_E_Machine\iexplore.exe not found.
File C:\Users\WALL_E_Machine\ctfmon.exe not found.
Folder C:\ProgramData\uulcb\ not found.
Folder C:\Users\WALL_E_Machine\AppData\Local\26f3a422-fb45-4176-b216-398128ebb437ad\ not found.
File C:\Users\WALL_E_Machine\AppData\Roaming\skype.dat not found.
File C:\Windows\System32\perfh009.dat not found.
File C:\Windows\System32\perfc009.dat not found.
File C:\Users\WALL_E_Machine\AppData\Roaming\skype.ini not found.
File C:\Users\WALL_E_Machine\AppData\Local\d3d9caps.dat not found.
File C:\Users\WALL_E_Machine\notepad195278.exe not found.
File C:\Users\WALL_E_Machine\firefox460819.exe not found.
File C:\Users\WALL_E_Machine\jucheck909716.exe not found.
File C:\Users\WALL_E_Machine\jqs146643.exe not found.
File C:\Users\WALL_E_Machine\skype74991.exe not found.
File C:\Users\WALL_E_Machine\flashplayer847836.exe not found.
File C:\Users\WALL_E_Machine\msconfig741009.exe not found.
File C:\Users\WALL_E_Machine\iexplore547765.exe not found.
File C:\Users\WALL_E_Machine\jucheck349047.exe not found.
File C:\Users\WALL_E_Machine\iexplore206868.exe not found.
File C:\Users\WALL_E_Machine\acrobatreader104475.exe not found.
File C:\Users\WALL_E_Machine\flashplayer616566.exe not found.
File C:\Users\WALL_E_Machine\jqs389835.exe not found.
File C:\Users\WALL_E_Machine\windowsupdate78939.exe not found.
File C:\Users\WALL_E_Machine\jucheck124054.exe not found.
File C:\Users\WALL_E_Machine\alg823879.exe not found.
File C:\Users\WALL_E_Machine\spoolsv308296.exe not found.
File C:\Users\WALL_E_Machine\opera203257.exe not found.
File C:\Users\WALL_E_Machine\mstsc480472.exe not found.
File C:\Users\WALL_E_Machine\windowsupdate429439.exe not found.
File C:\Users\WALL_E_Machine\ctfmon430808.exe not found.
File C:\Users\WALL_E_Machine\winlogon272365.exe not found.
File C:\Users\WALL_E_Machine\mstsc41734.exe not found.
File C:\Users\WALL_E_Machine\csrss465821.exe not found.
File C:\Users\WALL_E_Machine\icq258255.exe not found.
File C:\Users\WALL_E_Machine\alg922821.exe not found.
File C:\Users\WALL_E_Machine\java14167.exe not found.
File C:\Users\WALL_E_Machine\alg454437.exe not found.
File C:\Users\WALL_E_Machine\teamviewer680284.exe not found.
File C:\Users\WALL_E_Machine\googleupdate151685.exe not found.
File C:\Users\WALL_E_Machine\alg532148.exe not found.
File C:\Users\WALL_E_Machine\icq847123.exe not found.
File C:\Users\WALL_E_Machine\csrss390766.exe not found.
File C:\Users\WALL_E_Machine\opera558248.exe not found.
File C:\Users\WALL_E_Machine\flashplayer283708.exe not found.
File C:\Users\WALL_E_Machine\csrss426490.exe not found.
File C:\Users\WALL_E_Machine\conhost.exe not found.
File C:\Users\WALL_E_Machine\winlogon.exe not found.
File C:\Users\WALL_E_Machine\ctfmon.exe not found.
File C:\Users\WALL_E_Machine\spoolsv.exe not found.
File C:\Users\WALL_E_Machine\googleupdate.exe not found.
File C:\Users\WALL_E_Machine\firefox.exe not found.
File C:\Users\WALL_E_Machine\csrss.exe not found.
File C:\Users\WALL_E_Machine\iexplore.exe not found.
File C:\Users\WALL_E_Machine\rundll32.exe not found.
File C:\Users\WALL_E_Machine\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini not found.
File C:\Users\WALL_E_Machine\acrobat460929.exe not found.
File C:\Users\WALL_E_Machine\windowsupdate698494.exe not found.
File C:\Users\WALL_E_Machine\csrss482630.exe not found.
File C:\Users\WALL_E_Machine\acrobat544243.exe not found.
File C:\Users\WALL_E_Machine\mstsc.exe not found.
File C:\Users\WALL_E_Machine\skype.exe not found.
File C:\Users\WALL_E_Machine\msconfig.exe not found.
File C:\Users\WALL_E_Machine\jucheck.exe not found.
File C:\Users\WALL_E_Machine\opera.exe not found.
File C:\Users\WALL_E_Machine\alg.exe not found.
File C:\Users\WALL_E_Machine\notepad.exe not found.
File C:\Users\WALL_E_Machine\flashplayer.exe not found.
File C:\Users\WALL_E_Machine\acrobatreader.exe not found.
File C:\Users\WALL_E_Machine\icq.exe not found.
File C:\Users\WALL_E_Machine\java.exe not found.
File C:\Users\WALL_E_Machine\vlcplayer.exe not found.
File C:\Users\WALL_E_Machine\jqs.exe not found.
File C:\Users\WALL_E_Machine\teamviewer.exe not found.
File C:\Users\WALL_E_Machine\acrobat.exe not found.
File C:\Users\WALL_E_Machine\windowsupdate.exe not found.
File C:\Users\WALL_E_Machine\chrome.exe not found.
File C:\ProgramData\iqrjmdeq.fak not found.
File C:\Users\WALL_E_Machine\notepad195278.exe not found.
File C:\Users\WALL_E_Machine\firefox460819.exe not found.
File C:\Users\WALL_E_Machine\jucheck909716.exe not found.
File C:\Users\WALL_E_Machine\jqs146643.exe not found.
File C:\Users\WALL_E_Machine\flashplayer847836.exe not found.
File C:\Users\WALL_E_Machine\msconfig741009.exe not found.
File C:\Users\WALL_E_Machine\jucheck349047.exe not found.
File C:\Users\WALL_E_Machine\iexplore206868.exe not found.
File C:\Users\WALL_E_Machine\acrobatreader104475.exe not found.
File C:\Users\WALL_E_Machine\flashplayer616566.exe not found.
File C:\Users\WALL_E_Machine\windowsupdate78939.exe not found.
File C:\Users\WALL_E_Machine\jucheck124054.exe not found.
File C:\Users\WALL_E_Machine\alg823879.exe not found.
File C:\Users\WALL_E_Machine\spoolsv308296.exe not found.
File C:\Users\WALL_E_Machine\opera203257.exe not found.
File C:\Users\WALL_E_Machine\mstsc480472.exe not found.
File C:\Users\WALL_E_Machine\windowsupdate429439.exe not found.
File C:\Users\WALL_E_Machine\winlogon272365.exe not found.
File C:\Users\WALL_E_Machine\mstsc41734.exe not found.
File C:\Users\WALL_E_Machine\icq258255.exe not found.
File C:\Users\WALL_E_Machine\alg922821.exe not found.
File C:\Users\WALL_E_Machine\java14167.exe not found.
File C:\Users\WALL_E_Machine\alg454437.exe not found.
File C:\Users\WALL_E_Machine\googleupdate151685.exe not found.
File C:\Users\WALL_E_Machine\alg532148.exe not found.
File C:\Users\WALL_E_Machine\icq847123.exe not found.
File C:\Users\WALL_E_Machine\opera558248.exe not found.
File C:\Users\WALL_E_Machine\flashplayer283708.exe not found.
File C:\Users\WALL_E_Machine\AppData\Roaming\skype.ini not found.
File C:\Users\WALL_E_Machine\csrss426490.exe not found.
File C:\Users\WALL_E_Machine\conhost.exe not found.
File C:\Users\WALL_E_Machine\winlogon.exe not found.
File C:\Users\WALL_E_Machine\spoolsv.exe not found.
File C:\Users\WALL_E_Machine\googleupdate.exe not found.
File C:\Users\WALL_E_Machine\firefox.exe not found.
File C:\Users\WALL_E_Machine\csrss.exe not found.
File C:\Users\WALL_E_Machine\rundll32.exe not found.
File C:\Users\WALL_E_Machine\acrobat460929.exe not found.
File C:\Users\WALL_E_Machine\windowsupdate698494.exe not found.
File C:\Users\WALL_E_Machine\csrss482630.exe not found.
File C:\Users\WALL_E_Machine\mstsc.exe not found.
File C:\Users\WALL_E_Machine\skype.exe not found.
File C:\Users\WALL_E_Machine\jucheck.exe not found.
File C:\Users\WALL_E_Machine\msconfig.exe not found.
File C:\Users\WALL_E_Machine\opera.exe not found.
File C:\Users\WALL_E_Machine\alg.exe not found.
File C:\Users\WALL_E_Machine\notepad.exe not found.
File C:\Users\WALL_E_Machine\flashplayer.exe not found.
File C:\Users\WALL_E_Machine\acrobatreader.exe not found.
File C:\Users\WALL_E_Machine\icq.exe not found.
File C:\Users\WALL_E_Machine\java.exe not found.
File C:\Users\WALL_E_Machine\vlcplayer.exe not found.
File C:\Users\WALL_E_Machine\jqs.exe not found.
File C:\Users\WALL_E_Machine\acrobat.exe not found.
File C:\Users\WALL_E_Machine\windowsupdate.exe not found.
File C:\Users\WALL_E_Machine\chrome.exe not found.
File C:\ProgramData\iqrjmdeq.fak not found.
File C:\Users\WALL_E_Machine\AppData\Roaming\dbu32.ocx not found.
File C:\Users\WALL_E_Machine\random.dat not found.
File C:\Users\WALL_E_Machine\jagex_cl_runescape_LIVE.dat not found.
File C:\Users\WALL_E_Machine\AppData\Local\{FADB0738-F621-45C3-A7EE-C33A9127BE25} not found.
File C:\Users\WALL_E_Machine\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini not found.
File C:\Users\WALL_E_Machine\AppData\Local\d3d9caps.dat not found.
File C:\Users\WALL_E_Machine\jagex__preferences3.dat not found.
File C:\ProgramData\ezsidmv.dat not found.
File C:\Users\WALL_E_Machine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini not found.
File C:\Users\WALL_E_Machine\jagex_runescape_preferences2.dat not found.
File C:\Users\WALL_E_Machine\AppData\Roaming\wklnhst.dat not found.
File C:\Users\WALL_E_Machine\jagex_runescape_preferences.dat not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Upstairs computer
->Temp folder emptied: 82079 bytes
->Temporary Internet Files folder emptied: 33651 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: WALL_E_Machine
->Temp folder emptied: 435192222 bytes
->Temporary Internet Files folder emptied: 126935990 bytes
->Java cache emptied: 135372643 bytes
->Google Chrome cache emptied: 267977275 bytes
->Flash cache emptied: 4509 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 177464 bytes
%systemroot%\System32 .tmp files removed: 313168 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 136095675 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 5572672 bytes

