Open Cloud Security virus

View previous topic View next topic Go down

Open Cloud Security virus

Post by mh on Sun 02 Oct 2011, 12:12 pm

Hi,

I seem to have contracted the Open Cloud Security virus. The virus keeps popping up asking to upgrade to their software and indicating several viruses on my laptop. I noticed I'm having problems using several applications (notepad, Firefox, Java, Flash player, sending things via the Internet, just about anything) and I think this virus may be the cause. I also catch the virus shutting down/restarting my laptop at certain times as well. It seems my laptop is in bad shape. I have to send this message via my other working laptop as I cannot do so on the infected one.

Below are the results from my OTL.txt file:

OTL logfile created on: 10/1/2011 6:56:48 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Allen_2\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 67.87% Memory free
5.49 Gb Paging File | 4.49 Gb Available in Paging File | 81.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.71 Gb Total Space | 229.99 Gb Free Space | 79.66% Space Free | Partition Type: NTFS

Computer Name: ALLEN-PC | User Name: Allen_2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/01 18:55:25 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Allen_2\Downloads\OTL(2).com
PRC - [2011/09/28 22:47:46 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/15 23:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/30 19:43:44 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/29 00:03:01 | 000,136,360 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/04 14:36:51 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/17 18:37:18 | 000,111,960 | -H-- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/09/17 18:36:58 | 001,021,272 | -H-- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/08/21 11:29:40 | 000,464,224 | -H-- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/08/21 11:29:20 | 000,476,512 | -H-- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/08/17 12:48:46 | 001,294,136 | -H-- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009/08/17 12:48:42 | 000,051,512 | -H-- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/08/11 18:09:54 | 000,185,712 | -H-- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2009/08/11 18:09:38 | 001,324,384 | -H-- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TEco.exe
PRC - [2009/08/10 21:55:46 | 000,185,712 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/08/06 19:05:18 | 000,583,024 | -H-- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
PRC - [2009/08/06 19:04:56 | 000,685,424 | -H-- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
PRC - [2009/08/05 16:04:54 | 000,738,616 | -H-- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009/07/30 01:54:38 | 000,348,160 | -H-- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/30 01:54:10 | 000,176,128 | -H-- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/28 22:26:42 | 000,062,848 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/28 17:43:04 | 000,128,344 | -H-- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/28 16:00:10 | 000,460,088 | -H-- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2009/07/13 17:24:00 | 000,304,496 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/03/10 20:51:20 | 000,046,448 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/28 22:47:46 | 001,015,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/09/21 19:56:45 | 000,044,544 | -H-- | M] () -- C:\Windows\System32\certator.dll
MOD - [2011/09/21 19:10:18 | 000,212,992 | -H-- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\45e8faf9163d342297c46813373d8f74\System.ServiceProcess.ni.dll
MOD - [2011/09/21 19:08:42 | 012,431,360 | -H-- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll
MOD - [2011/09/21 19:08:14 | 001,586,688 | -H-- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll
MOD - [2011/09/18 20:51:26 | 005,452,800 | -H-- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll
MOD - [2011/09/18 20:51:10 | 000,971,264 | -H-- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll
MOD - [2011/09/18 20:47:51 | 007,949,312 | -H-- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll
MOD - [2011/09/18 20:43:07 | 011,490,304 | -H-- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
MOD - [2009/11/03 18:51:42 | 000,067,872 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/11/03 18:51:26 | 000,039,712 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MOD - [2009/09/25 16:38:47 | 008,007,680 | -H-- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2009/09/17 18:36:34 | 000,079,192 | -H-- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
MOD - [2009/07/25 13:07:12 | 000,058,704 | -H-- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2009/07/16 17:27:48 | 000,052,536 | -H-- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
MOD - [2009/07/16 17:27:44 | 007,263,544 | -H-- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2009/06/22 17:38:40 | 000,015,160 | -H-- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2009/03/12 21:08:04 | 000,049,152 | -H-- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/30 19:43:44 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/29 00:03:01 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/04/25 17:22:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/09/17 18:37:18 | 000,111,960 | -H-- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/08/21 11:29:40 | 000,464,224 | -H-- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/17 12:48:42 | 000,051,512 | -H-- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/11 18:09:54 | 000,185,712 | -H-- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009/08/10 21:55:46 | 000,185,712 | -H-- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/06 19:04:56 | 000,685,424 | -H-- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009/07/30 01:54:10 | 000,176,128 | -H-- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/28 17:43:04 | 000,128,344 | -H-- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/22 13:02:20 | 000,250,616 | -H-- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/10 20:51:20 | 000,046,448 | -H-- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV - [2011/06/30 19:43:45 | 000,138,192 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/30 19:43:45 | 000,066,616 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/22 09:25:22 | 000,046,184 | -H-- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Free Ride Games\X6XSEx.sys -- (X6XSEx)
DRV - [2010/06/17 14:27:22 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/08/13 10:18:22 | 000,372,736 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV - [2009/07/30 19:45:56 | 000,022,912 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/30 14:06:30 | 004,994,560 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/24 17:57:06 | 000,275,536 | -H-- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/14 17:28:42 | 000,023,512 | -H-- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 17:13:48 | 001,035,776 | -H-- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 17:02:46 | 001,096,704 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/07 10:53:06 | 000,007,680 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009/06/24 20:23:12 | 000,159,776 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/06/19 21:31:08 | 000,012,920 | -H-- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009/05/05 02:30:28 | 000,014,392 | -H-- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://ny.stgloballink.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/28 22:47:47 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/28 22:47:47 | 000,000,000 | -H-D | M]

[2009/11/27 20:32:03 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Allen\AppData\Roaming\Mozilla\Extensions
[2010/07/18 15:14:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Allen_2\AppData\Roaming\mozilla\Firefox\Profiles\iv0wjsem.default\extensions
[2011/03/28 16:09:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