Total Files Cleaned = 1,056.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06072013_213900

Files\Folders moved on Reboot...
File\Folder C:\Users\WALL_E_Machine\AppData\Local\Temp\Temporary Internet Files\Content.IE5\PVGUOBQC\tp%253A%252F%252Fshow.frugalicious[1].net%252Fshow%252Faon%253Futm_source%253D65687978_574928_275415_114300_2684_33638%2526utm_medium%253Dcpc%2526utm_campaign%253Dfrugalicious not found!
File\Folder C:\Users\WALL_E_Machine\AppData\Local\Temp\Temporary Internet Files\Content.IE5\6QSXII1X\dref=http%253A%252F%252Fjustherhumor[1].com%252Fshow%252Faon%253Futm_source%253D65687978%2526utm_medium%253Dcpc%2526utm_campaign%253D65687978_574928_280805_114300_2684_33638 not found!
File\Folder C:\Users\WALL_E_Machine\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3M9LJELV\3D0%2526hu%253D%2526ht%253Djs%2526hp%253D0%2526fo%253D%2526url%253Dhttp%25253A%25252F%25252Fgames.bestboygames[1].com%25252Fgames%25252Fview%25252F779%25252Faon%2526refer%253D not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
M

mmaikeru

New Member
Thread author
Verified
Jun 7, 2013
17
kuttus said:
Now please reboot the computer and check how it is booting in Normal mode.....
Click to expand...

everything seems to be running as it should be, there are no signs of the virus.
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
STEP 1: Run a scan with AdwCleaner

<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>

<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Delete</>,then confirm each time with <>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
<hr/>
STEP 2: Run a scan with Junkware Removal Tool

Please download Junkware Removal Tool to your desktop from here
  • Turn off your antivirus software now to avoid potential conflicts
  • Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
  • The tool will open and start scanning your system
  • Please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
  • Post the contents of JRT.txt into your next reply


Download Malwarebytes Anti-Rootkit from here to your Desktop
  • Unzip the contents to a folder on your Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
  • After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
  • When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)


Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • When it prompts you to try their 30-day trail, click decline
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

 
Last edited by a moderator:
M

mmaikeru

New Member
Thread author
Verified
Jun 7, 2013
17
# AdwCleaner v2.303 - Logfile created 06/08/2013 at 22:55:16
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : WALL_E_Machine - UPSTAIRS
# Boot Mode : Normal
# Running from : C:\Users\WALL_E_Machine\AppData\Local\Temp\Temporary Internet Files\Content.IE5\YGP9ODYS\adwcleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Users\WALL_E_Machine\AppData\Roaming\ParetoLogic

***** [Registry] *****

Key Deleted : HKCU\Software\BFlix
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\BFlix
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C2178B36-2955-479B-818C-A2AE8E500454}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFlix

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18999

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Users\WALL_E_Machine\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Upstairs computer\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2209 octets] - [08/06/2013 22:55:16]