Hosts file not found
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.5.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (adfabonppr Object) - {26D02F99-AE5B-4533-AD67-E23B4B20D60D} - C:\Windows\$BLSTUN$\qgnnv.dll ()
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Fast Search) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (brumabonpgrm Object) - {795F4311-02C9-4B7B-A9BB-78D4FE68A98D} - C:\Windows\$BLSTUN$\lmatn.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [g000ucci3onGm6W8234A] C:\Windows\System32\d777f99gTZqjCwI.exe ()
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [OpenCloud Security] C:\Windows\System32\config\systemprofile\AppData\Roaming\OpenCloud Security\OpenCloud Security.exe ()
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TgRZ9hYXwUeItPy8234A] C:\Windows\System32\dycA1ivD2n4m5Q7.exe ()
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [MyTOSHIBA] C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe (TOSHIBA)
O4 - HKCU..\Run: [Update] C:\Windows\Temp\Update\Updateupdt32.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13540518-AB71-457B-8AD1-135CF4A3C2F9}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: djoil386 - (C:\windows\system32\certator.dll) -C:\Windows\System32\certator.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe /SETUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{51FEF565-94BA-4DB8-860A-770BB9D26FD6} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/01 18:49:30 | 000,000,000 | ---D | C] -- C:\Users\Allen_2\AppData\Roaming\b3m7TwB0iFsLhV
[2011/10/01 18:49:29 | 000,000,000 | ---D | C] -- C:\Users\Allen_2\AppData\Roaming\e7LThwVOxyvoFHW
[2011/10/01 18:49:28 | 000,000,000 | ---D | C] -- C:\Users\Allen_2\AppData\Roaming\yjeVNAuiGKgYkrt
[2011/10/01 18:36:03 | 000,000,000 | ---D | C] -- C:\Users\Allen_2\AppData\Roaming\fi3n4HsJLT
[2011/10/01 18:36:01 | 000,000,000 | ---D | C] -- C:\Users\Allen_2\AppData\Roaming\TNx0v2FpGadf
[2011/10/01 18:36:01 | 000,000,000 | ---D | C] -- C:\Users\Allen_2\AppData\Roaming\SyuoFm5J8R9TqUk
[2011/09/30 20:35:09 | 000,000,000 | ---D | C] -- C:\Users\Allen_2\AppData\Roaming\YcS1ibD3oGaHsJf
[2011/09/30 20:35:09 | 000,000,000 | ---D | C] -- C:\Users\Allen_2\AppData\Roaming\juc1ibDoGsJfLgZ
[2011/09/30 20:35:09 | 000,000,000 | ---D | C] -- C:\Users\Allen_2\AppData\Roaming\eL8gTZqhYwUrOt
[2011/09/30 18:33:01 | 000,000,000 | ---D | C] -- C:\Users\Allen_2\AppData\Roaming\ctxPcS1ib3n4m6W
[2011/09/30 18:32:59 | 000,000,000 | ---D | C] -- C:\Users\Allen_2\AppData\Roaming\ZS2obF3pGJWf9Tj
[2011/09/30 18:32:59 | 000,000,000 | ---D | C] -- C:\Users\Allen_2\AppData\Roaming\myxu2bp5HdKfL
[2011/09/30 17:29:54 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\KeyboardOnlineService.dll
[2011/09/30 16:30:37 | 000,000,000 | ---D | C] -- C:\Users\Allen_2\AppData\Roaming\yrzNyxAvSoFmaJd
[2011/09/30 16:30:37 | 000,000,000 | ---D | C] -- C:\Users\Allen_2\AppData\Roaming\O8fRL9hXqC
[2011/09/30 16:30:37 | 000,000,000 | ---D | C] -- C:\Users\Allen_2\AppData\Roaming\iJ6fL9hTUeINAuS
[2011/09/30 16:21:55 | 000,000,000 | ---D | C] -- C:\Users\Allen_2\AppData\Roaming\fCkrNtxcSiDpG
[2011/09/30 16:21:54 | 000,000,000 | ---D | C] -- C:\Users\Allen_2\AppData\Roaming\EByvbaW9jIyvF5d
[2011/09/30 16:21:53 | 000,000,000 | ---D | C] -- C:\Users\Allen_2\AppData\Roaming\QJERhwVltNAvoQR
[2011/09/28 22:42:18 | 000,000,000 | ---D | C] -- C:\Users\Allen_2\AppData\Roaming\uVelIBtzPyAuDoF
[2011/09/28 22:42:15 | 000,000,000 | ---D | C] -- C:\Users\Allen_2\AppData\Roaming\SzNAuipGQs7LXYk
[2011/09/28 22:42:15 | 000,000,000 | ---D | C] -- C:\Users\Allen_2\AppData\Roaming\mrNAi3n5WLTqC
[2011/09/28 21:43:54 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2011/09/28 21:43:54 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2011/09/28 21:43:54 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2011/09/28 21:43:54 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011/09/28 21:43:54 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2011/09/28 21:43:54 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2011/09/28 21:43:53 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2011/09/28 21:43:53 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2011/09/28 21:43:53 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2011/09/28 21:43:53 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2011/09/28 21:43:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011/09/28 21:43:53 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieakeng.dll
[2011/09/28 21:43:53 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2011/09/28 21:43:53 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2011/09/28 21:43:53 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2011/09/28 21:43:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2011/09/28 21:43:52 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2011/09/28 21:43:52 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2011/09/28 21:43:52 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2011/09/28 21:43:52 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2011/09/28 21:43:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2011/09/28 21:43:52 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2011/09/28 21:43:52 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2011/09/28 21:43:52 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2011/09/28 21:43:52 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2011/09/28 21:43:52 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2011/09/28 21:43:52 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2011/09/28 21:43:52 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2011/09/28 21:43:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011/09/28 21:43:51 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2011/09/28 21:43:51 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieaksie.dll
[2011/09/28 21:43:51 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieakui.dll
[2011/09/28 21:43:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2011/09/28 21:43:51 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2011/09/28 21:43:51 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\admparse.dll
[2011/09/28 21:43:51 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2011/09/28 21:43:51 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2011/09/28 21:40:20 | 000,457,216 | -H-- | C] (NetPlay Software) -- C:\ProgramData\DIUULhYTmDbYe.exe
[2011/09/25 20:30:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Free Ride Games
[2011/09/25 20:30:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Babylon
[2011/09/25 20:30:33 | 000,000,000 | -H-D | C] -- C:\Program Files\Free Ride Games
[2011/09/25 20:30:31 | 000,000,000 | -H-D | C] -- C:\Remote Programs
[2011/09/25 20:23:41 | 000,000,000 | -H-D | C] -- C:\Program Files\Surf Canyon
[2011/09/25 20:23:40 | 000,000,000 | -H-D | C] -- C:\Program Files\PriceGong
[2011/09/25 20:23:08 | 000,000,000 | -H-D | C] -- C:\windows\$BLSTUN$
[2011/09/22 16:11:15 | 000,000,000 | -H-D | C] -- C:\OpenCloud Security
[2011/09/13 21:02:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/09/13 16:28:54 | 000,000,000 | -H-D | C] -- C:\windows\Sun
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/01 18:55:19 | 000,015,568 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/01 18:55:19 | 000,015,568 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/01 18:47:37 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/10/01 18:47:18 | 2211,577,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/30 20:49:24 | 001,451,228 | ---- | M] () -- C:\windows\System32\0.3576493246204342.exe
[2011/09/30 17:29:50 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\KeyboardOnlineService.dll
[2011/09/28 22:45:25 | 000,001,807 | ---- | M] () -- C:\Users\Allen_2\AppData\Roaming\ldr.ini
[2011/09/28 22:41:58 | 000,001,418 | -H-- | M] () -- C:\Users\Allen_2\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/28 22:24:21 | 002,423,808 | ---- | M] () -- C:\windows\System32\d777f99gTZqjCwI.exe
[2011/09/28 22:08:25 | 002,423,808 | ---- | M] () -- C:\windows\System32\dycA1ivD2n4m5Q7.exe
[2011/09/28 21:43:54 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2011/09/28 21:43:54 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2011/09/28 21:43:54 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2011/09/28 21:43:54 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011/09/28 21:43:54 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2011/09/28 21:43:54 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2011/09/28 21:43:53 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2011/09/28 21:43:53 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2011/09/28 21:43:53 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2011/09/28 21:43:53 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2011/09/28 21:43:53 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011/09/28 21:43:53 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieakeng.dll
[2011/09/28 21:43:53 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2011/09/28 21:43:53 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2011/09/28 21:43:53 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2011/09/28 21:43:53 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2011/09/28 21:43:52 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2011/09/28 21:43:52 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2011/09/28 21:43:52 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2011/09/28 21:43:52 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2011/09/28 21:43:52 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2011/09/28 21:43:52 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2011/09/28 21:43:52 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2011/09/28 21:43:52 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2011/09/28 21:43:52 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2011/09/28 21:43:52 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2011/09/28 21:43:52 | 000,072,822 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2011/09/28 21:43:52 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2011/09/28 21:43:52 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2011/09/28 21:43:51 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011/09/28 21:43:51 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2011/09/28 21:43:51 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieaksie.dll
[2011/09/28 21:43:51 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieakui.dll
[2011/09/28 21:43:51 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2011/09/28 21:43:51 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2011/09/28 21:43:51 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\admparse.dll
[2011/09/28 21:43:51 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2011/09/28 21:43:51 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2011/09/28 21:39:55 | 000,457,216 | -H-- | M] (NetPlay Software) -- C:\ProgramData\DIUULhYTmDbYe.exe
[2011/09/25 20:22:07 | 000,469,504 | -H-- | M] () -- C:\ProgramData\sTXAvEECylDC.exe
[2011/09/23 20:31:55 | 002,461,696 | -H-- | M] () -- C:\ProgramData\UjhQbNTJwO.exe
[2011/09/21 19:56:45 | 000,044,544 | -H-- | M] () -- C:\windows\System32\certator.dll
[2011/09/19 21:38:37 | 000,258,048 | -H-- | M] () -- C:\windows\System32\0.1714100417754122.exe
[2011/09/18 18:15:30 | 000,116,191 | -H-- | M] () -- C:\windows\System32\0.0859337043550733.exe
[2011/09/15 00:51:09 | 000,457,728 | -H-- | M] () -- C:\ProgramData\JjMfxedeVWWSOPA.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/30 20:47:35 | 001,451,228 | ---- | C] () -- C:\windows\System32\0.3576493246204342.exe
[2011/09/28 22:42:16 | 000,001,807 | ---- | C] () -- C:\Users\Allen_2\AppData\Roaming\ldr.ini
[2011/09/28 22:24:21 | 002,423,808 | ---- | C] () -- C:\windows\System32\d777f99gTZqjCwI.exe
[2011/09/28 22:08:25 | 002,423,808 | ---- | C] () -- C:\windows\System32\dycA1ivD2n4m5Q7.exe
[2011/09/28 21:43:52 | 000,072,822 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2011/09/25 20:30:36 | 000,053,314 | -H-- | C] () -- C:\windows\ExentInfo.exe
[2011/09/25 20:22:44 | 000,469,504 | -H-- | C] () -- C:\ProgramData\sTXAvEECylDC.exe
[2011/09/23 20:32:14 | 002,461,696 | -H-- | C] () -- C:\ProgramData\UjhQbNTJwO.exe
[2011/09/21 19:56:45 | 000,044,544 | -H-- | C] () -- C:\windows\System32\certator.dll
[2011/09/19 21:38:34 | 000,258,048 | -H-- | C] () -- C:\windows\System32\0.1714100417754122.exe
[2011/09/19 21:11:37 | 000,475,136 | -H-- | C] () -- C:\ProgramData\avbhhfRgwD.exe
[2011/09/18 17:54:50 | 000,116,191 | -H-- | C] () -- C:\windows\System32\0.0859337043550733.exe
[2011/09/15 00:51:34 | 000,457,728 | -H-- | C] () -- C:\ProgramData\JjMfxedeVWWSOPA.exe
[2011/09/13 16:30:00 | 000,471,040 | -H-- | C] () -- C:\ProgramData\ixgPHgbBMPf.exe
[2010/01/22 13:11:10 | 000,002,528 | -H-- | C] () -- C:\windows\FCIC.INI
[2009/12/10 12:24:41 | 000,035,473 | -H-- | C] () -- C:\windows\scunin.dat
[2009/11/27 19:02:32 | 000,000,013 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys
[2009/09/25 18:03:14 | 000,000,000 | -H-- | C] () -- C:\windows\NDSTray.INI
[2009/09/25 17:02:33 | 000,073,728 | -H-- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/09/25 17:01:17 | 000,000,520 | -H-- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2009/09/25 17:01:17 | 000,000,176 | -H-- | C] () -- C:\windows\System32\drivers\RTHDAEQ0.dat
[2009/09/25 16:52:38 | 000,197,654 | -H-- | C] () -- C:\windows\System32\atiicdxx.dat
[2009/09/02 00:22:18 | 000,000,000 | -H-- | C] () -- C:\windows\ativpsrm.bin
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 23:33:53 | 000,340,792 | -H-- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,624,178 | -H-- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | -H-- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,522 | -H-- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | -H-- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | -H-- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | -H-- | C] () -- C:\windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/09/28 22:47:46 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/09/28 22:47:46 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/09/28 22:47:46 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/09/28 22:47:47 | 000,246,744 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2011/09/19 21:38:37 | 000,258,048 | -H-- | M] () Unable to obtain MD5 -- C:\windows\system32\0.1714100417754122.exe

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2009/09/02 00:33:39 | 000,000,000 | -H-D | M] -- C:\Program Files\Adobe
[2011/09/13 21:37:21 | 000,000,000 | -H-D | M] -- C:\Program Files\AIM
[2011/09/13 21:37:21 | 000,000,000 | -H-D | M] -- C:\Program Files\Apple Software Update
[2009/09/25 16:52:41 | 000,000,000 | -H-D | M] -- C:\Program Files\ATI
[2009/09/25 16:53:47 | 000,000,000 | -H-D | M] -- C:\Program Files\ATI Technologies
[2011/03/27 21:46:49 | 000,000,000 | -H-D | M] -- C:\Program Files\Avira
[2009/11/28 03:19:44 | 000,000,000 | -H-D | M] -- C:\Program Files\Bonjour
[2011/09/13 21:37:17 | 000,000,000 | -H-D | M] -- C:\Program Files\Common Files
[2009/09/02 00:32:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Corel
[2009/07/14 02:49:36 | 000,000,000 | -H-D | M] -- C:\Program Files\DVD Maker
[2011/09/13 21:37:14 | 000,000,000 | -H-D | M] -- C:\Program Files\FirstClass
[2011/09/25 20:30:40 | 000,000,000 | -H-D | M] -- C:\Program Files\Free Ride Games
[2011/09/25 20:30:31 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/09/28 22:39:40 | 000,000,000 | -H-D | M] -- C:\Program Files\Internet Explorer
[2009/09/02 00:37:51 | 000,000,000 | -H-D | M] -- C:\Program Files\Intuit
[2009/11/28 03:20:55 | 000,000,000 | -H-D | M] -- C:\Program Files\iPod
[2011/09/13 21:37:12 | 000,000,000 | -H-D | M] -- C:\Program Files\iTunes
[2009/09/02 00:29:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Java
[2011/09/13 21:36:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft
[2011/09/13 21:37:11 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Games
[2009/09/25 16:38:44 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Office
[2011/09/13 21:37:10 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Office Suite Activation Assistant
[2011/09/13 21:36:59 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Silverlight
[2009/09/02 00:45:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/09/13 21:36:59 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Works
[2011/09/13 21:36:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft.NET
[2011/09/28 22:47:48 | 000,000,000 | -H-D | M] -- C:\Program Files\Mozilla Firefox
[2009/07/13 23:52:30 | 000,000,000 | -H-D | M] -- C:\Program Files\MSBuild
[2011/09/13 21:36:57 | 000,000,000 | -H-D | M] -- C:\Program Files\PlayReady
[2011/09/25 20:23:40 | 000,000,000 | -H-D | M] -- C:\Program Files\PriceGong
[2011/09/13 21:36:57 | 000,000,000 | -H-D | M] -- C:\Program Files\QuickTime
[2009/09/25 17:02:33 | 000,000,000 | -H-D | M] -- C:\Program Files\Realtek
[2011/09/13 21:36:56 | 000,000,000 | -H-D | M] -- C:\Program Files\Realtek WLAN Driver
[2009/07/13 23:52:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Reference Assemblies
[2011/09/13 21:36:55 | 000,000,000 | -H-D | M] -- C:\Program Files\SpywareBlaster
[2011/09/13 21:36:55 | 000,000,000 | -H-D | M] -- C:\Program Files\SpywareGuard
[2011/09/13 21:36:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Starcraft
[2011/09/14 01:43:29 | 000,000,000 | -H-D | M] -- C:\Program Files\StarCraft II
[2011/09/25 20:23:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Surf Canyon
[2011/09/13 21:36:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Synaptics
[2011/09/13 21:36:55 | 000,000,000 | -H-D | M] -- C:\Program Files\SystemRequirementsLab
[2009/09/25 17:01:42 | 000,000,000 | -H-D | M] -- C:\Program Files\Temp
[2011/09/13 21:36:53 | 000,000,000 | -H-D | M] -- C:\Program Files\TOSHIBA
[2009/11/27 19:07:31 | 000,000,000 | -H-D | M] -- C:\Program Files\TOSHIBA Corporation
[2011/09/13 21:36:55 | 000,000,000 | -H-D | M] -- C:\Program Files\TOSHIBA Games
[2009/07/13 23:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/11/28 04:25:11 | 000,000,000 | -H-D | M] -- C:\Program Files\VideoLAN
[2011/09/13 21:36:43 | 000,000,000 | -H-D | M] -- C:\Program Files\Warcraft III
[2009/07/13 23:56:49 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Defender
[2009/07/14 02:49:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Journal
[2011/09/13 21:36:42 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Live
[2011/09/13 21:36:42 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/12/14 23:07:48 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Mail
[2010/10/14 00:07:01 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Media Player
[2009/07/13 23:52:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows NT
[2009/07/13 23:56:49 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Photo Viewer
[2009/07/13 23:52:32 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Portable Devices
[2011/09/13 21:36:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Sidebar


< MD5 for: AGP440.SYS >
[2009/07/13 20:26:15 | 000,053,312 | -H-- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | -H-- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | -H-- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | -H-- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:26:15 | 000,021,584 | -H-- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | -H-- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | -H-- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | -H-- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: DISK.SYS >
[2009/07/13 20:20:27 | 000,057,424 | -H-- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys
[2009/07/13 20:20:27 | 000,057,424 | -H-- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009/07/13 20:20:27 | 000,057,424 | -H-- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 07:20:28 | 000,563,712 | -H-- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\033b0c7c2634a2c344c62aab1ebcd6ad\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | -H-- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | -H-- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\8941ba73f649c028902cd678ff78607f\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/03/11 00:39:00 | 000,143,744 | -H-- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 00:44:01 | 000,143,744 | -H-- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 00:44:01 | 000,143,744 | -H-- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 00:44:01 | 000,143,744 | -H-- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 00:28:10 | 000,143,744 | -H-- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 00:52:25 | 000,143,744 | -H-- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 07:30:06 | 000,143,744 | -H-- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\033b0c7c2634a2c344c62aab1ebcd6ad\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2010/11/20 07:30:06 | 000,143,744 | -H-- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2010/11/20 07:30:06 | 000,143,744 | -H-- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\8941ba73f649c028902cd678ff78607f\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/13 20:20:44 | 000,142,416 | -H-- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:20:44 | 000,142,416 | -H-- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-29 02:45:54

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/28 22:47:47 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/28 22:47:47 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/28 22:47:47 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/28 22:47:46 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/28 22:47:46 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/28 22:47:46 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/09/28 21:43:52 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/09/28 21:43:52 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/09/28 21:43:52 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/09/28 21:43:55 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/09/28 21:43:55 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/28 22:47:47 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/28 22:47:47 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/28 22:47:47 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/28 22:47:46 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/28 22:47:46 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/28 22:47:46 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/09/28 21:43:52 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/09/28 21:43:52 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/09/28 21:43:52 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/09/28 21:43:55 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/09/28 21:43:55 | 000,748,336 | ---- | M] (Microsoft Corporation)

< End of report >

My anti-virus software seems to have detected a lot of malaware and viruses as well.

Please help me fix this.

Thank you! I appreciate your help!

mh

Rookie Surfer
Rookie Surfer

Posts : 56
Joined : 2009-04-08
Operating System : Windows XP

View user profile

Back to top Go down

Re: Open Cloud Security virus

Post by mh on Sun 02 Oct 2011, 2:08 pm

Here is the extras.txt:

OTL Extras logfile created on: 10/1/2011 6:56:48 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Allen_2\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 67.87% Memory free
5.49 Gb Paging File | 4.49 Gb Available in Paging File | 81.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.71 Gb Total Space | 229.99 Gb Free Space | 79.66% Space Free | Partition Type: NTFS

Computer Name: ALLEN-PC | User Name: Allen_2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"$BLSTUN$" = Talul-Ads Browser Enhancer
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}" = MyToshiba
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{117BCF94-6A1E-6741-39F5-09444381445E}" = CCC Help Italian
"{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14956199-1890-C3D4-F8B8-3C0C6FD82993}" = ccc-core-static
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1D210042-41EE-4472-2219-6A900366B9A3}" = CCC Help French
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{51C77E17-3337-6409-16A9-A90CA8B9BBF6}" = ccc-utility
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian
"{594A3C2C-19B3-E02E-359C-B8D134F6B939}" = CCC Help Korean
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{739A6E9D-5D7D-8A5D-EC8A-4BD11E5749AA}" = CCC Help Hungarian
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C72927B-7410-131A-E641-B9C505F4973C}" = CCC Help Japanese
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{911AB6CA-E04C-1E98-523D-8FCFAB4F456C}" = CCC Help Czech
"{9216C6A7-694A-4437-BD00-BD1CF58E1839}" = CCC Help Spanish
"{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9668AE11-E05C-8169-F6D8-FBF7B507D7DB}" = CCC Help German
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application and Driver Installer
"{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai
"{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A7594D38-0B7E-BCF7-A938-1AC03A6477FB}" = CCC Help English
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish
"{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional
"{B4BB4CF2-F475-FB20-7AFA-F8AED032BFF8}" = ATI Catalyst Install Manager
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BDABF8CD-7436-EC6C-DD82-439225E22557}" = CCC Help Finnish
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation
"{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup
"{D19A1978-2FB2-B39A-5D30-C1EA38F788DD}" = CCC Help Danish
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8634D93-03DD-01F1-AC7D-EE468AA24F45}" = CCC Help Dutch
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{E151E679-4EC8-36F9-A691-C7600688A1CA}" = CCC Help Chinese Standard
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
"{EBC6193C-ED23-E332-9A9C-D5CB83CDDE2B}" = Catalyst Control Center Localization All
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F544CA20-6810-E275-D288-F0D92CFADE4A}" = CCC Help Greek
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FEED29DD-7BF3-582C-3353-1F2634C2323D}" = CCC Help Portuguese
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CPS FirstClass Client v9.012f" = CPS FirstClass Client v9.012f
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"PriceGong" = PriceGong 2.5.0
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SpywareGuard_is1" = SpywareGuard v2.2
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Surf Canyon" = Fast Search by Surf Canyon
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.3
"Warcraft III" = Warcraft III
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/27/2011 5:02:50 PM | Computer Name = Allen-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: mshtml.dll, version: 8.0.7600.16853, time
stamp: 0x4e291914 Exception code: 0xc0000005 Fault offset: 0x001b687d Faulting process
id: 0x136c Faulting application start time: 0x01cc7d56e6e724dd Faulting application
path: C:\windows\system32\svchost.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: 0ed45cd5-e94c-11e0-9750-001e33f8f0d2

Error - 9/27/2011 5:14:18 PM | Computer Name = Allen-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TosSmartSrv.exe, version: 1.1.0.8, time
stamp: 0x4ab1d89c Faulting module name: TosSmart.dll, version: 1.0.0.10, time stamp:
0x4ab1d892 Exception code: 0xc0000005 Fault offset: 0x000019f5 Faulting process id:
0xef8 Faulting application start time: 0x01cc7d51e0a7ee50 Faulting application path:
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe Faulting module path:
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmart.dll Report Id: a9096359-e94d-11e0-9750-001e33f8f0d2

Error - 9/28/2011 11:09:15 PM | Computer Name = Allen-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: mshtml.dll, version: 8.0.7600.16853, time
stamp: 0x4e291914 Exception code: 0xc0000005 Fault offset: 0x001b687d Faulting process
id: 0x3f8 Faulting application start time: 0x01cc7e4f3dd4c6ce Faulting application
path: C:\windows\system32\svchost.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: 696d636b-ea48-11e0-9c8e-001e33f8f0d2

Error - 9/28/2011 11:27:04 PM | Computer Name = Allen-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: Flash10b.ocx, version: 10.0.22.87, time
stamp: 0x4987a6c3 Exception code: 0xc0000005 Fault offset: 0x002247ca Faulting process
id: 0x4ac Faulting application start time: 0x01cc7e558233152e Faulting application
path: C:\windows\system32\svchost.exe Faulting module path: C:\Windows\system32\Macromed\Flash\Flash10b.ocx
Report
Id: e6255fb3-ea4a-11e0-9c8e-001e33f8f0d2

Error - 9/28/2011 11:30:44 PM | Computer Name = Allen-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TosSmartSrv.exe, version: 1.1.0.8, time
stamp: 0x4ab1d89c Faulting module name: TosSmart.dll, version: 1.0.0.10, time stamp:
0x4ab1d892 Exception code: 0xc0000005 Fault offset: 0x000019f5 Faulting process id:
0xd98 Faulting application start time: 0x01cc7e4fa0d22d9c Faulting application path:
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe Faulting module path:
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmart.dll Report Id: 696b6c05-ea4b-11e0-9c8e-001e33f8f0d2

Error - 9/29/2011 8:15:57 PM | Computer Name = Allen-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/29/2011 8:15:57 PM | Computer Name = Allen-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/29/2011 8:15:58 PM | Computer Name = Allen-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/29/2011 8:16:37 PM | Computer Name = Allen-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/29/2011 8:17:01 PM | Computer Name = Allen-PC | Source = EventSystem | ID = 4621
Description =

[ System Events ]
Error - 10/1/2011 7:49:50 PM | Computer Name = Allen-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%5

Error - 10/1/2011 7:49:51 PM | Computer Name = Allen-PC | Source = PNRPSvc | ID = 102
Description =

Error - 10/1/2011 7:49:51 PM | Computer Name = Allen-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%5

Error - 10/1/2011 7:49:51 PM | Computer Name = Allen-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%5

Error - 10/1/2011 7:50:17 PM | Computer Name = Allen-PC | Source = WMPNetworkSvc | ID = 866314
Description =

Error - 10/1/2011 7:50:17 PM | Computer Name = Allen-PC | Source = WMPNetworkSvc | ID = 866314
Description =

Error - 10/1/2011 7:50:17 PM | Computer Name = Allen-PC | Source = WMPNetworkSvc | ID = 866314
Description =

Error - 10/1/2011 7:50:17 PM | Computer Name = Allen-PC | Source = WMPNetworkSvc | ID = 866314
Description =

Error - 10/1/2011 7:50:17 PM | Computer Name = Allen-PC | Source = WMPNetworkSvc | ID = 866314
Description =

Error - 10/1/2011 7:50:18 PM | Computer Name = Allen-PC | Source = WMPNetworkSvc | ID = 866314
Description =


< End of report >



here is the aswMBR.txt:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-01 21:40:14
-----------------------------
21:40:14.562 OS Version: Windows 6.1.7600
21:40:14.562 Number of processors: 2 586 0x602
21:40:14.565 ComputerName: ALLEN-PC UserName: Allen_2
21:40:15.945 Initialize success
21:40:54.086 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
21:40:54.088 Disk 0 Vendor: Hitachi_HTS545032B9A300 PB3OC64G Size: 305245MB BusType: 11
21:40:56.626 Disk 0 MBR read successfully
21:40:56.630 Disk 0 MBR scan
21:40:56.634 Disk 0 TDL4@MBR code has been found
21:40:56.640 Disk 0 MBR hidden
21:40:56.645 Disk 0 MBR [TDL4] **ROOTKIT**
21:40:56.652 Disk 0 trace - called modules:
21:40:56.659 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x868544d0]<<
21:40:56.665 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867d0030]
21:40:56.673 3 CLASSPNP.SYS[8398659e] -> nt!IofCallDriver -> [0x866bf918]
21:40:56.678 5 ACPI.sys[837b03b2] -> nt!IofCallDriver -> \IdeDeviceP1T0L0-1[0x867b4030]
21:40:56.684 \Driver\atapi[0x866bf380] -> IRP_MJ_CREATE -> 0x868544d0
21:40:56.691 Scan finished successfully
21:43:11.306 Disk 0 MBR has been saved successfully to "C:\Users\Allen_2\Documents\MBR.dat"
21:43:11.317 The log file has been saved successfully to "C:\Users\Allen_2\Documents\aswMBR.txt"

mh

Rookie Surfer
Rookie Surfer

Posts : 56
Joined : 2009-04-08
Operating System : Windows XP

View user profile

Back to top Go down

Re: Open Cloud Security virus

Post by mh on Sun 02 Oct 2011, 2:50 pm

I ran the Security Check, but got nothing back. All the screen said was 'preparing done' with nothing else and it stayed that way for a while. Not sure what's wrong with it.

mh

Rookie Surfer
Rookie Surfer

Posts : 56
Joined : 2009-04-08
Operating System : Windows XP

View user profile

Back to top Go down

Re: Open Cloud Security virus

Post by Belahzur on Mon 03 Oct 2011, 6:29 am

Hello.