########## EOF - C:\AdwCleaner[S1].txt - [2269 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by WALL_E_Machine on Sat 06/08/2013 at 22:47:33.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36054807-1BD1-4CE0-A2D0-4C0E060A5C71}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}



~~~ Files

Successfully deleted: [File] "C:\Windows\tasks\driverupdate startup.job"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\Users\WALL_E_Machine\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\WALL_E_Machine\AppData\Roaming\registry mechanic"
Failed to delete: [Folder] "C:\Users\WALL_E_Machine\appdata\local\bigfix"
Failed to delete: [Folder] "C:\Users\WALL_E_Machine\Local Settings\Application Data\bigfix"
Successfully deleted: [Folder] "C:\Program Files\bigfix"
Successfully deleted: [Folder] "C:\Program Files\registry mechanic"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/08/2013 at 22:51:26.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.10.02

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.18999
WALL_E_Machine :: UPSTAIRS [administrator]

6/8/2013 11:10:00 PM
mbar-log-2013-06-08 (23-10-00).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 234934
Time elapsed: 27 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Trojan.0Access) -> Delete on reboot.
HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32 (Trojan.Zaccess) -> Delete on reboot.

Registry Values Detected: 2
HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Trojan.Zaccess) -> Data: C:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c\n. -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|shell (Hijack.Shell.Gen) -> Data: C:\Users\WALL_E_Machine\AppData\Roaming\dbu32.ocx,explorer.exe -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
c:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c (Trojan.Siredef.C) -> Delete on reboot.

Files Detected: 31
c:\Users\WALL_E_Machine\AppData\Local\Temp\29B1.tmp (Trojan.Agent.FSA52) -> Delete on reboot.
c:\Users\WALL_E_Machine\AppData\Local\Temp\2A6C.tmp (Trojan.Agent.FSA52) -> Delete on reboot.
c:\Users\WALL_E_Machine\AppData\Local\Temp\2EBE.tmp (Trojan.Agent.FSA52) -> Delete on reboot.
c:\Users\WALL_E_Machine\AppData\Local\Temp\407B.tmp (Trojan.Agent.FSA52) -> Delete on reboot.
c:\Users\WALL_E_Machine\AppData\Local\Temp\49BF.tmp (Trojan.Agent.FSA52) -> Delete on reboot.
c:\Users\WALL_E_Machine\AppData\Local\Temp\9A7B.tmp (Trojan.Agent.FSA52) -> Delete on reboot.
c:\Users\WALL_E_Machine\AppData\Local\Temp\C6A9.tmp (Trojan.Agent.FSA52) -> Delete on reboot.
c:\Users\WALL_E_Machine\AppData\Local\Temp\CE78.tmp (Trojan.Agent.FSA52) -> Delete on reboot.
c:\Users\WALL_E_Machine\AppData\Local\Temp\msimg32.dll (Rootkit.0Access.ED) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c\@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c\n (Trojan.0Access) -> Delete on reboot.
c:\Users\WALL_E_Machine\mstsc.exe (Rootkit.0Access.ED) -> Delete on reboot.
c:\Users\WALL_E_Machine\notepad.exe (Rootkit.0Access.ED) -> Delete on reboot.
c:\Users\WALL_E_Machine\teamviewer196346.exe (Rootkit.0Access.ED) -> Delete on reboot.
c:\Users\WALL_E_Machine\vlcplayer.exe (Trojan.Agent.FSA52) -> Delete on reboot.
c:\Users\WALL_E_Machine\java.exe (Rootkit.0Access.ED) -> Delete on reboot.
c:\Users\WALL_E_Machine\jucheck.exe (Rootkit.0Access.ED) -> Delete on reboot.
c:\Users\WALL_E_Machine\chrome.exe (Rootkit.0Access.ED) -> Delete on reboot.
c:\Users\WALL_E_Machine\csrss344359.exe (Rootkit.0Access.ED) -> Delete on reboot.
c:\Users\WALL_E_Machine\icq.exe (Rootkit.0Access.ED) -> Delete on reboot.
c:\Users\WALL_E_Machine\iexplore.exe (Rootkit.0Access.ED) -> Delete on reboot.
c:\Users\WALL_E_Machine\csrss.exe (Trojan.Agent) -> Delete on reboot.
c:\Users\WALL_E_Machine\ctfmon.exe (Trojan.Agent) -> Delete on reboot.
c:\Users\WALL_E_Machine\firefox.exe (Rootkit.Dropper) -> Delete on reboot.
c:\Users\WALL_E_Machine\rundll32.exe (Trojan.Dropper) -> Delete on reboot.
c:\Users\WALL_E_Machine\winlogon.exe (Trojan.Downloader) -> Delete on reboot.
c:\Users\WALL_E_Machine\spoolsv.exe (Trojan.Agent) -> Delete on reboot.
c:\Users\WALL_E_Machine\conhost.exe (Trojan.Agent) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c\U\00000001.@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c\U\80000000.@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c\U\800000cb.@ (Trojan.Siredef.C) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.08.01

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.18999
WALL_E_Machine :: UPSTAIRS [administrator]

6/8/2013 11:44:58 PM
mbam-log-2013-06-08 (23-44-58).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|H:\|I:\|J:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 376779
Time elapsed: 1 hour(s), 1 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
STEP 1 : Run a scan with Kaspersky TDSSKiller
<ol>
<li>Download Kaspersky TDSKiller from the below link.
<><a title="External link" href="http://support.kaspersky.com/downloads/utils/tdsskiller.exe" rel="external">KASPERKSY TDSSKILLER DOWNLOAD LINK</a></> <em>(This link will automatically download Kaspersky TDSSKiller on your computer)</em>
</li>
<li>Double-click on <>TDSSKiller.exe</> to run the application.
<img src="http://img4.imageshack.us/img4/1907/tdss1.png" alt="Posted Image" /></li>
<li>Click <>Change parameters</>
<img src="http://img593.imageshack.us/img593/288/tdss2.png" alt="Posted Image" /></li>
<li>Check the boxes next to <>Verify Driver Digital Signature</> and <>Detect TDLFS file system</>, then click <>OK</>
<img src="http://img521.imageshack.us/img521/1456/tdss3.png" alt="Posted Image" /></li>
<li>Click on the <>Start Scan</> button to begin the scan and wait for it to finish.
<>NOTE:</> Do not use the computer during the scan!</li>
<li>During the scan it will look similar to the image below:
<img src="http://img6.imageshack.us/img6/9136/tdss4.jpg" alt="Posted Image" /></li>
<li>When it finishes, you will either see a report that no threats were found like below:
<img src="http://img696.imageshack.us/img696/9898/tdss5.jpg" alt="Posted Image" />
If no threats are found at this point, just click the <>Report</> selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.</li>
<li>If any infection or suspected items are found, you will see a window similar to below:
<img src="http://img854.imageshack.us/img854/905/tdss7.jpg" alt="Posted Image" />
<ul>
<li>If you have files that are shown to fail <em>signature check</em> do not take any action on these. Make sure you select <>Skip</>. I will tell you what to do with these later. They may not be issues at all.</li>
<li>If <em>Suspicious objects</em> are detected, the default action will be Skip. Leave the default set to Skip.</li>
<li>If <em>Malicious objects</em> are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
Make sure that <>Cure</> is selected. <>VERY IMPORTANT!</> - If <em>Cure</em> is not available, please choose <>Skip</> instead. DO NOT choose Delete unless instructed to do so.</li>
</ul>
</li>
<li>Click <>Continue</> to apply selected actions.</li>
<li>A reboot may be required to complete disinfection. A window like the below will appear:
<img src="http://img828.imageshack.us/img828/4812/tdss6.jpg" alt="Posted Image" />
Reboot immediately if TDSSKiller states that one is needed.</li>
<li>Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like <>TDSSKiller.2.1.1_2.12.2012_14.17.04_log.txt</> which is based on the program version # and date and time run.</li>
<li>Attach this log to your next reply.</li>
</ol>
<hr />

STEP 2: Run a scan with ESET Online Scanner
<ol>
<li>Download ESET Online Scanner utility from the below link
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET ONLINE SCANNER DOWNLOAD LINK</a></> <em>(This link will automatically download ESET Online Scanner on your computer.)</em></li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />

STEP 3: Run a HitmanPro scan
<ol>
<li><>Download the latest official version of HitmanPro</>.
<a href="http://www.surfright.nl/en/hitmanpro/" rel="nofollow" target="_blank"> <>HITMANPRO DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download HitmanPro)</em></li>
<li>Start HitmanPro by <>double clicking on the previously downloaded file.</> and then following the prompts.
<img src="http://malwaretips.com/images/removalguide/hpro4.png" alt="[Image: hitmanproscan4.png]" border="0" /></li>
<li>Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click <>Next</> .
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/02/rsz_hpro5.png" alt="[Image: hitmanproscan5.png]" border="0" /></li>
<li>Click <>Activate free license</> to start the free 30 days trial and remove the malicious files.
<img src="http://malwaretips.com/images/removalguide/hpro6.png" alt="[Image: hitmanproscan6.png]" border="0" /></li>
<li>HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
</ol>
Add to your next reply, any log that HitmanPro might generate.
<hr />
 
Last edited by a moderator:
M

mmaikeru

New Member
Thread author
Verified
Jun 7, 2013
17
It didnt make a log for the hitman pro but it did detect one trojan

HitmanPro 3.7.6.201
www.hitmanpro.com

Computer name . . . . : UPSTAIRS
Windows . . . . . . . : 6.0.1.6001.X86/2
User name . . . . . . : UPSTAIRS\WALL_E_Machine
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (31 days left)

Scan date . . . . . . : 2013-06-10 00:51:34
Scan mode . . . . . . : Quick
Scan duration . . . . : 2m 48s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 0
Traces . . . . . . . : 0

Objects scanned . . . : 1,319
Files scanned . . . . : 1,319
Remnants scanned . . : 0 files / 0 keys


[/code]
C:\Users\WALL_E_Machine\acrobat.exe a variant of Win32/Kryptik.BDCV trojan cleaned by deleting - quarantined
C:\Users\WALL_E_Machine\acrobat134483.exe a variant of Win32/Kryptik.BDCV trojan cleaned by deleting - quarantined
C:\Users\WALL_E_Machine\alg.exe a variant of Win32/Kryptik.BDCV trojan cleaned by deleting - quarantined
C:\Users\WALL_E_Machine\conhost262139.exe a variant of Win32/TrojanDownloader.Delf.RWG trojan cleaned by deleting - quarantined