Please download TDSSKiller from here and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Open Cloud Security virus

Post by mh on Mon 03 Oct 2011, 8:18 am

16:17:02.0804 2916 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
16:17:03.0370 2916 ============================================================
16:17:03.0370 2916 Current date / time: 2011/10/02 16:17:03.0370
16:17:03.0370 2916 SystemInfo:
16:17:03.0370 2916
16:17:03.0371 2916 OS Version: 6.1.7600 ServicePack: 0.0
16:17:03.0371 2916 Product type: Workstation
16:17:03.0371 2916 ComputerName: ALLEN-PC
16:17:03.0372 2916 UserName: Allen_2
16:17:03.0372 2916 Windows directory: C:\windows
16:17:03.0372 2916 System windows directory: C:\windows
16:17:03.0372 2916 Processor architecture: Intel x86
16:17:03.0372 2916 Number of processors: 2
16:17:03.0372 2916 Page size: 0x1000
16:17:03.0372 2916 Boot type: Normal boot
16:17:03.0372 2916 ============================================================
16:17:03.0443 2916 Initialize success
16:17:14.0235 0648 ============================================================
16:17:14.0235 0648 Scan started
16:17:14.0235 0648 Mode: Manual;
16:17:14.0235 0648 ============================================================
16:17:15.0147 0648 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
16:17:15.0149 0648 1394ohci - ok
16:17:15.0363 0648 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
16:17:15.0365 0648 ACPI - ok
16:17:15.0562 0648 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
16:17:15.0563 0648 AcpiPmi - ok
16:17:15.0730 0648 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
16:17:15.0733 0648 adp94xx - ok
16:17:15.0894 0648 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
16:17:15.0898 0648 adpahci - ok
16:17:16.0133 0648 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
16:17:16.0134 0648 adpu320 - ok
16:17:16.0315 0648 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
16:17:16.0318 0648 AFD - ok
16:17:16.0540 0648 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\windows\system32\DRIVERS\AGRSM.sys
16:17:16.0547 0648 AgereSoftModem - ok
16:17:16.0819 0648 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
16:17:16.0820 0648 agp440 - ok
16:17:17.0168 0648 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
16:17:17.0169 0648 aic78xx - ok
16:17:17.0613 0648 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
16:17:17.0614 0648 aliide - ok
16:17:17.0792 0648 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
16:17:17.0793 0648 amdagp - ok
16:17:17.0827 0648 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
16:17:17.0827 0648 amdide - ok
16:17:18.0016 0648 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
16:17:18.0017 0648 AmdK8 - ok
16:17:18.0217 0648 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
16:17:18.0218 0648 AmdPPM - ok
16:17:18.0415 0648 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
16:17:18.0416 0648 amdsata - ok
16:17:18.0681 0648 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
16:17:18.0683 0648 amdsbs - ok
16:17:18.0823 0648 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
16:17:18.0823 0648 amdxata - ok
16:17:19.0081 0648 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
16:17:19.0082 0648 AppID - ok
16:17:19.0328 0648 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
16:17:19.0331 0648 arc - ok
16:17:19.0463 0648 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
16:17:19.0465 0648 arcsas - ok
16:17:19.0608 0648 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
16:17:19.0609 0648 AsyncMac - ok
16:17:19.0775 0648 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
16:17:19.0776 0648 atapi - ok
16:17:19.0972 0648 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\windows\system32\DRIVERS\athr.sys
16:17:19.0983 0648 athr - ok
16:17:20.0404 0648 atikmdag (c97be8350fbcb1960b22fad2e6c2b514) C:\windows\system32\DRIVERS\atikmdag.sys
16:17:20.0437 0648 atikmdag - ok
16:17:20.0626 0648 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\windows\system32\DRIVERS\AtiPcie.sys
16:17:20.0627 0648 AtiPcie - ok
16:17:20.0990 0648 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\windows\system32\DRIVERS\avgntflt.sys
16:17:20.0991 0648 avgntflt - ok
16:17:21.0224 0648 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\windows\system32\DRIVERS\avipbb.sys
16:17:21.0225 0648 avipbb - ok
16:17:21.0598 0648 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
16:17:21.0602 0648 b06bdrv - ok
16:17:21.0770 0648 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
16:17:21.0772 0648 b57nd60x - ok
16:17:21.0958 0648 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
16:17:21.0959 0648 Beep - ok
16:17:22.0104 0648 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
16:17:22.0104 0648 blbdrive - ok
16:17:22.0233 0648 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
16:17:22.0235 0648 bowser - ok
16:17:22.0383 0648 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
16:17:22.0384 0648 BrFiltLo - ok
16:17:22.0530 0648 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
16:17:22.0531 0648 BrFiltUp - ok
16:17:22.0583 0648 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
16:17:22.0587 0648 Brserid - ok
16:17:22.0695 0648 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
16:17:22.0696 0648 BrSerWdm - ok
16:17:22.0720 0648 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
16:17:22.0721 0648 BrUsbMdm - ok
16:17:22.0732 0648 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
16:17:22.0732 0648 BrUsbSer - ok
16:17:22.0745 0648 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
16:17:22.0746 0648 BTHMODEM - ok
16:17:22.0831 0648 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
16:17:22.0832 0648 cdfs - ok
16:17:22.0968 0648 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
16:17:22.0969 0648 cdrom - ok
16:17:23.0179 0648 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
16:17:23.0180 0648 circlass - ok
16:17:23.0301 0648 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
16:17:23.0304 0648 CLFS - ok
16:17:23.0470 0648 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
16:17:23.0471 0648 CmBatt - ok
16:17:23.0637 0648 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
16:17:23.0638 0648 cmdide - ok
16:17:23.0790 0648 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
16:17:23.0794 0648 CNG - ok
16:17:23.0937 0648 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
16:17:23.0937 0648 Compbatt - ok
16:17:23.0960 0648 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
16:17:23.0961 0648 CompositeBus - ok
16:17:24.0172 0648 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
16:17:24.0173 0648 crcdisk - ok
16:17:24.0396 0648 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
16:17:24.0397 0648 DfsC - ok
16:17:24.0731 0648 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
16:17:24.0732 0648 discache - ok
16:17:25.0000 0648 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
16:17:25.0001 0648 Disk - ok
16:17:25.0048 0648 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
16:17:25.0049 0648 drmkaud - ok
16:17:25.0164 0648 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
16:17:25.0180 0648 DXGKrnl - ok
16:17:25.0410 0648 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
16:17:25.0432 0648 ebdrv - ok
16:17:25.0745 0648 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
16:17:25.0748 0648 elxstor - ok
16:17:25.0828 0648 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
16:17:25.0829 0648 ErrDev - ok
16:17:25.0905 0648 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
16:17:25.0906 0648 exfat - ok
16:17:25.0916 0648 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
16:17:25.0918 0648 fastfat - ok
16:17:26.0031 0648 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
16:17:26.0031 0648 fdc - ok
16:17:26.0048 0648 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
16:17:26.0049 0648 FileInfo - ok
16:17:26.0058 0648 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
16:17:26.0058 0648 Filetrace - ok
16:17:26.0077 0648 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
16:17:26.0077 0648 flpydisk - ok
16:17:26.0096 0648 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
16:17:26.0099 0648 FltMgr - ok
16:17:26.0128 0648 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
16:17:26.0130 0648 FsDepends - ok
16:17:26.0284 0648 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
16:17:26.0285 0648 Fs_Rec - ok
16:17:26.0346 0648 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
16:17:26.0348 0648 fvevol - ok
16:17:26.0458 0648 FwLnk (0f76e205bdc60364f08a5949082771ca) C:\windows\system32\DRIVERS\FwLnk.sys
16:17:26.0459 0648 FwLnk - ok
16:17:26.0595 0648 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
16:17:26.0595 0648 gagp30kx - ok
16:17:26.0814 0648 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
16:17:26.0815 0648 GEARAspiWDM - ok
16:17:26.0939 0648 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
16:17:26.0940 0648 hcw85cir - ok
16:17:26.0996 0648 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
16:17:26.0999 0648 HdAudAddService - ok
16:17:27.0164 0648 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
16:17:27.0166 0648 HDAudBus - ok
16:17:27.0395 0648 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
16:17:27.0396 0648 HidBatt - ok
16:17:27.0451 0648 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
16:17:27.0452 0648 HidBth - ok
16:17:27.0544 0648 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
16:17:27.0545 0648 HidIr - ok
16:17:27.0690 0648 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
16:17:27.0690 0648 HidUsb - ok
16:17:27.0871 0648 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
16:17:27.0872 0648 HpSAMD - ok
16:17:27.0913 0648 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
16:17:27.0917 0648 HTTP - ok
16:17:28.0010 0648 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
16:17:28.0011 0648 hwpolicy - ok
16:17:28.0065 0648 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
16:17:28.0066 0648 i8042prt - ok
16:17:28.0237 0648 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
16:17:28.0239 0648 iaStorV - ok
16:17:28.0434 0648 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
16:17:28.0435 0648 iirsp - ok
16:17:28.0794 0648 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\windows\system32\drivers\RTKVHDA.sys
16:17:28.0813 0648 IntcAzAudAddService - ok
16:17:28.0934 0648 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
16:17:28.0935 0648 intelide - ok
16:17:28.0970 0648 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
16:17:28.0971 0648 intelppm - ok
16:17:29.0059 0648 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
16:17:29.0060 0648 IpFilterDriver - ok
16:17:29.0193 0648 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
16:17:29.0194 0648 IPMIDRV - ok
16:17:29.0374 0648 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
16:17:29.0376 0648 IPNAT - ok
16:17:29.0586 0648 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
16:17:29.0587 0648 IRENUM - ok
16:17:29.0706 0648 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
16:17:29.0707 0648 isapnp - ok
16:17:29.0783 0648 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
16:17:29.0785 0648 iScsiPrt - ok
16:17:29.0989 0648 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
16:17:29.0990 0648 kbdclass - ok
16:17:30.0145 0648 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
16:17:30.0146 0648 kbdhid - ok
16:17:30.0205 0648 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
16:17:30.0206 0648 KSecDD - ok
16:17:30.0291 0648 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
16:17:30.0293 0648 KSecPkg - ok
16:17:30.0534 0648 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
16:17:30.0535 0648 lltdio - ok
16:17:30.0747 0648 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
16:17:30.0749 0648 LSI_FC - ok
16:17:30.0894 0648 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
16:17:30.0895 0648 LSI_SAS - ok
16:17:30.0922 0648 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
16:17:30.0923 0648 LSI_SAS2 - ok
16:17:30.0955 0648 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
16:17:30.0956 0648 LSI_SCSI - ok
16:17:31.0167 0648 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
16:17:31.0168 0648 luafv - ok
16:17:31.0369 0648 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
16:17:31.0369 0648 megasas - ok
16:17:31.0419 0648 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
16:17:31.0422 0648 MegaSR - ok
16:17:31.0574 0648 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
16:17:31.0575 0648 Modem - ok
16:17:31.0831 0648 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
16:17:31.0832 0648 monitor - ok
16:17:32.0121 0648 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
16:17:32.0121 0648 mouclass - ok
16:17:32.0367 0648 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
16:17:32.0368 0648 mouhid - ok
16:17:32.0546 0648 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
16:17:32.0548 0648 mountmgr - ok
16:17:32.0739 0648 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
16:17:32.0741 0648 mpio - ok
16:17:32.0906 0648 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
16:17:32.0908 0648 mpsdrv - ok
16:17:33.0099 0648 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
16:17:33.0102 0648 MRxDAV - ok
16:17:33.0248 0648 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
16:17:33.0251 0648 mrxsmb - ok
16:17:33.0540 0648 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys
16:17:33.0543 0648 mrxsmb10 - ok
16:17:33.0700 0648 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
16:17:33.0701 0648 mrxsmb20 - ok
16:17:33.0795 0648 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
16:17:33.0796 0648 msahci - ok
16:17:33.0847 0648 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
16:17:33.0848 0648 msdsm - ok
16:17:33.0987 0648 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
16:17:33.0988 0648 Msfs - ok
16:17:33.0996 0648 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
16:17:33.0996 0648 mshidkmdf - ok
16:17:34.0004 0648 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
16:17:34.0005 0648 msisadrv - ok
16:17:34.0194 0648 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
16:17:34.0194 0648 MSKSSRV - ok
16:17:34.0461 0648 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
16:17:34.0461 0648 MSPCLOCK - ok
16:17:34.0650 0648 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
16:17:34.0650 0648 MSPQM - ok
16:17:34.0830 0648 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