C:\Users\WALL_E_Machine\flashplayer.exe a variant of Win32/TrojanDownloader.Delf.RWG trojan cleaned by deleting - quarantined
C:\Users\WALL_E_Machine\flashplayer889261.exe a variant of Win32/TrojanDownloader.Delf.RWG trojan cleaned by deleting - quarantined
C:\Users\WALL_E_Machine\icq243574.exe a variant of Win32/Kryptik.BDCV trojan cleaned by deleting - quarantined
C:\Users\WALL_E_Machine\icq430254.exe a variant of Win32/TrojanDownloader.Delf.RWG trojan cleaned by deleting - quarantined
C:\Users\WALL_E_Machine\jqs.exe a variant of Win32/Kryptik.BDCV trojan cleaned by deleting - quarantined
C:\Users\WALL_E_Machine\msconfig.exe a variant of Win32/TrojanDownloader.Delf.RWG trojan cleaned by deleting - quarantined
C:\Users\WALL_E_Machine\opera.exe a variant of Win32/Kryptik.BDCV trojan cleaned by deleting - quarantined
C:\Users\WALL_E_Machine\skype.exe a variant of Win32/Kryptik.BDCV trojan cleaned by deleting - quarantined
C:\Users\WALL_E_Machine\teamviewer.exe a variant of Win32/Kryptik.BDCV trojan cleaned by deleting - quarantined
C:\Users\WALL_E_Machine\windowsupdate.exe a variant of Win32/TrojanDownloader.Delf.RWG trojan cleaned by deleting - quarantined
C:\Users\WALL_E_Machine\winlogon941639.exe a variant of Win32/Kryptik.BDCV trojan cleaned by deleting - quarantined
C:\Windows\msagent.exe a variant of Win32/Spy.Wagiclas.AC trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06072013_212743\C_Users\WALL_E_Machine\acrobat460929.exe a variant of Win32/Kryptik.BCZA trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06072013_212743\C_Users\WALL_E_Machine\acrobat544243.exe Win32/LockScreen.APR trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06072013_212743\C_Users\WALL_E_Machine\acrobatreader104475.exe a variant of Win32/Kryptik.BDCV trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06072013_212743\C_Users\WALL_E_Machine\alg532148.exe a variant of Win32/Kryptik.BDCV trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06072013_212743\C_Users\WALL_E_Machine\alg823879.exe a variant of Win32/Kryptik.BDCV trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06072013_212743\C_Users\WALL_E_Machine\alg922821.exe a variant of Win32/Kryptik.BDCV trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06072013_212743\C_Users\WALL_E_Machine\conhost.exe a variant of Win32/Kryptik.BDCV trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06072013_212743\C_Users\WALL_E_Machine\csrss390766.exe a variant of Win32/Kryptik.BDAU trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06072013_212743\C_Users\WALL_E_Machine\csrss426490.exe a variant of Win32/Kryptik.BDCV trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06072013_212743\C_Users\WALL_E_Machine\csrss465821.exe a variant of Win32/Kryptik.BDAU trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06072013_212743\C_Users\WALL_E_Machine\ctfmon.exe a variant of Win32/Kryptik.BDAU trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06072013_212743\C_Users\WALL_E_Machine\ctfmon430808.exe a variant of Win32/Kryptik.BDAU trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06072013_212743\C_Users\WALL_E_Machine\flashplayer847836.exe a variant of Win32/Kryptik.BDCV trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06072013_212743\C_Users\WALL_E_Machine\iexplore.exe a variant of Win32/Kryptik.BDAU trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06072013_212743\C_Users\WALL_E_Machine\iexplore547765.exe a variant of Win32/Kryptik.BDAU trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06072013_212743\C_Users\WALL_E_Machine\java.exe a variant of Win32/Kryptik.BCZA trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06072013_212743\C_Users\WALL_E_Machine\jqs389835.exe a variant of Win32/Kryptik.BDAU trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06072013_212743\C_Users\WALL_E_Machine\msconfig.exe a variant of Win32/Kryptik.BCZA trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06072013_212743\C_Users\WALL_E_Machine\mstsc.exe a variant of Win32/Kryptik.BCZA trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06072013_212743\C_Users\WALL_E_Machine\notepad.exe a variant of Win32/Kryptik.BCZA trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06072013_212743\C_Users\WALL_E_Machine\notepad195278.exe a variant of Win32/Kryptik.BDCV trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06072013_212743\C_Users\WALL_E_Machine\skype74991.exe a variant of Win32/Kryptik.BDAU trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06072013_212743\C_Users\WALL_E_Machine\teamviewer.exe Win32/LockScreen.APR trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06072013_212743\C_Users\WALL_E_Machine\teamviewer680284.exe a variant of Win32/Kryptik.BDAU trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06072013_212743\C_Users\WALL_E_Machine\windowsupdate429439.exe a variant of Win32/Kryptik.BDCV trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06072013_212743\C_Users\WALL_E_Machine\AppData\Local\26f3a422-fb45-4176-b216-398128ebb437ad\fafbbebbad.exe a variant of Win32/Kryptik.BCZA trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06072013_212743\C_Users\WALL_E_Machine\AppData\Roaming\dbu32.ocx a variant of Win32/Kryptik.BDEI trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\06072013_212743\C_Users\WALL_E_Machine\AppData\Roaming\skype.dat a variant of Win32/Kryptik.BDAU trojan cleaned by deleting - quarantined
Operating memory multiple threats
23:07:12.0454 2568 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:07:13.0966 2568 ============================================================
23:07:13.0966 2568 Current date / time: 2013/06/09 23:07:13.0966
23:07:13.0966 2568 SystemInfo:
23:07:13.0966 2568
23:07:13.0966 2568 OS Version: 6.0.6001 ServicePack: 1.0
23:07:13.0966 2568 Product type: Workstation
23:07:13.0966 2568 ComputerName: UPSTAIRS
23:07:13.0967 2568 UserName: WALL_E_Machine
23:07:13.0967 2568 Windows directory: C:\Windows
23:07:13.0967 2568 System windows directory: C:\Windows
23:07:13.0967 2568 Processor architecture: Intel x86
23:07:13.0967 2568 Number of processors: 2
23:07:13.0967 2568 Page size: 0x1000
23:07:13.0967 2568 Boot type: Normal boot
23:07:13.0967 2568 ============================================================
23:07:14.0571 2568 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:07:14.0588 2568 ============================================================
23:07:14.0588 2568 \Device\Harddisk0\DR0:
23:07:14.0596 2568 MBR partitions:
23:07:14.0597 2568 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x11018EB0
23:07:14.0597 2568 ============================================================
23:07:14.0622 2568 C: <-> \Device\Harddisk0\DR0\Partition1
23:07:14.0623 2568 ============================================================
23:07:14.0623 2568 Initialize success
23:07:14.0623 2568 ============================================================
23:08:11.0467 3152 ============================================================
23:08:11.0467 3152 Scan started
23:08:11.0467 3152 Mode: Manual; SigCheck; TDLFS;
23:08:11.0467 3152 ============================================================
23:08:13.0413 3152 ================ Scan system memory ========================
23:08:13.0413 3152 System memory - ok
23:08:13.0414 3152 ================ Scan services =============================
23:08:13.0684 3152 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
23:08:13.0783 3152 ACPI - ok
23:08:13.0838 3152 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:08:13.0895 3152 adp94xx - ok
23:08:13.0924 3152 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:08:13.0940 3152 adpahci - ok
23:08:13.0968 3152 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
23:08:13.0982 3152 adpu160m - ok
23:08:14.0006 3152 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:08:14.0019 3152 adpu320 - ok
23:08:14.0077 3152 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:08:14.0119 3152 AeLookupSvc - ok
23:08:14.0167 3152 [ 763E172A55177E478CB419F88FD0BA03 ] AFD C:\Windows\system32\drivers\afd.sys
23:08:14.0226 3152 AFD - ok
23:08:14.0273 3152 [ 8ED60797908FD394EEE0D6949F493224 ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
23:08:14.0297 3152 AgereModemAudio - ok
23:08:14.0399 3152 [ BAF68DCBA949633DF0C16D37AF2A2351 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
23:08:14.0521 3152 AgereSoftModem - ok
23:08:14.0581 3152 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:08:14.0593 3152 agp440 - ok
23:08:14.0633 3152 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
23:08:14.0645 3152 aic78xx - ok
23:08:14.0680 3152 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
23:08:14.0726 3152 ALG - ok
23:08:14.0751 3152 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
23:08:14.0766 3152 aliide - ok
23:08:14.0794 3152 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:08:14.0806 3152 amdagp - ok
23:08:14.0822 3152 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
23:08:14.0831 3152 amdide - ok
23:08:14.0845 3152 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
23:08:14.0889 3152 AmdK7 - ok
23:08:14.0922 3152 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:08:14.0947 3152 AmdK8 - ok
23:08:15.0020 3152 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
23:08:15.0080 3152 Appinfo - ok
23:08:15.0194 3152 [ 4B5AE15E5C73EB4DC8DBEC2788230D41 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
23:08:15.0206 3152 Apple Mobile Device - ok
23:08:15.0232 3152 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
23:08:15.0243 3152 arc - ok
23:08:15.0275 3152 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:08:15.0287 3152 arcsas - ok
23:08:15.0322 3152 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:08:15.0373 3152 AsyncMac - ok
23:08:15.0386 3152 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
23:08:15.0396 3152 atapi - ok
23:08:15.0456 3152 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:08:15.0515 3152 AudioEndpointBuilder - ok