16:17:34.0866 0648 MsRPC - ok
16:17:35.0077 0648 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
16:17:35.0078 0648 mssmbios - ok
16:17:35.0290 0648 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
16:17:35.0294 0648 MSTEE - ok
16:17:35.0588 0648 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
16:17:35.0588 0648 MTConfig - ok
16:17:35.0900 0648 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
16:17:35.0902 0648 Mup - ok
16:17:36.0043 0648 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
16:17:36.0045 0648 NativeWifiP - ok
16:17:36.0314 0648 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
16:17:36.0319 0648 NDIS - ok
16:17:36.0534 0648 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
16:17:36.0535 0648 NdisCap - ok
16:17:36.0765 0648 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
16:17:36.0766 0648 NdisTapi - ok
16:17:36.0944 0648 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
16:17:36.0945 0648 Ndisuio - ok
16:17:37.0145 0648 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
16:17:37.0147 0648 NdisWan - ok
16:17:37.0269 0648 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
16:17:37.0270 0648 NDProxy - ok
16:17:37.0403 0648 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
16:17:37.0404 0648 NetBIOS - ok
16:17:37.0440 0648 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
16:17:37.0442 0648 NetBT - ok
16:17:37.0627 0648 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
16:17:37.0628 0648 nfrd960 - ok
16:17:37.0783 0648 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
16:17:37.0784 0648 Npfs - ok
16:17:37.0995 0648 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
16:17:37.0997 0648 nsiproxy - ok
16:17:38.0310 0648 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
16:17:38.0320 0648 Ntfs - ok
16:17:38.0451 0648 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
16:17:38.0452 0648 Null - ok
16:17:38.0554 0648 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
16:17:38.0556 0648 nvraid - ok
16:17:38.0790 0648 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
16:17:38.0792 0648 nvstor - ok
16:17:39.0084 0648 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
16:17:39.0085 0648 nv_agp - ok
16:17:39.0322 0648 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
16:17:39.0323 0648 ohci1394 - ok
16:17:39.0626 0648 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
16:17:39.0627 0648 Parport - ok
16:17:39.0849 0648 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
16:17:39.0850 0648 partmgr - ok
16:17:40.0060 0648 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
16:17:40.0061 0648 Parvdm - ok
16:17:40.0100 0648 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
16:17:40.0101 0648 pci - ok
16:17:40.0166 0648 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
16:17:40.0167 0648 pciide - ok
16:17:40.0205 0648 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
16:17:40.0207 0648 pcmcia - ok
16:17:40.0450 0648 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
16:17:40.0451 0648 pcw - ok
16:17:40.0663 0648 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
16:17:40.0668 0648 PEAUTH - ok
16:17:40.0788 0648 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
16:17:40.0789 0648 PptpMiniport - ok
16:17:40.0831 0648 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
16:17:40.0832 0648 Processor - ok
16:17:40.0945 0648 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
16:17:40.0947 0648 Psched - ok
16:17:41.0298 0648 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
16:17:41.0308 0648 ql2300 - ok
16:17:41.0670 0648 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
16:17:41.0671 0648 ql40xx - ok
16:17:41.0927 0648 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
16:17:41.0930 0648 QWAVEdrv - ok
16:17:42.0316 0648 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
16:17:42.0317 0648 RasAcd - ok
16:17:42.0586 0648 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
16:17:42.0587 0648 RasAgileVpn - ok
16:17:42.0906 0648 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
16:17:42.0908 0648 Rasl2tp - ok
16:17:43.0386 0648 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
16:17:43.0387 0648 RasPppoe - ok
16:17:43.0778 0648 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
16:17:43.0780 0648 RasSstp - ok
16:17:44.0126 0648 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
16:17:44.0129 0648 rdbss - ok
16:17:44.0452 0648 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
16:17:44.0453 0648 rdpbus - ok
16:17:44.0786 0648 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
16:17:44.0788 0648 RDPCDD - ok
16:17:45.0108 0648 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
16:17:45.0109 0648 RDPENCDD - ok
16:17:45.0453 0648 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
16:17:45.0454 0648 RDPREFMP - ok
16:17:45.0791 0648 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
16:17:45.0794 0648 RDPWD - ok
16:17:46.0082 0648 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
16:17:46.0084 0648 rdyboost - ok
16:17:46.0739 0648 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
16:17:46.0740 0648 rspndr - ok
16:17:47.0017 0648 RSUSBSTOR - ok
16:17:47.0338 0648 RTHDMIAzAudService (87407b31ea6ff0dc4765258164b98bea) C:\windows\system32\drivers\RtHDMIV.sys
16:17:47.0340 0648 RTHDMIAzAudService - ok
16:17:47.0764 0648 RTL8167 (6465166dd9b2f841dabad16abdadbe98) C:\windows\system32\DRIVERS\Rt86win7.sys
16:17:47.0765 0648 RTL8167 - ok
16:17:48.0040 0648 RTL8187Se (5bd298bdf62e6a8a0fc69f73a82a52bb) C:\windows\system32\DRIVERS\RTL8187Se.sys
16:17:48.0043 0648 RTL8187Se - ok
16:17:48.0261 0648 RtsUIR - ok
16:17:48.0668 0648 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
16:17:48.0669 0648 sbp2port - ok
16:17:48.0734 0648 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
16:17:48.0735 0648 scfilter - ok
16:17:49.0005 0648 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
16:17:49.0006 0648 secdrv - ok
16:17:49.0317 0648 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
16:17:49.0317 0648 Serenum - ok
16:17:49.0608 0648 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
16:17:49.0609 0648 Serial - ok
16:17:49.0843 0648 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
16:17:49.0844 0648 sermouse - ok
16:17:50.0155 0648 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
16:17:50.0155 0648 sffdisk - ok
16:17:50.0279 0648 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
16:17:50.0280 0648 sffp_mmc - ok
16:17:50.0411 0648 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
16:17:50.0411 0648 sffp_sd - ok
16:17:50.0678 0648 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
16:17:50.0679 0648 sfloppy - ok
16:17:50.0957 0648 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
16:17:50.0958 0648 sisagp - ok
16:17:51.0191 0648 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
16:17:51.0192 0648 SiSRaid2 - ok
16:17:51.0438 0648 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
16:17:51.0439 0648 SiSRaid4 - ok
16:17:51.0657 0648 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
16:17:51.0658 0648 Smb - ok
16:17:51.0939 0648 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
16:17:51.0940 0648 spldr - ok
16:17:52.0117 0648 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
16:17:52.0120 0648 srv - ok
16:17:52.0401 0648 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
16:17:52.0404 0648 srv2 - ok
16:17:52.0733 0648 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
16:17:52.0734 0648 srvnet - ok
16:17:52.0984 0648 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
16:17:52.0985 0648 ssmdrv - ok
16:17:53.0139 0648 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
16:17:53.0140 0648 stexstor - ok
16:17:53.0264 0648 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
16:17:53.0264 0648 swenum - ok
16:17:53.0365 0648 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
16:17:53.0368 0648 SynTP - ok
16:17:53.0683 0648 Tcpip (c2daaeb48f3a47c410b041a0d2382ee1) C:\windows\system32\drivers\tcpip.sys
16:17:53.0692 0648 Tcpip - ok
16:17:54.0038 0648 TCPIP6 (c2daaeb48f3a47c410b041a0d2382ee1) C:\windows\system32\DRIVERS\tcpip.sys
16:17:54.0048 0648 TCPIP6 - ok
16:17:54.0199 0648 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
16:17:54.0200 0648 tcpipreg - ok
16:17:54.0311 0648 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
16:17:54.0312 0648 tdcmdpst - ok
16:17:54.0389 0648 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
16:17:54.0390 0648 TDPIPE - ok
16:17:54.0718 0648 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
16:17:54.0719 0648 TDTCP - ok
16:17:54.0890 0648 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
16:17:54.0892 0648 tdx - ok
16:17:54.0925 0648 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
16:17:54.0926 0648 TermDD - ok
16:17:55.0188 0648 tos_sps32 (969377943fe7284609babbab4e06b93c) C:\windows\system32\DRIVERS\tos_sps32.sys
16:17:55.0191 0648 tos_sps32 - ok
16:17:55.0381 0648 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
16:17:55.0382 0648 tssecsrv - ok
16:17:55.0413 0648 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
16:17:55.0415 0648 tunnel - ok
16:17:55.0662 0648 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
16:17:55.0663 0648 TVALZ - ok
16:17:55.0728 0648 TVALZFL (866462f5ae3f375ef83ef9dce436031c) C:\windows\system32\DRIVERS\TVALZFL.sys
16:17:55.0728 0648 TVALZFL - ok
16:17:55.0832 0648 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
16:17:55.0833 0648 uagp35 - ok
16:17:56.0003 0648 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
16:17:56.0006 0648 udfs - ok
16:17:56.0140 0648 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
16:17:56.0141 0648 uliagpkx - ok
16:17:56.0172 0648 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
16:17:56.0173 0648 umbus - ok
16:17:56.0186 0648 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
16:17:56.0187 0648 UmPass - ok
16:17:56.0227 0648 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\windows\system32\drivers\usbccgp.sys
16:17:56.0228 0648 usbccgp - ok
16:17:56.0328 0648 USBCCID - ok
16:17:56.0392 0648 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
16:17:56.0393 0648 usbcir - ok
16:17:56.0565 0648 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\windows\system32\DRIVERS\usbehci.sys
16:17:56.0566 0648 usbehci - ok
16:17:56.0738 0648 usbhub (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys
16:17:56.0740 0648 usbhub - ok
16:17:56.0845 0648 usbohci (eb2d819a639015253c871cda09d91d58) C:\windows\system32\DRIVERS\usbohci.sys
16:17:56.0846 0648 usbohci - ok
16:17:56.0930 0648 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
16:17:56.0930 0648 usbprint - ok
16:17:57.0002 0648 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\drivers\USBSTOR.SYS
16:17:57.0003 0648 USBSTOR - ok
16:17:57.0058 0648 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\drivers\usbuhci.sys
16:17:57.0059 0648 usbuhci - ok
16:17:57.0171 0648 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
16:17:57.0173 0648 usbvideo - ok
16:17:57.0249 0648 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
16:17:57.0250 0648 vdrvroot - ok
16:17:57.0336 0648 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
16:17:57.0336 0648 vga - ok
16:17:57.0372 0648 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
16:17:57.0373 0648 VgaSave - ok
16:17:57.0384 0648 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
16:17:57.0386 0648 vhdmp - ok
16:17:57.0434 0648 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
16:17:57.0435 0648 viaagp - ok
16:17:57.0444 0648 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
16:17:57.0445 0648 ViaC7 - ok
16:17:57.0514 0648 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
16:17:57.0515 0648 viaide - ok
16:17:57.0574 0648 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
16:17:57.0575 0648 volmgr - ok
16:17:57.0647 0648 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
16:17:57.0650 0648 volmgrx - ok
16:17:57.0915 0648 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
16:17:57.0917 0648 volsnap - ok
16:17:58.0073 0648 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
16:17:58.0075 0648 vsmraid - ok
16:17:58.0149 0648 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
16:17:58.0150 0648 vwifibus - ok
16:17:58.0173 0648 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
16:17:58.0174 0648 vwififlt - ok
16:17:58.0192 0648 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
16:17:58.0193 0648 WacomPen - ok
16:17:58.0264 0648 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
16:17:58.0265 0648 WANARP - ok
16:17:58.0280 0648 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
16:17:58.0281 0648 Wanarpv6 - ok
16:17:58.0501 0648 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
16:17:58.0502 0648 Wd - ok
16:17:58.0542 0648 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
16:17:58.0546 0648 Wdf01000 - ok
16:17:58.0807 0648 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
16:17:58.0807 0648 WfpLwf - ok
16:17:58.0907 0648 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
16:17:58.0908 0648 WIMMount - ok
16:17:59.0041 0648 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
16:17:59.0041 0648 WmiAcpi - ok
16:17:59.0197 0648 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
16:17:59.0198 0648 ws2ifsl - ok
16:17:59.0253 0648 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
16:17:59.0254 0648 WudfPf - ok
16:17:59.0264 0648 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
16:17:59.0266 0648 WUDFRd - ok
16:17:59.0506 0648 X6XSEx (ad9dee1257c7659083268f298890ce16) C:\Program Files\Free Ride Games\X6XSEx.Sys
16:17:59.0507 0648 X6XSEx - ok
16:17:59.0523 0648 MBR (0x1B8) (ef1fb3fbba60e54cf5e5a0c96abf6c5b) \Device\Harddisk0\DR0
16:17:59.0524 0648 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
16:17:59.0524 0648 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
16:17:59.0555 0648 Boot (0x1200) (5d23c7fb3ae2f4e4543dcf7c11664442) \Device\Harddisk0\DR0\Partition0
16:17:59.0557 0648 \Device\Harddisk0\DR0\Partition0 - ok
16:17:59.0558 0648 ============================================================
16:17:59.0558 0648 Scan finished
16:17:59.0558 0648 ============================================================
16:17:59.0573 0688 Detected object count: 1
16:17:59.0573 0688 Actual detected object count: 1
16:18:08.0396 0688 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
16:18:08.0397 0688 \Device\Harddisk0\DR0 - ok
16:18:08.0398 0688 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure

mh

Rookie Surfer
Rookie Surfer

Posts : 56
Joined : 2009-04-08
Operating System : Windows XP

View user profile

Back to top Go down

Re: Open Cloud Security virus

Post by Belahzur on Mon 03 Oct 2011, 8:37 am

Hello.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Open Cloud Security virus

Post by mh on Mon 03 Oct 2011, 8:53 am

ComboFix 11-10-02.03 - Allen_2 10/02/2011 17:15:43.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.2183 [GMT -5:00]
Running from: c:\users\Allen_2\Desktop\commy.exe
Command switches used :: /stepdel
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Recycle.Bin
c:\users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenCloud Security
c:\users\Allen_2\AppData\Roaming\Anripe
c:\users\Allen_2\AppData\Roaming\Aweb
c:\users\Betsy\AppData\Local\{5EB86D99-0020-4900-B368-43B7C8184F73}
c:\users\Betsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenCloud Security
c:\windows\$BLSTUN$
c:\windows\system32\c7ZwlzA24sEZXet.exe
c:\windows\system32\dasEZwlPS3aWLZw.exe
c:\windows\system32\dETktSns8.exe
c:\windows\system32\xu9jINu34sLjkOP.exe
c:\programdata\DIUULhYTmDbYe.exe
c:\programdata\KeyboardOnlineService.dll
c:\programdata\PbOVsnXuaBESx.exe
c:\recycle.bin\0750A7B0228D7AA
c:\recycle.bin\B6232F3A9B2.exe
c:\users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenCloud Security\OpenCloud Security.lnk
c:\users\Allen\AppData\Roaming\WvoFmQd8RTjeBPyOpenCloud Security.ico
c:\users\Allen_2\AppData\Roaming\Anripe\rotuv.exe
c:\users\Allen_2\AppData\Roaming\Aweb\igaxe.exe
c:\users\Allen_2\AppData\Roaming\b3m7TwB0iFsLhVOpenCloud Security.ico
c:\users\Allen_2\AppData\Roaming\EByvbaW9jIyvF5dOpenCloud Security.ico
c:\users\Allen_2\AppData\Roaming\eL8gTZqhYwUrOtOpenCloud Security.ico
c:\users\Allen_2\AppData\Roaming\KtxA0cS2iDpGaHsOpenCloud Security.ico
c:\users\Allen_2\AppData\Roaming\myxu2bp5HdKfLOpenCloud Security.ico
c:\users\Allen_2\AppData\Roaming\O8fRL9hXqCOpenCloud Security.ico
c:\users\Allen_2\AppData\Roaming\OSG8jyFaKXkN2nWOpenCloud Security.ico
c:\users\Allen_2\AppData\Roaming\Rs7LThwVOx0OpenCloud Security.ico
c:\users\Allen_2\AppData\Roaming\SzNAuipGQs7LXYkOpenCloud Security.ico
c:\users\Allen_2\AppData\Roaming\TNx0v2FpGadfOpenCloud Security.ico
c:\users\Allen_2\AppData\Roaming\zQWETYVNuioasfTOpenCloud Security.ico
c:\users\Betsy\AppData\Local\{5EB86D99-0020-4900-B368-43B7C8184F73}\chrome.manifest
c:\users\Betsy\AppData\Local\{5EB86D99-0020-4900-B368-43B7C8184F73}\chrome\content\_cfg.js
c:\users\Betsy\AppData\Local\{5EB86D99-0020-4900-B368-43B7C8184F73}\chrome\content\overlay.xul
c:\users\Betsy\AppData\Local\{5EB86D99-0020-4900-B368-43B7C8184F73}\install.rdf
c:\users\Betsy\AppData\Local\ilemulopocitalu.dll
c:\users\Betsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenCloud Security\OpenCloud Security.lnk
c:\users\Betsy\AppData\Roaming\phTXwjUCeIrPyAuOpenCloud Security.ico
c:\users\Betsy\Desktop\OpenCloud Security.lnk
c:\windows\$BLSTUN$\apUninstall.exe
c:\windows\$BLSTUN$\lmatn.dll
c:\windows\$BLSTUN$\qgnnv.dll
c:\windows\system32\0.0859337043550733.exe
c:\windows\system32\0.2183979227603433.exe
c:\windows\system32\0.3576493246204342.exe
c:\windows\system32\certator.dll
c:\windows\system32\d777f99gTZqjCwI.exe
c:\windows\system32\Thumbs.db
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2011-09-02 to 2011-10-02 )))))))))))))))))))))))))))))))
.
.
2011-10-02 22:29 . 2011-10-02 22:29 -------- d-----w- c:\users\Allen_2\AppData\Roaming\LG4aQH6sW7E9TqY
2011-10-02 22:29 . 2011-10-02 22:29 -------- d-----w- c:\users\Allen_2\AppData\Roaming\gwkIVrlONx0c1b
2011-10-02 22:26 . 2011-10-02 22:29 -------- d-----w- c:\users\Allen_2\AppData\Local\temp
2011-10-02 22:01 . 2011-10-02 22:01 -------- d-----w- c:\users\Allen_2\AppData\Roaming\PGQ6W8LTqCI
2011-10-02 22:01 . 2011-10-02 22:01 -------- d-----w- c:\users\Allen_2\AppData\Roaming\yNASibF3pGHWf9
2011-10-02 22:01 . 2011-10-02 22:01 -------- d-----w- c:\users\Allen_2\AppData\Roaming\H5gUNDsRUr1FQf
2011-10-02 22:01 . 2011-10-02 22:01 -------- d-----w- c:\users\Allen_2\AppData\Roaming\z0D4WLjINcDaJgC
2011-10-02 22:00 . 2011-10-02 22:00 -------- d-----w- c:\users\Allen_2\AppData\Roaming\bHgV1H9BvQX
2011-10-02 22:00 . 2011-10-02 22:06 -------- d-----w- c:\users\Allen_2\AppData\Roaming\zQWETYVNuioasfT
2011-10-02 22:00 . 2011-10-02 22:00 -------- d-----w- c:\users\Allen_2\AppData\Roaming\vTCrxSFadfTYIO0
2011-10-02 21:53 . 2011-10-02 21:53 167936 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ubuzu.exe
2011-10-02 21:53 . 2011-10-02 21:53 167936 ----a-w- c:\users\Betsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\roodt.exe
2011-10-02 21:53 . 2011-10-02 21:53 167936 ----a-w- c:\users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zayman.exe
2011-10-02 21:12 . 2011-10-02 21:12 -------- d-----w- c:\users\Allen_2\AppData\Roaming\pxP0ycS1iDoFaHs
2011-10-02 21:12 . 2011-10-02 21:12 -------- d-----w- c:\users\Allen_2\AppData\Roaming\nP0ycS1iv3n4msJ
2011-10-02 21:12 . 2011-10-02 21:12 -------- d-----w- c:\users\Allen_2\AppData\Roaming\LtxP0ycS1v3n4ms
2011-10-02 21:12 . 2011-10-02 21:12 -------- d-----w- c:\users\Allen_2\AppData\Roaming\ExP0ycS1iDoFaHs
2011-10-02 21:11 . 2011-10-02 21:17 -------- d-----w- c:\users\Allen_2\AppData\Roaming\OSG8jyFaKXkN2nW
2011-10-02 21:11 . 2011-10-02 21:11 -------- d-----w- c:\users\Allen_2\AppData\Roaming\Z46hI1pWXBxS
2011-10-02 21:11 . 2011-10-02 21:11 -------- d-----w- c:\users\Allen_2\AppData\Roaming\ev4Q8TezA2mJfqI
2011-10-02 02:46 . 2011-10-02 02:50 -------- d-----w- c:\users\Allen_2\AppData\Roaming\Tuqof
2011-10-02 02:46 . 2011-10-02 02:46 179712 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\idigp.exe
2011-10-02 02:46 . 2011-10-02 02:46 179712 ----a-w- c:\users\Betsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gusuux.exe
2011-10-02 02:46 . 2011-10-02 02:46 179712 ----a-w- c:\users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vyfea.exe
2011-10-02 02:34 . 2011-10-02 02:34 -------- d-----w- c:\users\Allen_2\AppData\Roaming\VS2ibF3pn5Q6W7L
2011-10-02 02:34 . 2011-10-02 02:34 -------- d-----w- c:\users\Allen_2\AppData\Roaming\mD4J8YePv4Q9jBy
2011-10-02 02:34 . 2011-10-02 02:34 -------- d-----w- c:\users\Allen_2\AppData\Roaming\B0Sbp4HWf9ZYkrN
2011-10-02 02:34 . 2011-10-02 02:34 -------- d-----w- c:\users\Allen_2\AppData\Roaming\iP0ycSvo4HW7L
2011-10-02 02:34 . 2011-10-02 02:39 -------- d-----w- c:\users\Allen_2\AppData\Roaming\Rs7LThwVOx0
2011-10-02 02:34 . 2011-10-02 02:34 -------- d-----w- c:\users\Allen_2\AppData\Roaming\iEXzo7Ycsjxo7wy
2011-10-02 02:34 . 2011-10-02 02:34 -------- d-----w- c:\users\Allen_2\AppData\Roaming\HHWfLTjwVOxu1D
2011-10-02 00:48 . 2011-10-02 00:48 -------- d-----w- c:\users\Allen_2\AppData\Roaming\Y0c1ivD2oFpHsJd
2011-10-02 00:48 . 2011-10-02 00:53 -------- d-----w- c:\users\Allen_2\AppData\Roaming\KtxA0cS2iDpGaHs
2011-10-02 00:48 . 2011-10-02 00:48 -------- d-----w- c:\users\Allen_2\AppData\Roaming\XQWK7fRL9TqYeIr
2011-10-01 23:49 . 2011-10-01 23:54 -------- d-----w- c:\users\Allen_2\AppData\Roaming\b3m7TwB0iFsLhV
2011-10-01 23:49 . 2011-10-01 23:49 -------- d-----w- c:\users\Allen_2\AppData\Roaming\e7LThwVOxyvoFHW
2011-10-01 23:49 . 2011-10-01 23:49 -------- d-----w- c:\users\Allen_2\AppData\Roaming\yjeVNAuiGKgYkrt
2011-10-01 23:36 . 2011-10-01 23:36 -------- d-----w- c:\users\Allen_2\AppData\Roaming\fi3n4HsJLT
2011-10-01 23:36 . 2011-10-01 23:41 -------- d-----w- c:\users\Allen_2\AppData\Roaming\TNx0v2FpGadf
2011-10-01 23:36 . 2011-10-01 23:36 -------- d-----w- c:\users\Allen_2\AppData\Roaming\SyuoFm5J8R9TqUk
2011-10-01 01:35 . 2011-10-01 01:35 -------- d-----w- c:\users\Allen_2\AppData\Roaming\YcS1ibD3oGaHsJf
2011-10-01 01:35 . 2011-10-01 01:35 -------- d-----w- c:\users\Allen_2\AppData\Roaming\juc1ibDoGsJfLgZ
2011-10-01 01:35 . 2011-10-01 01:35 -------- d-----w- c:\users\Allen_2\AppData\Roaming\eL8gTZqhYwUrOt
2011-09-30 23:33 . 2011-09-30 23:33 -------- d-----w- c:\users\Allen_2\AppData\Roaming\ctxPcS1ib3n4m6W
2011-09-30 23:32 . 2011-09-30 23:32 -------- d-----w- c:\users\Allen_2\AppData\Roaming\ZS2obF3pGJWf9Tj
2011-09-30 23:32 . 2011-09-30 23:32 -------- d-----w- c:\users\Allen_2\AppData\Roaming\myxu2bp5HdKfL
2011-09-30 21:30 . 2011-09-30 21:30 -------- d-----w- c:\users\Allen_2\AppData\Roaming\yrzNyxAvSoFmaJd
2011-09-30 21:30 . 2011-09-30 21:30 -------- d-----w- c:\users\Allen_2\AppData\Roaming\O8fRL9hXqC
2011-09-30 21:30 . 2011-09-30 21:30 -------- d-----w- c:\users\Allen_2\AppData\Roaming\iJ6fL9hTUeINAuS
2011-09-30 21:21 . 2011-09-30 21:21 -------- d-----w- c:\users\Allen_2\AppData\Roaming\fCkrNtxcSiDpG
2011-09-30 21:21 . 2011-09-30 21:21 -------- d-----w- c:\users\Allen_2\AppData\Roaming\EByvbaW9jIyvF5d
2011-09-30 21:21 . 2011-09-30 21:21 -------- d-----w- c:\users\Allen_2\AppData\Roaming\QJERhwVltNAvoQR
2011-09-30 00:15 . 2011-09-30 00:15 -------- d-----w- c:\users\Allen\AppData\Roaming\WvoFmQd8RTjeBPy
2011-09-30 00:15 . 2011-09-30 00:15 -------- d-----w- c:\users\Allen\AppData\Roaming\r2XlNvFsERTjeBN
2011-09-30 00:15 . 2011-09-30 00:15 -------- d-----w- c:\users\Allen\AppData\Roaming\XpsJKghUlt
2011-09-30 00:02 . 2011-09-30 00:02 -------- d-----w- c:\users\Betsy\AppData\Roaming\nRYwlNuFGsd8Zhj
2011-09-30 00:02 . 2011-09-30 00:05 -------- d-----w- c:\users\Betsy\AppData\Roaming\phTXwjUCeIrPyAu
2011-09-30 00:02 . 2011-09-30 00:02 -------- d-----w- c:\users\Betsy\AppData\Roaming\D2obF4pmGsJdKfZ
2011-09-29 03:42 . 2011-09-29 03:42 -------- d-----w- c:\users\Allen_2\AppData\Roaming\uVelIBtzPyAuDoF
2011-09-29 03:42 . 2011-09-29 03:48 -------- d-----w- c:\users\Allen_2\AppData\Roaming\SzNAuipGQs7LXYk
2011-09-29 03:42 . 2011-09-29 03:42 -------- d-----w- c:\users\Allen_2\AppData\Roaming\mrNAi3n5WLTqC
2011-09-29 03:08 . 2011-09-29 03:08 2423808 ----a-w- c:\windows\system32\dycA1ivD2n4m5Q7.exe
2011-09-26 01:30 . 2011-09-26 01:30 -------- d--h--w- c:\programdata\Free Ride Games
2011-09-26 01:23 . 2011-09-26 01:23 -------- d--h--w- c:\program files\Surf Canyon
2011-09-26 01:23 . 2011-09-26 01:23 -------- d--h--w- c:\program files\PriceGong
2011-09-22 21:11 . 2011-09-22 21:11 -------- d-----w- C:\OpenCloud Security
2011-09-18 22:46 . 2011-09-29 03:47 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-09-18 22:46 . 2011-09-29 03:47 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-09-18 15:06 . 2011-10-02 22:01 -------- d-----w- c:\users\Allen_2\AppData\Roaming\Zyafom
2011-09-13 21:28 . 2011-09-13 21:28 -------- d--h--w- c:\windows\Sun
2011-09-13 19:57 . 2011-09-30 00:02 0 ---ha-w- c:\users\Betsy\AppData\Local\Azajoluracanarig.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-01 05:00 . 2011-09-01 05:00 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-16 04:37 . 2011-08-11 03:48 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 04:34 . 2011-08-11 03:48 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:31 . 2011-08-11 03:48 271360 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 04:19 . 2011-08-11 03:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 03:48 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 03:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 03:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 03:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 04:30 . 2011-08-24 01:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 02:26 . 2011-08-11 03:48 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-11 1324384]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"TgRZ9hYXwUeItPy8234A"="c:\windows\system32\dycA1ivD2n4m5Q7.exe" [2011-09-29 2423808]
.
c:\users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
vyfea.exe [2011-10-1 179712]
zayman.exe [2011-10-2 167936]
.
c:\users\Betsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
gusuux.exe [2011-10-1 179712]
roodt.exe [2011-10-2 167936]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
idigp.exe [2011-10-1 179712]
ubuzu.exe [2011-10-2 167936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-25 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 176128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-11 185712]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S2 X6XSEx;X6XSEx;c:\program files\Free Ride Games\X6XSEx.Sys [2010-11-22 46184]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ---ha-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Allen_2\AppData\Roaming\Mozilla\Firefox\Profiles\iv0wjsem.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{795F4311-02C9-4B7B-A9BB-78D4FE68A98D} - c:\windows\$BLSTUN$\lmatn.dll
Toolbar-Locked - (no file)
HKCU-Run-{C1FAF1B4-FF75-AD7E-EC5A-F928E2EADA35} - c:\users\Allen_2\AppData\Roaming\Anripe\rotuv.exe
HKCU-Run-{6809DE4F-A43E-EC38-7ECB-9851F5E974D1} - c:\users\Allen_2\AppData\Roaming\Aweb\igaxe.exe
HKCU-Run-4W1WVWUVUF7XZHXWDMFDDWXRJIIQL - c:\recycle.bin\B6232F3A9B2.exe
HKLM-Run-g000ucci3onGm6W8234A - c:\windows\system32\d777f99gTZqjCwI.exe
HKLM-Run-bipQWLqklP1oaWE8234A - c:\windows\system32\XQWLXerxvbQK9jI.exe
HKLM-Run-Lo5KwBco5KheNSm8234A - c:\windows\system32\dETktSns8.exe
HKLM-Run-yQ8hUrxvF5K9qkx8234A - c:\windows\system32\c7ZwlzA24sEZXet.exe
HKLM-Run-bEZwBS4s8YO8234A - c:\windows\system32\xu9jINu34sLjkOP.exe
HKLM-Run-UH7RgXjCkOA23aW8234A - c:\windows\system32\vrxvF56fhCByu.exe
HKLM-Run-daW8ZYwVl8234A - c:\windows\system32\dasEZwlPS3aWLZw.exe
HKU-Default-Run-DIUULhYTmDbYe.exe - c:\programdata\DIUULhYTmDbYe.exe
HKU-Default-Run-KeyboardOnlineService - c:\programdata\KeyboardOnlineService.dll
HKU-Default-Run-PbOVsnXuaBESx.exe - c:\programdata\PbOVsnXuaBESx.exe
AddRemove-$BLSTUN$ - c:\windows\$BLSTUN$\apUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2011-10-02 17:39:27 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-02 22:39
.
Pre-Run: 246,478,225,408 bytes free
Post-Run: 248,328,708,096 bytes free
.
- - End Of File - - 3BF0C4481B0170D239C255F6AE2EAC73

mh

Rookie Surfer
Rookie Surfer

Posts : 56
Joined : 2009-04-08
Operating System : Windows XP

View user profile

Back to top Go down

Re: Open Cloud Security virus

Post by Belahzur on Mon 03 Oct 2011, 10:39 am

Wow that's a messy infection.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    http://www.GeekPolice.net/t28049-open-cloud-security-virus

    KILLALL::

    Rootkit::

    Collect::
    c:\windows\system32\dycA1ivD2n4m5Q7.exe
    c:\users\Betsy\AppData\Local\Azajoluracanarig.bin
    c:\users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vyfea.exe
    c:\users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zayman.exe
    c:\users\Betsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\roodt.exe
    c:\users\Betsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gusuux.exe
    c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\idigp.exe
    c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ubuzu.exe
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\idigp.exe
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ubuzu.exe

    Folder::
    C:\OpenCloud Security
    c:\users\Allen_2\AppData\Roaming\LG4aQH6sW7E9TqY
    c:\users\Allen_2\AppData\Roaming\gwkIVrlONx0c1b
    c:\users\Allen_2\AppData\Roaming\PGQ6W8LTqCI
    c:\users\Allen_2\AppData\Roaming\yNASibF3pGHWf9
    c:\users\Allen_2\AppData\Roaming\H5gUNDsRUr1FQf
    c:\users\Allen_2\AppData\Roaming\z0D4WLjINcDaJgC
    c:\users\Allen_2\AppData\Roaming\bHgV1H9BvQX
    c:\users\Allen_2\AppData\Roaming\zQWETYVNuioasfT
    c:\users\Allen_2\AppData\Roaming\vTCrxSFadfTYIO0
    c:\users\Allen_2\AppData\Roaming\pxP0ycS1iDoFaHs
    c:\users\Allen_2\AppData\Roaming\nP0ycS1iv3n4msJ
    c:\users\Allen_2\AppData\Roaming\LtxP0ycS1v3n4ms
    c:\users\Allen_2\AppData\Roaming\ExP0ycS1iDoFaHs
    c:\users\Allen_2\AppData\Roaming\OSG8jyFaKXkN2nW
    c:\users\Allen_2\AppData\Roaming\Z46hI1pWXBxS
    c:\users\Allen_2\AppData\Roaming\ev4Q8TezA2mJfqI
    c:\users\Allen_2\AppData\Roaming\Tuqof
    c:\users\Allen_2\AppData\Roaming\VS2ibF3pn5Q6W7L
    c:\users\Allen_2\AppData\Roaming\mD4J8YePv4Q9jBy
    c:\users\Allen_2\AppData\Roaming\B0Sbp4HWf9ZYkrN
    c:\users\Allen_2\AppData\Roaming\iP0ycSvo4HW7L
    c:\users\Allen_2\AppData\Roaming\Rs7LThwVOx0
    c:\users\Allen_2\AppData\Roaming\iEXzo7Ycsjxo7wy
    c:\users\Allen_2\AppData\Roaming\HHWfLTjwVOxu1D
    c:\users\Allen_2\AppData\Roaming\Y0c1ivD2oFpHsJd
    c:\users\Allen_2\AppData\Roaming\KtxA0cS2iDpGaHs
    c:\users\Allen_2\AppData\Roaming\XQWK7fRL9TqYeIr
    c:\users\Allen_2\AppData\Roaming\b3m7TwB0iFsLhV
    c:\users\Allen_2\AppData\Roaming\e7LThwVOxyvoFHW
    c:\users\Allen_2\AppData\Roaming\yjeVNAuiGKgYkrt
    c:\users\Allen_2\AppData\Roaming\fi3n4HsJLT
    c:\users\Allen_2\AppData\Roaming\TNx0v2FpGadf
    c:\users\Allen_2\AppData\Roaming\SyuoFm5J8R9TqUk
    c:\users\Allen_2\AppData\Roaming\YcS1ibD3oGaHsJf
    c:\users\Allen_2\AppData\Roaming\juc1ibDoGsJfLgZ
    c:\users\Allen_2\AppData\Roaming\eL8gTZqhYwUrOt
    c:\users\Allen_2\AppData\Roaming\ctxPcS1ib3n4m6W
    c:\users\Allen_2\AppData\Roaming\ZS2obF3pGJWf9Tj
    c:\users\Allen_2\AppData\Roaming\myxu2bp5HdKfL
    c:\users\Allen_2\AppData\Roaming\yrzNyxAvSoFmaJd
    c:\users\Allen_2\AppData\Roaming\O8fRL9hXqC
    c:\users\Allen_2\AppData\Roaming\iJ6fL9hTUeINAuS
    c:\users\Allen_2\AppData\Roaming\fCkrNtxcSiDpG
    c:\users\Allen_2\AppData\Roaming\EByvbaW9jIyvF5d
    c:\users\Allen_2\AppData\Roaming\QJERhwVltNAvoQR
    c:\users\Allen\AppData\Roaming\WvoFmQd8RTjeBPy
    c:\users\Allen\AppData\Roaming\r2XlNvFsERTjeBN
    c:\users\Allen\AppData\Roaming\XpsJKghUlt
    c:\users\Betsy\AppData\Roaming\nRYwlNuFGsd8Zhj
    c:\users\Betsy\AppData\Roaming\phTXwjUCeIrPyAu
    c:\users\Betsy\AppData\Roaming\D2obF4pmGsJdKfZ
    c:\users\Allen_2\AppData\Roaming\uVelIBtzPyAuDoF
    c:\users\Allen_2\AppData\Roaming\SzNAuipGQs7LXYk
    c:\users\Allen_2\AppData\Roaming\mrNAi3n5WLTqC
    c:\users\Allen_2\AppData\Roaming\Zyafom

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TgRZ9hYXwUeItPy8234A"=-

    Reboot::
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


Note: Combofix will alert you that it wants to upload some files for analysis - don't be alarmed, this is normal. Please ensure you have a working connection so the files can be uploaded.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Open Cloud Security virus