23:08:15.0539 3152 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:08:15.0570 3152 Audiosrv - ok
23:08:15.0622 3152 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
23:08:15.0667 3152 Beep - ok
23:08:15.0728 3152 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
23:08:15.0780 3152 BFE - ok
23:08:16.0650 3152 [ F7FF24BB7714247F27B615B3A7D8B132 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20110723.001\BHDrvx86.sys
23:08:16.0765 3152 BHDrvx86 - ok
23:08:16.0839 3152 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\System32\qmgr.dll
23:08:16.0902 3152 BITS - ok
23:08:16.0955 3152 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
23:08:17.0018 3152 blbdrive - ok
23:08:17.0075 3152 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:08:17.0091 3152 Bonjour Service - ok
23:08:17.0123 3152 [ 74B442B2BE1260B7588C136177CEAC66 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:08:17.0169 3152 bowser - ok
23:08:17.0220 3152 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
23:08:17.0266 3152 BrFiltLo - ok
23:08:17.0286 3152 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
23:08:17.0333 3152 BrFiltUp - ok
23:08:17.0372 3152 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
23:08:17.0419 3152 Browser - ok
23:08:17.0465 3152 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
23:08:17.0612 3152 Brserid - ok
23:08:17.0637 3152 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
23:08:17.0694 3152 BrSerWdm - ok
23:08:17.0717 3152 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
23:08:17.0776 3152 BrUsbMdm - ok
23:08:17.0812 3152 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
23:08:17.0854 3152 BrUsbSer - ok
23:08:17.0889 3152 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:08:17.0957 3152 BTHMODEM - ok
23:08:18.0098 3152 [ 1FA1C0E73ECA849BED29A47C508F7F17 ] ccHP C:\Windows\system32\drivers\NIS\1109000.00C\ccHPx86.sys
23:08:18.0130 3152 ccHP - ok
23:08:18.0166 3152 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:08:18.0207 3152 cdfs - ok
23:08:18.0273 3152 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:08:18.0316 3152 cdrom - ok
23:08:18.0374 3152 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
23:08:18.0419 3152 CertPropSvc - ok
23:08:18.0446 3152 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
23:08:18.0491 3152 circlass - ok
23:08:18.0539 3152 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys
23:08:18.0555 3152 CLFS - ok
23:08:18.0631 3152 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:08:18.0643 3152 clr_optimization_v2.0.50727_32 - ok
23:08:18.0815 3152 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:08:18.0827 3152 clr_optimization_v4.0.30319_32 - ok
23:08:18.0865 3152 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:08:18.0874 3152 cmdide - ok
23:08:18.0906 3152 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
23:08:18.0915 3152 Compbatt - ok
23:08:18.0923 3152 COMSysApp - ok
23:08:18.0943 3152 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:08:18.0952 3152 crcdisk - ok
23:08:18.0972 3152 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
23:08:19.0013 3152 Crusoe - ok
23:08:19.0073 3152 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:08:19.0113 3152 CryptSvc - ok
23:08:19.0168 3152 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:08:19.0231 3152 DcomLaunch - ok
23:08:19.0281 3152 [ 9E635AE5E8AD93E2B5989E2E23679F97 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:08:19.0326 3152 DfsC - ok
23:08:19.0440 3152 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
23:08:19.0583 3152 DFSR - ok
23:08:19.0647 3152 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
23:08:19.0693 3152 Dhcp - ok
23:08:19.0725 3152 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
23:08:19.0736 3152 disk - ok
23:08:19.0797 3152 [ 2782A4549CC6558C52B0753126B2A833 ] DNIMp50 C:\Windows\system32\Drivers\DNIMp50.sys
23:08:19.0820 3152 DNIMp50 ( UnsignedFile.Multi.Generic ) - warning
23:08:19.0820 3152 DNIMp50 - detected UnsignedFile.Multi.Generic (1)
23:08:19.0877 3152 [ B222622709A919C91CB54A90CF7CEEFC ] DNISp50 C:\Windows\system32\Drivers\DNISp50.sys
23:08:19.0902 3152 DNISp50 ( UnsignedFile.Multi.Generic ) - warning
23:08:19.0902 3152 DNISp50 - detected UnsignedFile.Multi.Generic (1)
23:08:19.0935 3152 [ F5A0F1DA1ED8B429597E71D27D976E31 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:08:19.0995 3152 Dnscache - ok
23:08:20.0054 3152 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
23:08:20.0086 3152 dot3svc - ok
23:08:20.0130 3152 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
23:08:20.0155 3152 DPS - ok
23:08:20.0210 3152 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:08:20.0249 3152 drmkaud - ok
23:08:20.0450 3152 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:08:20.0551 3152 DXGKrnl - ok
23:08:20.0601 3152 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
23:08:20.0678 3152 E1G60 - ok
23:08:20.0722 3152 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
23:08:20.0806 3152 EapHost - ok
23:08:20.0868 3152 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
23:08:20.0880 3152 Ecache - ok
23:08:21.0101 3152 [ 8F7DBC4BE48F5388A6FE1F285E7948EF ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:08:21.0150 3152 eeCtrl - ok
23:08:21.0236 3152 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:08:21.0289 3152 ehRecvr - ok
23:08:21.0334 3152 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
23:08:21.0383 3152 ehSched - ok
23:08:21.0402 3152 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
23:08:21.0465 3152 ehstart - ok
23:08:21.0517 3152 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:08:21.0538 3152 elxstor - ok
23:08:21.0591 3152 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
23:08:21.0622 3152 EMDMgmt - ok
23:08:21.0699 3152 [ 3EE14D400E0FDD0D214275A4A20B7022 ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:08:21.0710 3152 EraserUtilRebootDrv - ok
23:08:21.0771 3152 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:08:21.0813 3152 ErrDev - ok
23:08:21.0882 3152 [ 4D06D9A26227AC485305133916888DF1 ] ETService C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
23:08:21.0905 3152 ETService ( UnsignedFile.Multi.Generic ) - warning
23:08:21.0905 3152 ETService - detected UnsignedFile.Multi.Generic (1)
23:08:21.0964 3152 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
23:08:22.0008 3152 EventSystem - ok
23:08:22.0050 3152 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
23:08:22.0095 3152 exfat - ok
23:08:22.0115 3152 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:08:22.0158 3152 fastfat - ok
23:08:22.0208 3152 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:08:22.0250 3152 fdc - ok
23:08:22.0285 3152 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
23:08:22.0334 3152 fdPHost - ok
23:08:22.0363 3152 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
23:08:22.0424 3152 FDResPub - ok
23:08:22.0459 3152 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:08:22.0468 3152 FileInfo - ok
23:08:22.0483 3152 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:08:22.0520 3152 Filetrace - ok
23:08:22.0546 3152 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:08:22.0584 3152 flpydisk - ok
23:08:22.0609 3152 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:08:22.0622 3152 FltMgr - ok
23:08:22.0671 3152 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:08:22.0680 3152 FontCache3.0.0.0 - ok
23:08:22.0722 3152 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:08:22.0768 3152 Fs_Rec - ok
23:08:22.0788 3152 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:08:22.0799 3152 gagp30kx - ok
23:08:22.0870 3152 [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
23:08:22.0883 3152 GameConsoleService - ok
23:08:22.0941 3152 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:08:22.0949 3152 GEARAspiWDM - ok
23:08:23.0030 3152 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
23:08:23.0038 3152 GoogleDesktopManager-051210-111108 - ok
23:08:23.0082 3152 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
23:08:23.0118 3152 gpsvc - ok
23:08:23.0211 3152 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1cab275bc7478ed C:\Program Files\Google\Update\GoogleUpdate.exe
23:08:23.0221 3152 gupdate1cab275bc7478ed - ok
23:08:23.0254 3152 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:08:23.0265 3152 gupdatem - ok
23:08:23.0325 3152 [ 751C1D2CA2ABF4A9F5A6B8D7D45B907C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:08:23.0339 3152 gusvc - ok
23:08:23.0401 3152 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:08:23.0466 3152 HdAudAddService - ok
23:08:23.0478 3152 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:08:23.0526 3152 HDAudBus - ok
23:08:23.0549 3152 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:08:23.0635 3152 HidBth - ok
23:08:23.0656 3152 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
23:08:23.0723 3152 HidIr - ok
23:08:23.0743 3152 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll
23:08:23.0791 3152 hidserv - ok
23:08:23.0819 3152 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:08:23.0860 3152 HidUsb - ok
23:08:23.0896 3152 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:08:23.0936 3152 hkmsvc - ok
23:08:23.0972 3152 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
23:08:23.0982 3152 HpCISSs - ok
23:08:24.0029 3152 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:08:24.0110 3152 HTTP - ok
23:08:24.0153 3152 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
23:08:24.0162 3152 i2omp - ok
23:08:24.0231 3152 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:08:24.0282 3152 i8042prt - ok
23:08:24.0308 3152 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
23:08:24.0323 3152 iaStorV - ok
23:08:24.0393 3152 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:08:24.0400 3152 IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:08:24.0400 3152 IDriverT - detected UnsignedFile.Multi.Generic (1)
23:08:24.0484 3152 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:08:24.0567 3152 idsvc - ok
23:08:24.0698 3152 [ C15FCEA5C150314489698B2571A5190D ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20110729.030\IDSvix86.sys
23:08:24.0716 3152 IDSVix86 - ok
23:08:24.0759 3152 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:08:24.0769 3152 iirsp - ok
23:08:24.0812 3152 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
23:08:24.0853 3152 IKEEXT - ok
23:08:24.0892 3152 [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15 C:\Windows\system32\drivers\int15.sys
23:08:24.0901 3152 int15 - ok
23:08:25.0000 3152 [ 38D5B498C555403EF637806937AB6639 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:08:25.0133 3152 IntcAzAudAddService - ok
23:08:25.0225 3152 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
23:08:25.0235 3152 intelide - ok
23:08:25.0259 3152 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:08:25.0306 3152 intelppm - ok
23:08:25.0339 3152 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:08:25.0385 3152 IPBusEnum - ok
23:08:25.0412 3152 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:08:25.0440 3152 IpFilterDriver - ok
23:08:25.0469 3152 [ CAD416B8A4309B5E1CE75425381E7D2F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:08:25.0497 3152 iphlpsvc - ok
23:08:25.0506 3152 IpInIp - ok
23:08:25.0534 3152 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
23:08:25.0575 3152 IPMIDRV - ok
23:08:25.0605 3152 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
23:08:25.0630 3152 IPNAT - ok
23:08:25.0676 3152 [ DC434081FBFD27C719473CB0CCE8DECA ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:08:25.0706 3152 iPod Service - ok
23:08:25.0734 3152 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:08:25.0758 3152 IRENUM - ok
23:08:25.0780 3152 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:08:25.0790 3152 isapnp - ok
23:08:25.0844 3152 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:08:25.0855 3152 iScsiPrt - ok
23:08:25.0877 3152 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
23:08:25.0886 3152 iteatapi - ok
23:08:25.0907 3152 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
23:08:25.0916 3152 iteraid - ok
23:08:25.0934 3152 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:08:25.0943 3152 kbdclass - ok
23:08:25.0956 3152 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:08:25.0995 3152 kbdhid - ok
23:08:26.0025 3152 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
23:08:26.0072 3152 KeyIso - ok
23:08:26.0102 3152 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:08:26.0152 3152 KSecDD - ok
23:08:26.0219 3152 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
23:08:26.0279 3152 KtmRm - ok
23:08:26.0344 3152 [ 05CE901A4472B3FBF9407C94AD1DB693 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:08:26.0390 3152 LanmanServer - ok
23:08:26.0437 3152 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:08:26.0487 3152 LanmanWorkstation - ok
23:08:26.0514 3152 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:08:26.0559 3152 lltdio - ok
23:08:26.0603 3152 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:08:26.0647 3152 lltdsvc - ok
23:08:26.0678 3152 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:08:26.0729 3152 lmhosts - ok
23:08:26.0764 3152 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:08:26.0778 3152 LSI_FC - ok
23:08:26.0807 3152 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:08:26.0817 3152 LSI_SAS - ok
23:08:26.0863 3152 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:08:26.0873 3152 LSI_SCSI - ok
23:08:26.0907 3152 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
23:08:26.0948 3152 luafv - ok
23:08:27.0009 3152 [ D6767D36902E4B9F9EBB2DDD3BBF1A35 ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys
23:08:27.0021 3152 mbamchameleon - ok
23:08:27.0065 3152 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
23:08:27.0081 3152 MBAMProtector - ok
23:08:27.0171 3152 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:08:27.0204 3152 MBAMScheduler - ok
23:08:27.0260 3152 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:08:27.0330 3152 MBAMService - ok
23:08:27.0388 3152 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:08:27.0420 3152 Mcx2Svc - ok
23:08:27.0472 3152 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
23:08:27.0482 3152 megasas - ok
23:08:27.0508 3152 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
23:08:27.0528 3152 MegaSR - ok
23:08:27.0560 3152 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
23:08:27.0584 3152 MMCSS - ok
23:08:27.0602 3152 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
23:08:27.0646 3152 Modem - ok
23:08:27.0688 3152 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:08:27.0713 3152 monitor - ok
23:08:27.0722 3152 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:08:27.0733 3152 mouclass - ok
23:08:27.0756 3152 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:08:27.0796 3152 mouhid - ok
23:08:27.0824 3152 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
23:08:27.0834 3152 MountMgr - ok
23:08:27.0874 3152 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
23:08:27.0900 3152 mpio - ok
23:08:27.0929 3152 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:08:27.0954 3152 mpsdrv - ok
23:08:27.0995 3152 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
23:08:28.0049 3152 MpsSvc - ok
23:08:28.0093 3152 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
23:08:28.0103 3152 Mraid35x - ok
23:08:28.0128 3152 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:08:28.0185 3152 MRxDAV - ok
23:08:28.0210 3152 [ 7AFC42E60432FD1014F5342F2B1B1F74 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:08:28.0264 3152 mrxsmb - ok
23:08:28.0294 3152 [ 8A75752AE17924F65452746674B14B78 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:08:28.0331 3152 mrxsmb10 - ok
23:08:28.0361 3152 [ F4D0F3252E651F02BE64984FFA738394 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:08:28.0395 3152 mrxsmb20 - ok
23:08:28.0435 3152 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
23:08:28.0445 3152 msahci - ok
23:08:28.0523 3152 [ 31E023681015C35EBFE1498B07813B87 ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
23:08:28.0535 3152 MSCamSvc - ok
23:08:28.0561 3152 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:08:28.0575 3152 msdsm - ok
23:08:28.0605 3152 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
23:08:28.0669 3152 MSDTC - ok
23:08:28.0694 3152 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:08:28.0744 3152 Msfs - ok
23:08:28.0797 3152 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:08:28.0806 3152 msisadrv - ok
23:08:28.0843 3152 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:08:28.0888 3152 MSiSCSI - ok
23:08:28.0895 3152 msiserver - ok
23:08:28.0933 3152 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:08:28.0984 3152 MSKSSRV - ok
23:08:29.0010 3152 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:08:29.0034 3152 MSPCLOCK - ok
23:08:29.0051 3152 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:08:29.0075 3152 MSPQM - ok
23:08:29.0106 3152 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:08:29.0119 3152 MsRPC - ok
23:08:29.0139 3152 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:08:29.0148 3152 mssmbios - ok
23:08:29.0196 3152 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:08:29.0241 3152 MSTEE - ok
23:08:29.0287 3152 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
23:08:29.0296 3152 Mup - ok
23:08:29.0325 3152 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
23:08:29.0369 3152 napagent - ok
23:08:29.0416 3152 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:08:29.0430 3152 NativeWifiP - ok
23:08:29.0502 3152 NAVENG - ok
23:08:29.0507 3152 NAVEX15 - ok
23:08:29.0552 3152 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:08:29.0571 3152 NDIS - ok
23:08:29.0596 3152 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:08:29.0639 3152 NdisTapi - ok
23:08:29.0665 3152 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:08:29.0689 3152 Ndisuio - ok
23:08:29.0728 3152 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:08:29.0755 3152 NdisWan - ok
23:08:29.0778 3152 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:08:29.0804 3152 NDProxy - ok
23:08:29.0820 3152 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:08:29.0844 3152 NetBIOS - ok
23:08:29.0858 3152 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
23:08:29.0908 3152 netbt - ok
23:08:29.0930 3152 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
23:08:29.0942 3152 Netlogon - ok
23:08:29.0971 3152 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
23:08:30.0014 3152 Netman - ok
23:08:30.0044 3152 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
23:08:30.0090 3152 netprofm - ok
23:08:30.0147 3152 [ 0DA6B9A40EEF9F3EEDE12BC634FACAB7 ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
23:08:30.0198 3152 netr28u - ok
23:08:30.0238 3152 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:08:30.0251 3152 NetTcpPortSharing - ok
23:08:30.0284 3152 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:08:30.0293 3152 nfrd960 - ok
23:08:30.0369 3152 [ B4187346F54E362DAFFE647B25A58D50 ] NIS C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
23:08:30.0381 3152 NIS - ok
23:08:30.0412 3152 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:08:30.0459 3152 NlaSvc - ok
23:08:30.0491 3152 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:08:30.0532 3152 Npfs - ok
23:08:30.0573 3152 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
23:08:30.0624 3152 nsi - ok
23:08:30.0660 3152 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:08:30.0698 3152 nsiproxy - ok
23:08:30.0747 3152 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:08:30.0829 3152 Ntfs - ok
23:08:30.0871 3152 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
23:08:30.0960 3152 ntrigdigi - ok
23:08:30.0981 3152 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
23:08:31.0031 3152 Null - ok
23:08:31.0095 3152 [ C7859D19648D45EE888666C044ECAB23 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
23:08:31.0130 3152 NVENETFD - ok
23:08:31.0350 3152 [ 135B683ACFDA5A7D2BD3A4743D02EDFA ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:08:31.0610 3152 nvlddmkm - ok
23:08:31.0648 3152 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:08:31.0659 3152 nvraid - ok
23:08:31.0676 3152 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:08:31.0685 3152 nvstor - ok
23:08:31.0722 3152 [ A1CE1A6FD74C046F029448FCFA5E386D ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
23:08:31.0731 3152 nvstor32 - ok
23:08:31.0760 3152 [ 04BEACD860CDE8ACD83C969D42796E48 ] nvsvc C:\Windows\system32\nvvsvc.exe
23:08:31.0775 3152 nvsvc - ok
23:08:31.0808 3152 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:08:31.0819 3152 nv_agp - ok
23:08:31.0827 3152 NwlnkFlt - ok
23:08:31.0835 3152 NwlnkFwd - ok
23:08:31.0908 3152 [ E54AA592A65F317390EEE386A8821692 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:08:31.0939 3152 odserv - ok
23:08:31.0988 3152 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:08:32.0032 3152 ohci1394 - ok
23:08:32.0091 3152 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:08:32.0104 3152 ose - ok
23:08:32.0171 3152 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
23:08:32.0246 3152 p2pimsvc - ok
23:08:32.0297 3152 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
23:08:32.0322 3152 p2psvc - ok
23:08:32.0377 3152 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
23:08:32.0442 3152 Parport - ok
23:08:32.0466 3152 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:08:32.0477 3152 partmgr - ok
23:08:32.0495 3152 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
23:08:32.0542 3152 Parvdm - ok
23:08:32.0569 3152 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
23:08:32.0584 3152 PcaSvc - ok
23:08:32.0626 3152 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
23:08:32.0638 3152 pci - ok
23:08:32.0685 3152 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
23:08:32.0695 3152 pciide - ok
23:08:32.0721 3152 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:08:32.0739 3152 pcmcia - ok
23:08:32.0798 3152 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:08:32.0927 3152 PEAUTH - ok
23:08:33.0001 3152 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
23:08:33.0109 3152 pla - ok
23:08:33.0148 3152 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:08:33.0198 3152 PlugPlay - ok
23:08:33.0238 3152 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
23:08:33.0261 3152 PNRPAutoReg - ok
23:08:33.0321 3152 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
23:08:33.0348 3152 PNRPsvc - ok
23:08:33.0406 3152 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:08:33.0514 3152 PolicyAgent - ok
23:08:33.0569 3152 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:08:33.0617 3152 PptpMiniport - ok
23:08:33.0641 3152 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
23:08:33.0672 3152 Processor - ok
23:08:33.0705 3152 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
23:08:33.0754 3152 ProfSvc - ok
23:08:33.0778 3152 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:08:33.0792 3152 ProtectedStorage - ok
23:08:33.0821 3152 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
23:08:33.0865 3152 PSched - ok
23:08:33.0942 3152 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:08:33.0978 3152 ql2300 - ok
23:08:34.0017 3152 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:08:34.0029 3152 ql40xx - ok
23:08:34.0067 3152 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
23:08:34.0106 3152 QWAVE - ok
23:08:34.0134 3152 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:08:34.0149 3152 QWAVEdrv - ok
23:08:34.0165 3152 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:08:34.0209 3152 RasAcd - ok
23:08:34.0239 3152 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
23:08:34.0270 3152 RasAuto - ok
23:08:34.0300 3152 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:08:34.0326 3152 Rasl2tp - ok
23:08:34.0372 3152 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll
23:08:34.0404 3152 RasMan - ok
23:08:34.0432 3152 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:08:34.0458 3152 RasPppoe - ok
23:08:34.0476 3152 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:08:34.0502 3152 RasSstp - ok
23:08:34.0532 3152 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:08:34.0560 3152 rdbss - ok
23:08:34.0568 3152 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:08:34.0608 3152 RDPCDD - ok
23:08:34.0641 3152 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
23:08:34.0672 3152 rdpdr - ok
23:08:34.0697 3152 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:08:34.0741 3152 RDPENCDD - ok
23:08:34.0773 3152 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:08:34.0816 3152 RDPWD - ok
23:08:34.0883 3152 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:08:34.0909 3152 RemoteAccess - ok
23:08:34.0933 3152 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:08:34.0960 3152 RemoteRegistry - ok
23:08:34.0977 3152 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
23:08:35.0009 3152 RpcLocator - ok
23:08:35.0036 3152 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
23:08:35.0057 3152 RpcSs - ok
23:08:35.0103 3152 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:08:35.0131 3152 rspndr - ok
23:08:35.0213 3152 [ 318F4F327190B2AEE7AAE9CAFD19BB19 ] RTL8187B C:\Windows\system32\DRIVERS\wg111v3.sys
23:08:35.0269 3152 RTL8187B - ok
23:08:35.0328 3152 [ 3E322976D9414490DF552D63A0DBE288 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
23:08:35.0347 3152 RTL8192su - ok
23:08:35.0390 3152 [ 0D60B8C10A2C5E8DD620B3FDEB1CDA64 ] RtlProt C:\Windows\system32\DRIVERS\rtlprot.sys
23:08:35.0399 3152 RtlProt - ok
23:08:35.0411 3152 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
23:08:35.0425 3152 SamSs - ok
23:08:35.0453 3152 SASDIFSV - ok
23:08:35.0461 3152 SASKUTIL - ok
23:08:35.0485 3152 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:08:35.0496 3152 sbp2port - ok
23:08:35.0530 3152 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:08:35.0575 3152 SCardSvr - ok
23:08:35.0631 3152 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
23:08:35.0723 3152 Schedule - ok
23:08:35.0766 3152 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
23:08:35.0794 3152 SCPolicySvc - ok
23:08:35.0825 3152 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:08:35.0879 3152 SDRSVC - ok
23:08:35.0933 3152 [ 90A3935D05B494A5A39D37E71F09A677 ] SecDrv C:\Windows\system32\drivers\SECDRV.SYS
23:08:35.0999 3152 SecDrv - ok
23:08:36.0028 3152 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
23:08:36.0054 3152 seclogon - ok
23:08:36.0080 3152 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
23:08:36.0107 3152 SENS - ok
23:08:36.0134 3152 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
23:08:36.0192 3152 Serenum - ok
23:08:36.0216 3152 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
23:08:36.0281 3152 Serial - ok
23:08:36.0313 3152 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:08:36.0337 3152 sermouse - ok
23:08:36.0391 3152 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
23:08:36.0417 3152 SessionEnv - ok
23:08:36.0508 3152 [ 4C99E251D89C95DCAAA26F9243747C99 ] sesvc C:\Program Files\ShadowExplorer\sesvc.exe
23:08:36.0531 3152 sesvc ( UnsignedFile.Multi.Generic ) - warning
23:08:36.0531 3152 sesvc - detected UnsignedFile.Multi.Generic (1)
23:08:36.0569 3152 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:08:36.0596 3152 sffdisk - ok
23:08:36.0614 3152 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:08:36.0660 3152 sffp_mmc - ok
23:08:36.0687 3152 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:08:36.0733 3152 sffp_sd - ok
23:08:36.0768 3152 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:08:36.0824 3152 sfloppy - ok
23:08:36.0855 3152 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:08:36.0899 3152 SharedAccess - ok
23:08:36.0940 3152 [ 27F10F348E508243F6254846F8370D0D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:08:36.0983 3152 ShellHWDetection - ok
23:08:37.0031 3152 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:08:37.0041 3152 sisagp - ok
23:08:37.0061 3152 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
23:08:37.0071 3152 SiSRaid2 - ok
23:08:37.0095 3152 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:08:37.0105 3152 SiSRaid4 - ok
23:08:37.0188 3152 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
23:08:37.0498 3152 slsvc - ok
23:08:37.0526 3152 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
23:08:37.0584 3152 SLUINotify - ok
23:08:37.0612 3152 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:08:37.0643 3152 Smb - ok
23:08:37.0663 3152 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:08:37.0677 3152 SNMPTRAP - ok
23:08:37.0701 3152 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
23:08:37.0709 3152 spldr - ok
23:08:37.0739 3152 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
23:08:37.0783 3152 Spooler - ok
23:08:37.0849 3152 [ EC5C3C6260F4019B03DFAA03EC8CBF6A ] SRTSP C:\Windows\System32\Drivers\NIS\1109000.00C\SRTSP.SYS
23:08:37.0865 3152 SRTSP - ok
23:08:37.0906 3152 [ 55D5C37ED41231E3AC2063D16DF50840 ] SRTSPX C:\Windows\system32\drivers\NIS\1109000.00C\SRTSPX.SYS
23:08:37.0914 3152 SRTSPX - ok
23:08:37.0947 3152 [ 9A0163E7FBE59DA0591BB1AD77D92E63 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:08:37.0999 3152 srv - ok
23:08:38.0020 3152 [ C7DA26D2C7D480B1DD38CA19CC90B821 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:08:38.0051 3152 srv2 - ok
23:08:38.0084 3152 [ F9C65E1E00A6BBF7C57D9B8EA068C525 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:08:38.0136 3152 srvnet - ok
23:08:38.0162 3152 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:08:38.0204 3152 SSDPSRV - ok
23:08:38.0229 3152 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:08:38.0258 3152 SstpSvc - ok
23:08:38.0320 3152 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
23:08:38.0361 3152 stisvc - ok
23:08:38.0438 3152 [ C86A229BB5CB5DC47498B2C530A9458E ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys
23:08:38.0449 3152 SWDUMon - ok
23:08:38.0486 3152 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:08:38.0495 3152 swenum - ok
23:08:38.0544 3152 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
23:08:38.0593 3152 swprv - ok
23:08:38.0667 3152 [ 267C914667C94E5F47D342311C1C577F ] Symantec RemoteAssist C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
23:08:38.0733 3152 Symantec RemoteAssist - ok
23:08:38.0756 3152 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
23:08:38.0766 3152 Symc8xx - ok
23:08:38.0813 3152 [ 56890BF9D9204B93042089D4B45AE671 ] SymDS C:\Windows\system32\drivers\NIS\1109000.00C\SYMDS.SYS
23:08:38.0851 3152 SymDS - ok
23:08:38.0898 3152 [ 10BA64273FEFF4DF0A7CCB0FF3B9B26B ] SymEFA C:\Windows\system32\drivers\NIS\1109000.00C\SYMEFA.SYS
23:08:38.0910 3152 SymEFA - ok
23:08:38.0963 3152 [ 961B48B86F94D4CC8CEB483F8AA89374 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
23:08:38.0975 3152 SymEvent - ok
23:08:39.0013 3152 [ DC80FBF0A348E54853EF82EED4E11E35 ] SymIRON C:\Windows\system32\drivers\NIS\1109000.00C\Ironx86.SYS
23:08:39.0025 3152 SymIRON - ok
23:08:39.0073 3152 [ B501D61792D8355EAE7EB4F7449A9D99 ] SYMTDIv C:\Windows\System32\Drivers\NIS\1109000.00C\SYMTDIV.SYS
23:08:39.0111 3152 SYMTDIv - ok
23:08:39.0158 3152 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
23:08:39.0168 3152 Sym_hi - ok
23:08:39.0186 3152 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
23:08:39.0196 3152 Sym_u3 - ok
23:08:39.0237 3152 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
23:08:39.0287 3152 SysMain - ok
23:08:39.0318 3152 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:08:39.0354 3152 TabletInputService - ok
23:08:39.0381 3152 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
23:08:39.0424 3152 TapiSrv - ok
23:08:39.0452 3152 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
23:08:39.0479 3152 TBS - ok
23:08:39.0537 3152 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:08:39.0574 3152 Tcpip - ok
23:08:39.0628 3152 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
23:08:39.0656 3152 Tcpip6 - ok
23:08:39.0683 3152 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:08:39.0728 3152 tcpipreg - ok
23:08:39.0749 3152 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:08:39.0790 3152 TDPIPE - ok
23:08:39.0814 3152 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:08:39.0839 3152 TDTCP - ok
23:08:39.0846 3152 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:08:39.0891 3152 tdx - ok
23:08:39.0917 3152 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:08:39.0927 3152 TermDD - ok
23:08:39.0960 3152 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
23:08:39.0998 3152 TermService - ok
23:08:40.0023 3152 [ 27F10F348E508243F6254846F8370D0D ] Themes C:\Windows\system32\shsvcs.dll
23:08:40.0051 3152 Themes - ok
23:08:40.0059 3152 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
23:08:40.0086 3152 THREADORDER - ok
23:08:40.0105 3152 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
23:08:40.0152 3152 TrkWks - ok
23:08:40.0198 3152 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:08:40.0223 3152 TrustedInstaller - ok
23:08:40.0246 3152 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:08:40.0290 3152 tssecsrv - ok
23:08:40.0319 3152 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
23:08:40.0343 3152 tunmp - ok
23:08:40.0361 3152 [ 119B8184E106BAEDC83FCE5DDF3950DA ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:08:40.0405 3152 tunnel - ok
23:08:40.0429 3152 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:08:40.0440 3152 uagp35 - ok
23:08:40.0465 3152 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:08:40.0498 3152 udfs - ok
23:08:40.0535 3152 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:08:40.0561 3152 UI0Detect - ok
23:08:40.0599 3152 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:08:40.0609 3152 uliagpkx - ok
23:08:40.0629 3152 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
23:08:40.0644 3152 uliahci - ok
23:08:40.0660 3152 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
23:08:40.0672 3152 UlSata - ok
23:08:40.0688 3152 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
23:08:40.0701 3152 ulsata2 - ok
23:08:40.0721 3152 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:08:40.0763 3152 umbus - ok
23:08:40.0809 3152 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
23:08:40.0860 3152 upnphost - ok
23:08:40.0911 3152 [ 1DF89C499BF45D878B87EBD4421D462D ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
23:08:40.0947 3152 USBAAPL - ok
23:08:40.0979 3152 [ 292A25BB75A568AE2C67169BA2C6365A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:08:41.0007 3152 usbaudio - ok
23:08:41.0037 3152 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:08:41.0079 3152 usbccgp - ok
23:08:41.0110 3152 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:08:41.0159 3152 usbcir - ok
23:08:41.0197 3152 [ CEBE90821810E76320155BEBA722FCF9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:08:41.0243 3152 usbehci - ok
23:08:41.0273 3152 [ CC6B28E4CE39951357963119CE47B143 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:08:41.0302 3152 usbhub - ok
23:08:41.0321 3152 [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:08:41.0364 3152 usbohci - ok
23:08:41.0402 3152 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:08:41.0427 3152 usbprint - ok
23:08:41.0450 3152 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:08:41.0490 3152 USBSTOR - ok
23:08:41.0512 3152 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:08:41.0555 3152 usbuhci - ok
23:08:41.0591 3152 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
23:08:41.0634 3152 UxSms - ok
23:08:41.0838 3152 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
23:08:41.0895 3152 vds - ok
23:08:41.0953 3152 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:08:42.0001 3152 vga - ok
23:08:42.0028 3152 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
23:08:42.0071 3152 VgaSave - ok
23:08:42.0108 3152 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:08:42.0143 3152 viaagp - ok
23:08:42.0237 3152 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
23:08:42.0301 3152 ViaC7 - ok
23:08:42.0324 3152 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
23:08:42.0334 3152 viaide - ok
23:08:42.0356 3152 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:08:42.0383 3152 volmgr - ok
23:08:42.0519 3152 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:08:42.0571 3152 volmgrx - ok
23:08:42.0605 3152 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:08:42.0637 3152 volsnap - ok
23:08:42.0661 3152 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:08:42.0689 3152 vsmraid - ok
23:08:42.0746 3152 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
23:08:42.0796 3152 VSS - ok
23:08:42.0900 3152 [ CA8E534392BC862B4F882718A4493C4B ] VX6000 C:\Windows\system32\DRIVERS\VX6000Xp.sys
23:08:43.0087 3152 VX6000 - ok
23:08:43.0111 3152 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
23:08:43.0157 3152 W32Time - ok
23:08:43.0193 3152 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:08:43.0255 3152 WacomPen - ok
23:08:43.0280 3152 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
23:08:43.0305 3152 Wanarp - ok
23:08:43.0314 3152 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:08:43.0340 3152 Wanarpv6 - ok
23:08:43.0378 3152 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:08:43.0422 3152 wcncsvc - ok
23:08:43.0443 3152 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:08:43.0468 3152 WcsPlugInService - ok
23:08:43.0508 3152 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
23:08:43.0517 3152 Wd - ok
23:08:43.0547 3152 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:08:43.0598 3152 Wdf01000 - ok
23:08:43.0632 3152 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:08:43.0659 3152 WdiServiceHost - ok
23:08:43.0712 3152 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:08:43.0740 3152 WdiSystemHost - ok
23:08:43.0757 3152 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
23:08:43.0813 3152 WebClient - ok
23:08:43.0837 3152 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:08:43.0881 3152 Wecsvc - ok
23:08:43.0938 3152 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:08:43.0995 3152 wercplsupport - ok
23:08:44.0024 3152 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
23:08:44.0055 3152 WerSvc - ok
23:08:44.0102 3152 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:08:44.0118 3152 WinDefend - ok
23:08:44.0127 3152 WinHttpAutoProxySvc - ok
23:08:44.0182 3152 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:08:44.0231 3152 Winmgmt - ok
23:08:44.0282 3152 [ 20FC93FDC916843CFDFCAA7A1B0DB16F ] WinRM C:\Windows\system32\WsmSvc.dll
23:08:44.0343 3152 WinRM - ok
23:08:44.0388 3152 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:08:44.0449 3152 Wlansvc - ok
23:08:44.0503 3152 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:08:44.0529 3152 WmiAcpi - ok
23:08:44.0561 3152 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:08:44.0613 3152 wmiApSrv - ok
23:08:44.0704 3152 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:08:44.0751 3152 WMPNetworkSvc - ok
23:08:44.0806 3152 [ 5D94
 
M

mmaikeru

New Member
Thread author
Verified
Jun 7, 2013
17
everything is working great, though it gives me a message every time i boot up that a certain program cant run and that my recycling bin has been currupted, besides that everything is great.
 

Similar threads

J
    • Like
  • Locked
I have gotten malware in my computer with chrome extension
Replies
2
Views
355
Windows Malware Removal Help & Support
nasdaq
nasdaq
ihaveavirus
  • Locked
help with remove virus extension on chorme
Replies
1
Views
370
Windows Malware Removal Help & Support
nasdaq
nasdaq
D
  • Locked
Need Help Removing Malware Chrome Extension "QuantumNeonious" which is unremovable
Replies
1
Views
385
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top