Post by mh on Mon 03 Oct 2011, 2:37 pm

ComboFix 11-10-02.03 - Allen_2 10/02/2011 21:45:10.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.2215 [GMT -5:00]
Running from: c:\users\Allen_2\Downloads\combofix.exe.exe
Command switches used :: c:\users\Allen_2\Downloads\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
file zipped: c:\users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vyfea.exe
file zipped: c:\users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zayman.exe
file zipped: c:\users\Betsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gusuux.exe
file zipped: c:\users\Betsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\roodt.exe
file zipped: c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\idigp.exe
file zipped: c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ubuzu.exe
file zipped: c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\idigp.exe
file zipped: c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ubuzu.exe
file zipped: c:\windows\system32\dycA1ivD2n4m5Q7.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\OpenCloud Security
c:\opencloud security\OpenCloud Security.lnk
c:\users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vyfea.exe
c:\users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zayman.exe
c:\users\Allen\AppData\Roaming\r2XlNvFsERTjeBN
c:\users\Allen\AppData\Roaming\WvoFmQd8RTjeBPy
c:\users\Allen\AppData\Roaming\XpsJKghUlt
c:\users\Allen_2\AppData\Roaming\B0Sbp4HWf9ZYkrN
c:\users\Allen_2\AppData\Roaming\b3m7TwB0iFsLhV
c:\users\Allen_2\AppData\Roaming\b3m7TwB0iFsLhV\oc448393_w32.bat
c:\users\Allen_2\AppData\Roaming\bHgV1H9BvQX
c:\users\Allen_2\AppData\Roaming\ctxPcS1ib3n4m6W
c:\users\Allen_2\AppData\Roaming\e7LThwVOxyvoFHW
c:\users\Allen_2\AppData\Roaming\EByvbaW9jIyvF5d
c:\users\Allen_2\AppData\Roaming\eL8gTZqhYwUrOt
c:\users\Allen_2\AppData\Roaming\ev4Q8TezA2mJfqI
c:\users\Allen_2\AppData\Roaming\ExP0ycS1iDoFaHs
c:\users\Allen_2\AppData\Roaming\fCkrNtxcSiDpG
c:\users\Allen_2\AppData\Roaming\fi3n4HsJLT
c:\users\Allen_2\AppData\Roaming\gwkIVrlONx0c1b
c:\users\Allen_2\AppData\Roaming\gwkIVrlONx0c1b\oc493711_w32.bat
c:\users\Allen_2\AppData\Roaming\gwkIVrlONx0c1bOpenCloud Security.ico
c:\users\Allen_2\AppData\Roaming\H5gUNDsRUr1FQf
c:\users\Allen_2\AppData\Roaming\HHWfLTjwVOxu1D
c:\users\Allen_2\AppData\Roaming\iEXzo7Ycsjxo7wy
c:\users\Allen_2\AppData\Roaming\iJ6fL9hTUeINAuS
c:\users\Allen_2\AppData\Roaming\iP0ycSvo4HW7L
c:\users\Allen_2\AppData\Roaming\juc1ibDoGsJfLgZ
c:\users\Allen_2\AppData\Roaming\KtxA0cS2iDpGaHs
c:\users\Allen_2\AppData\Roaming\KtxA0cS2iDpGaHs\oc419486_w32.bat
c:\users\Allen_2\AppData\Roaming\LG4aQH6sW7E9TqY
c:\users\Allen_2\AppData\Roaming\LtxP0ycS1v3n4ms
c:\users\Allen_2\AppData\Roaming\mD4J8YePv4Q9jBy
c:\users\Allen_2\AppData\Roaming\mrNAi3n5WLTqC
c:\users\Allen_2\AppData\Roaming\myxu2bp5HdKfL
c:\users\Allen_2\AppData\Roaming\nP0ycS1iv3n4msJ
c:\users\Allen_2\AppData\Roaming\O8fRL9hXqC
c:\users\Allen_2\AppData\Roaming\OSG8jyFaKXkN2nW
c:\users\Allen_2\AppData\Roaming\OSG8jyFaKXkN2nW\oc414869_w32.bat
c:\users\Allen_2\AppData\Roaming\PGQ6W8LTqCI
c:\users\Allen_2\AppData\Roaming\pxP0ycS1iDoFaHs
c:\users\Allen_2\AppData\Roaming\QJERhwVltNAvoQR
c:\users\Allen_2\AppData\Roaming\Rs7LThwVOx0
c:\users\Allen_2\AppData\Roaming\Rs7LThwVOx0\oc394744_w32.bat
c:\users\Allen_2\AppData\Roaming\SyuoFm5J8R9TqUk
c:\users\Allen_2\AppData\Roaming\SzNAuipGQs7LXYk
c:\users\Allen_2\AppData\Roaming\TNx0v2FpGadf
c:\users\Allen_2\AppData\Roaming\TNx0v2FpGadf\oc409268_w32.bat
c:\users\Allen_2\AppData\Roaming\Tuqof
c:\users\Allen_2\AppData\Roaming\Tuqof\awpap.apo
c:\users\Allen_2\AppData\Roaming\Tuqof\awpap.apo.0
c:\users\Allen_2\AppData\Roaming\uVelIBtzPyAuDoF
c:\users\Allen_2\AppData\Roaming\VS2ibF3pn5Q6W7L
c:\users\Allen_2\AppData\Roaming\vTCrxSFadfTYIO0
c:\users\Allen_2\AppData\Roaming\XQWK7fRL9TqYeIr
c:\users\Allen_2\AppData\Roaming\Y0c1ivD2oFpHsJd
c:\users\Allen_2\AppData\Roaming\YcS1ibD3oGaHsJf
c:\users\Allen_2\AppData\Roaming\yjeVNAuiGKgYkrt
c:\users\Allen_2\AppData\Roaming\yNASibF3pGHWf9
c:\users\Allen_2\AppData\Roaming\yrzNyxAvSoFmaJd
c:\users\Allen_2\AppData\Roaming\z0D4WLjINcDaJgC
c:\users\Allen_2\AppData\Roaming\Z46hI1pWXBxS
c:\users\Allen_2\AppData\Roaming\zQWETYVNuioasfT
c:\users\Allen_2\AppData\Roaming\zQWETYVNuioasfT\oc484164_w32.bat
c:\users\Allen_2\AppData\Roaming\ZS2obF3pGJWf9Tj
c:\users\Allen_2\AppData\Roaming\Zyafom
c:\users\Betsy\AppData\Local\Azajoluracanarig.bin
c:\users\Betsy\AppData\Roaming\D2obF4pmGsJdKfZ
c:\users\Betsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gusuux.exe
c:\users\Betsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\roodt.exe
c:\users\Betsy\AppData\Roaming\nRYwlNuFGsd8Zhj
c:\users\Betsy\AppData\Roaming\phTXwjUCeIrPyAu
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\idigp.exe
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ubuzu.exe
c:\windows\system32\dycA1ivD2n4m5Q7.exe
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2011-09-03 to 2011-10-03 )))))))))))))))))))))))))))))))
.
.
2011-10-03 02:55 . 2011-10-03 03:23 -------- d-----w- c:\users\Allen_2\AppData\Local\temp
2011-10-03 02:55 . 2011-10-03 02:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-03 02:55 . 2011-10-03 02:55 -------- d-----w- c:\users\Betsy\AppData\Local\temp
2011-10-03 02:55 . 2011-10-03 02:55 -------- d-----w- c:\users\Allen\AppData\Local\temp
2011-10-03 02:55 . 2011-10-03 02:55 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-09-26 01:30 . 2011-09-26 01:30 -------- d-----w- c:\programdata\Free Ride Games
2011-09-26 01:23 . 2011-09-26 01:23 -------- d-----w- c:\program files\Surf Canyon
2011-09-26 01:23 . 2011-09-26 01:23 -------- d-----w- c:\program files\PriceGong
2011-09-18 22:46 . 2011-09-29 03:47 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-09-18 22:46 . 2011-09-29 03:47 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-09-13 21:28 . 2011-09-13 21:28 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-01 05:00 . 2011-09-01 05:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-16 04:37 . 2011-08-11 03:48 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 04:34 . 2011-08-11 03:48 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:31 . 2011-08-11 03:48 271360 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 04:19 . 2011-08-11 03:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 03:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 03:48 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 03:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 03:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 03:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 04:30 . 2011-08-24 01:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 02:26 . 2011-08-11 03:48 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-11 1324384]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
c:\users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 CFcatchme;CFcatchme;c:\users\Allen_2\AppData\Local\Temp\CFcatchme.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-25 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 176128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-11 185712]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S2 X6XSEx;X6XSEx;c:\program files\Free Ride Games\X6XSEx.Sys [2010-11-22 46184]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Allen_2\AppData\Roaming\Mozilla\Firefox\Profiles\iv0wjsem.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
.
**************************************************************************
.
Completion time: 2011-10-02 22:32:43 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-03 03:32
ComboFix2.txt 2011-10-02 22:39
.
Pre-Run: 247,954,305,024 bytes free
Post-Run: 247,845,347,328 bytes free
.
- - End Of File - - 970941E67F3ADAD52ED2DBE16E69C32F
Upload was successful

mh

Rookie Surfer
Rookie Surfer

Posts : 56
Joined : 2009-04-08
Operating System : Windows XP

View user profile

Back to top Go down

Re: Open Cloud Security virus

Post by Belahzur on Tue 04 Oct 2011, 3:33 am

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Open Cloud Security virus

Post by mh on Tue 04 Oct 2011, 9:59 am

Below are the contents of the log file. Feels like its too little, not sure what happened. There were 54 infected files that were cleaned. Did I do something wrong?

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

mh

Rookie Surfer
Rookie Surfer

Posts : 56
Joined : 2009-04-08
Operating System : Windows XP

View user profile

Back to top Go down

Re: Open Cloud Security virus

Post by Belahzur on Tue 04 Oct 2011, 9:42 pm

Hello.
No you didn't, it worked fine. Just some old programs to update now.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Adobe Reader 9.1
    Java(TM) 6 Update 14

  • Click on the Uninstall/Change button at the top.

Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 7.
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-7-windows-i586.exe that you downloaded to install the newest version.

Please download Firefox 7.0.1 and install it. It will install over version 3.6.22 you currently have installed, so you won't lose any bookmarked websites.

Download and install VLC Player 1.1.11
When installing, it will ask if you want to uninstall the old version first before it can install the new version, so please select yes and allow it to install.

Then download and install Adobe Reader X

How is the machine running now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Open Cloud Security virus

Post by mh on Wed 05 Oct 2011, 9:58 am

I'm afraid, I can't do what you asked. Currently, Windows is not able to load on the laptop. I had no problems using it last night, but then it started giving the following message when it was up again:

"Windows Error Recovery

Windows failed to start. A recent hardware or software change might be the cause."

So I launched startup repair, but it didn't help. I've tried repairing/restarting it 7 times and still no luck. Please tell me what I need to do. Thanks so much for your help thus far!!

mh

Rookie Surfer
Rookie Surfer

Posts : 56
Joined : 2009-04-08
Operating System : Windows XP

View user profile

Back to top Go down

Re: Open Cloud Security virus

Post by Belahzur on Sat 08 Oct 2011, 1:10 am

So it wont boot at all now? hmm.

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

  • Place a blank CD-R disc in to your CD burning drive.
  • Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings

  • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Open Cloud Security virus

Post by mh on Sat 08 Oct 2011, 10:58 am

Hi,

Before your post, I went ahead and ran the Toshiba Recovery Wizard which allowed Windows to run again and changed the settings back to when the laptop was purchased. I chose only the first partition to be overwritten. Does this mean that the virus/spyware are now gone? What do I need to do now that the system isn't the same as when I last posted an inquiry here? Please guide me through this. Most of the programs that were installed before are now gone.

Thank you.

mh

Rookie Surfer
Rookie Surfer

Posts : 56
Joined : 2009-04-08
Operating System : Windows XP

View user profile

Back to top Go down

Re: Open Cloud Security virus

Post by mh on Thu 13 Oct 2011, 8:08 am

Can someone please help me?

mh

Rookie Surfer
Rookie Surfer

Posts : 56
Joined : 2009-04-08
Operating System : Windows XP

View user profile

Back to top Go down

Re: Open Cloud Security virus

Post by Sponsored content Today at 8:04 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum