 |
Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
|
| View previous topic :: View next topic |
| Author |
Message |
mcnubbins
Junior Member
Joined: 22 Nov 2008
Last Visit: 27 Dec 2011
Posts: 37
|
 Posted: Sun Dec 18, 2011 8:08 pm Post subject: Possible Key Logger |
 |
|
Hello Spyware Helper,
My daughter uses my PC to play WoW and had an issue where her acct was hacked around Dec 3-4 this year. I have Kaspersky running on the PC and did not notice anything come up to indicate such activity, but I alos noticed today that she had Kaspersky paused and I'm not sure how long for. She is the only one using the PC from the past 3 months so not sure at all what may have happened to allow the acct to be hacked.
I restored the security today, updated Kaspersky and ran a critical area scan. It came up clean, but I am still worried that there may be some kind of hidden key logger given the WoW acct was hacked and that seems to be the weapon of choice for those type of hackers. I was hoping you guys could help me with a thorough check to ensure the PC is in fact clean. Any help you could provide would be very much appreciated.
The following is the DDS and Attach logs * Please note that there are multiple Windows accts and the following DDS was ran from my daughters logon which is a limited User acct. If you need me to run it instead from an Administrator acct let me know and I'll repost if necessary.
Thanks again in advance for helping out,
James
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by McNubbins at 22:45:05 on 2011-12-18
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3582.2341 [GMT -5:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [EADM] "c:\program files\origin\Origin.exe" -AutoStart
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Razer Naga Driver] c:\program files\razer\naga\RazerNagaSysTray.exe
mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5D6A8D89-8689-4F67-91F1-70F20D4154AC} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A6FB630C-32CA-4C2A-9B41-FB374279C6C1} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CF6BB1E5-FFF4-4DEB-9855-08A653B3BB43} : DhcpNameServer = 192.168.0.1
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\kloehk.dll
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 22104]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsl5605b322;MpKsl5605b322;c:\programdata\microsoft\microsoft antimalware\definition updates\{293ba0bf-5fba-4a88-ba2f-a89eb4ba1c2d}\MpKsl5605b322.sys [2011-12-18 29904]
R1 MpKsl67a605b9;MpKsl67a605b9;c:\programdata\microsoft\microsoft antimalware\definition updates\{293ba0bf-5fba-4a88-ba2f-a89eb4ba1c2d}\MpKsl67a605b9.sys [2011-12-18 29904]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-11-2 365336]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-9-16 2253120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-10-14 381248]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-5-30 15872]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-1-7 375808]
S3 RzSynapse;Razer Driver;c:\windows\system32\drivers\RzSynapse.sys [2011-3-31 103424]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-30 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-2 1343400]
.
=============== Created Last 30 ================
.
2011-12-19 03:01:58 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{293ba0bf-5fba-4a88-ba2f-a89eb4ba1c2d}\MpKsl5605b322.sys
2011-12-18 20:36:45 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{293ba0bf-5fba-4a88-ba2f-a89eb4ba1c2d}\MpKsl67a605b9.sys
2011-12-18 20:36:35 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{293ba0bf-5fba-4a88-ba2f-a89eb4ba1c2d}\offreg.dll
2011-12-18 20:36:33 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{293ba0bf-5fba-4a88-ba2f-a89eb4ba1c2d}\mpengine.dll
2011-12-15 23:37:07 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 23:37:04 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 23:36:57 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 23:36:56 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 23:36:54 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 23:36:54 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-11-23 00:43:18 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-11-23 00:43:18 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-11-23 00:43:18 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-11-23 00:43:17 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-11-23 00:43:17 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-11-23 00:43:17 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-11-23 00:43:16 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-11-23 00:43:16 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-11-23 00:43:15 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-11-23 00:43:15 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-11-23 00:43:15 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-11-23 00:43:14 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
.
==================== Find3M ====================
.
2011-12-18 21:10:22 140072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-12-18 21:10:12 280904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-12-18 21:10:12 280904 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-12-18 21:08:35 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-11-23 00:43:53 138056 ----a-w- c:\users\mcnubbins\appdata\roaming\PnkBstrK.sys
2011-11-23 00:43:30 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-11-12 14:33:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-15 04:54:52 321856 ----a-w- c:\windows\system32\nvStreaming.exe
2011-09-29 16:03:04 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 22:46:15.91 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 1/2/2011 7:28:59 PM
System Uptime: 12/18/2011 10:01:27 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M2N32-SLI DELUXE
Processor: AMD Phenom(tm) 9600 Quad-Core Processor | Socket AM2 | 2310/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 1397 GiB total, 1217.217 GiB free.
D: is FIXED (NTFS) - 1397 GiB total, 411.381 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: D-Link DWA-552 XtremeN Desktop Adapter
Device ID: PCI\VEN_168C&DEV_0023&SUBSYS_3A6D1186&REV_01\4&238684EF&0&3870
Manufacturer: Atheros Communications Inc.
Name: D-Link DWA-552 XtremeN Desktop Adapter
PNP Device ID: PCI\VEN_168C&DEV_0023&SUBSYS_3A6D1186&REV_01\4&238684EF&0&3870
Service: athr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl6ca2a147
Device ID: ROOT\LEGACY_MPKSL6CA2A147\0000
Manufacturer:
Name: MpKsl6ca2a147
PNP Device ID: ROOT\LEGACY_MPKSL6CA2A147\0000
Service: MpKsl6ca2a147
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl98fe2048
Device ID: ROOT\LEGACY_MPKSL98FE2048\0000
Manufacturer:
Name: MpKsl98fe2048
PNP Device ID: ROOT\LEGACY_MPKSL98FE2048\0000
Service: MpKsl98fe2048
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsla564c07f
Device ID: ROOT\LEGACY_MPKSLA564C07F\0000
Manufacturer:
Name: MpKsla564c07f
PNP Device ID: ROOT\LEGACY_MPKSLA564C07F\0000
Service: MpKsla564c07f
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsle9960542
Device ID: ROOT\LEGACY_MPKSLE9960542\0000
Manufacturer:
Name: MpKsle9960542
PNP Device ID: ROOT\LEGACY_MPKSLE9960542\0000
Service: MpKsle9960542
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl18baf821
Device ID: ROOT\LEGACY_MPKSL18BAF821\0000
Manufacturer:
Name: MpKsl18baf821
PNP Device ID: ROOT\LEGACY_MPKSL18BAF821\0000
Service: MpKsl18baf821
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl4988c8f8
Device ID: ROOT\LEGACY_MPKSL4988C8F8\0000
Manufacturer:
Name: MpKsl4988c8f8
PNP Device ID: ROOT\LEGACY_MPKSL4988C8F8\0000
Service: MpKsl4988c8f8
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
Device ID: USB\VID_0BDA&PID_8187\0015AF07E81E
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
PNP Device ID: USB\VID_0BDA&PID_8187\0015AF07E81E
Service: RTL8187
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl4d1e944a
Device ID: ROOT\LEGACY_MPKSL4D1E944A\0000
Manufacturer:
Name: MpKsl4d1e944a
PNP Device ID: ROOT\LEGACY_MPKSL4D1E944A\0000
Service: MpKsl4d1e944a
.
==== System Restore Points ===================
.
RP156: 11/27/2011 2:41:30 PM - Windows Update
RP157: 11/30/2011 7:03:57 PM - Windows Update
RP158: 12/4/2011 3:07:52 PM - Windows Update
RP159: 12/7/2011 6:59:33 PM - Windows Update
RP160: 12/11/2011 6:45:35 PM - Windows Update
RP161: 12/15/2011 6:42:28 PM - Windows Update
RP162: 12/15/2011 6:47:44 PM - Windows Update
.
==== Installed Programs ======================
.
Active@ ISO Burner
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Illustrator 9.0
Adobe Photoshop 7.0
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.5
Adobe SVG Viewer
Battlefield 3™
Battlelog Web Plugins
BreezeBrowser Pro
Counter-Strike: Source
DVD Decrypter (Remove Only)
ESN Sonar
ffdshow v1.1.3949 [2011-07-25]
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Kaspersky Internet Security 2011
Left 4 Dead
Left 4 Dead 2
Logitech GamePanel Software 3.06.109
Malwarebytes' Anti-Malware
Microsoft Antimalware
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
NVIDIA 3D Vision Controller Driver 285.62
NVIDIA 3D Vision Driver 285.62
NVIDIA Control Panel 285.62
NVIDIA Graphics Driver 285.62
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.5.20
NVIDIA Update Components
Origin
PlayFLV
Portal
Portal 2
PowerISO
PunkBuster Services
Razer Naga
Star Trek Online
Star Wars®: Knights of the Old Republic (TM)
StarCraft II
Steam
System Requirements Lab
Team Fortress 2
Ventrilo Client
WinRAR archiver
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
12/18/2011 10:03:05 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-1 from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/17/2011 1:49:58 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer PANGUR_BAN that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A6FB630C-32CA-4C2A-9B41-FB37427. The master browser is stopping or an election is being forced.
12/16/2011 2:55:04 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
.
==== End Of File =========================== |
|
| Back to top |
|
 |
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 24 May 2013
Posts: 4045
Location: Land Of The Leprechauns
|
| Posted: Thu Dec 22, 2011 8:53 am Post subject: |
|
|
Hi and welcome back to Spyware Warrior Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.
Before we start please note the following important guidelines. - If you don't know or understand something, please don't hesitate to ask.
- Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
- Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
Remember, absence of symptoms does not mean the infection is all gone.
- Please DO NOT run any other tools or scans whilst I am helping you.
- Please DO NOT install any other software (or hardware) during the cleaning process.
- Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
- Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
- Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Note: If you haven't done so already, please read this topic Things to know before you post where the conditions for receiving help here are explained.
| Quote: |
| Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop. |
Because of this, I advise you to backup any personal files and folders before you start
multiple Anti Virus programs
- It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:
| Quote: |
Kaspersky Internet Security
Microsoft Security Essentials |
Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.
Please remove one of them.
Next.
Punkbuster warning
I see you have Punkbuster installed.( read the section on Published features) This is spyware. Punkbuster can take control over various aspects of your computer, and some gaming tools not unlike Punkbuster also hinder their removals. By the definition we handle here, Punkbuster is actual spyware. Therefore, I now ask you to decide the following:
- Either we try to leave Punkbuster alone but there is no guarantee a spyware component doesn't 'accidentally' get taken out; so Punkbuster might break. This will, of course, also break your ability to play games using Punkbuster enabled servers.
- Or we can just remove Punkbuster. You can reinstall it afterwards if you wish, but please keep in mind that It is spyware.
- Another option is to not clean this computer at all. This ensures Punkbuster will continue to function.
Before we continue please let me know what you would like to do.
_________________
Admin/Teacher at Malware Removal University
Member of...
 |
|
| Back to top |
|
|
mcnubbins
Junior Member
Joined: 22 Nov 2008
Last Visit: 27 Dec 2011
Posts: 37
|
| Posted: Thu Dec 22, 2011 3:45 pm Post subject: |
|
|
Hello Cypher,
Thanks very much for your response and help with this issue.
No, I haven't taken any other steps so far or made any other posts concerning this issue.
My daughter and I play BF3 on nearly a daily basis which has a great deal of servers that requires Punkbuster. I would prefer to try and work through the cleaning process without removing it if at all possible. However, if it becomes too difficult to work with I can remove it. I understand that the process could break it though and if it does is it a situation were I can just reinstall it later then?
Thanks again for all your help, I really appreciate it.
Regards,
James |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 24 May 2013
Posts: 4045
Location: Land Of The Leprechauns
|
| Posted: Fri Dec 23, 2011 2:37 am Post subject: |
|
|
Hi mcnubbins,
| Quote: |
| Thanks very much for your response and help with this issue. |
You're welcome.
Ok continue with the instructions below.
Windows 7 Advice:
- All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
- Your Operating System in use comes with a inbuilt utility called User Access Control(UAC).
- When prompted by this with anything I ask you to do carry out please select the option Allow.
I see you already have Malwarebytes Anti-Malware installed:
- Launch the application, Check for Updates >> Perform Quick Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
- When completed, a log will open in Notepad. please copy and paste the log into your next reply.
- The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Next.
Please download OTL by Old Timer and save it to your Desktop.
- Right click on OTL.exe And select Run as administrator to run it.
- Under Output, ensure that Standard Output is selected.
- Under Extra Registry section, select Use SafeList.
- Click the Scan All Users checkbox.
- Click on Run Scan at the top left hand corner.
- When done, two Notepad files will open.
- OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized
- Please post the contents of these 2 Notepad files in your next reply.
Logs/Information to Post in your Next Reply
- Malwarebytes log.
- OTL.txt and Extra.txt contents.
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
mcnubbins
Junior Member
Joined: 22 Nov 2008
Last Visit: 27 Dec 2011
Posts: 37
|
| Posted: Sun Dec 25, 2011 9:45 am Post subject: |
|
|
Hello Cypher and thanks again for your help.
Just a quick not that I did change out the video card on this machine sinse my last communication.
The following are the logs you requested:
Thanks again,
McNubbins
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 911122503
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
12/22/2011 11:56:42 AM
mbam-log-2011-12-22 (11-56-42).txt
Scan type: Quick scan
Objects scanned: 172342
Time elapsed: 5 minute(s), 7 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
********************************************
OTL logfile created on: 12/22/2011 11:59:16 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bubbles\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.50 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 70.37% Memory free
7.00 Gb Paging File | 5.61 Gb Available in Paging File | 80.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1397.17 Gb Total Space | 1216.64 Gb Free Space | 87.08% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 431.57 Gb Free Space | 30.89% Space Free | Partition Type: NTFS
Computer Name: HAL-2009 | User Name: McNubbins | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/12/22 11:52:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bubbles\Desktop\OTL.exe
PRC - [2011/11/09 22:11:50 | 000,417,792 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/11/09 22:11:20 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/11/09 22:07:44 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/02 21:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2010/08/03 09:05:54 | 000,358,472 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
========== Modules (No Company Name) ==========
MOD - [2011/11/09 22:10:38 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/11/09 22:07:50 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2011/10/25 18:23:53 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\273292e88c7b60ecbae9d85e94cd097e\WindowsFormsIntegration.ni.dll
MOD - [2011/10/25 18:21:56 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2011/10/25 18:08:11 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011/10/25 18:08:04 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/10/25 18:07:49 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
MOD - [2011/10/25 18:07:48 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/10/25 18:07:37 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/25 18:07:29 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/25 18:07:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/25 18:07:05 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MOD - [2011/10/25 18:06:58 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/25 18:06:53 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/25 18:06:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/25 18:06:43 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/25 18:06:26 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/03/22 16:54:06 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/12/19 18:47:39 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/11/09 22:11:20 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/11/09 22:07:44 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/01/02 22:19:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/02 21:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - [2011/12/22 11:48:08 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{44EE2E65-3F3E-4384-8650-6CB7717A3986}\MpKsl21ed884a.sys -- (MpKsl21ed884a)
DRV - [2011/11/09 22:44:12 | 008,913,920 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/11/09 21:12:20 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/10/17 12:40:44 | 000,085,520 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/06/24 06:25:26 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.01)
DRV - [2011/05/04 17:10:42 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/03/31 14:01:50 | 000,103,424 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RzSynapse.sys -- (RzSynapse)
DRV - [2011/02/15 21:19:46 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/06/09 15:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 15:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/04/22 17:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2010/04/12 03:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2010/01/07 03:20:22 | 000,375,808 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2009/11/23 16:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009/11/23 16:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009/11/02 18:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/10/05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 17:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2007/10/03 22:55:36 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2007/10/03 22:55:28 | 000,015,400 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2007/10/03 22:55:08 | 000,080,424 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SI3132.sys -- (SI3132)
DRV - [2007/07/23 10:56:58 | 000,042,624 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Alpham1.sys -- (Alpham1)
DRV - [2007/03/20 12:49:52 | 000,018,432 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Alpham2.sys -- (Alpham2)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-75803724-854183212-86490946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-75803724-854183212-86490946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-75803724-854183212-86490946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-75803724-854183212-86490946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 B9 85 27 E5 AA CB 01 [binary data]
IE - HKU\S-1-5-21-75803724-854183212-86490946-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-75803724-854183212-86490946-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-75803724-854183212-86490946-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-75803724-854183212-86490946-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-75803724-854183212-86490946-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 08 4C A4 85 95 CC 01 [binary data]
IE - HKU\S-1-5-21-75803724-854183212-86490946-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/06/03 13:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011/06/03 13:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011/06/03 13:04:42 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2011/03/26 20:29:33 | 000,622,039 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com #[server down?]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16422 more lines...
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-75803724-854183212-86490946-1000..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-75803724-854183212-86490946-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-75803724-854183212-86490946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-75803724-854183212-86490946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-75803724-854183212-86490946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-75803724-854183212-86490946-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-75803724-854183212-86490946-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-75803724-854183212-86490946-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D6A8D89-8689-4F67-91F1-70F20D4154AC}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6FB630C-32CA-4C2A-9B41-FB374279C6C1}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF6BB1E5-FFF4-4DEB-9855-08A653B3BB43}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) -C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2d214fea-16e3-11e0-a940-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2d214fea-16e3-11e0-a940-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/12/22 11:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/12/22 11:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2011/12/22 11:35:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/12/22 11:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/12/22 11:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011/12/22 11:34:43 | 000,037,944 | ---- | C] (Advanced Micro Devices) -- C:\Windows\System32\drivers\amdiox86.sys
[2011/12/22 11:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/12/22 11:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/12/22 11:31:19 | 000,000,000 | ---D | C] -- C:\ATI
[2011/12/15 18:48:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/15 18:48:35 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/15 18:48:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/15 18:48:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/15 18:48:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/15 18:48:31 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/15 18:37:07 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/15 18:37:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/15 18:36:57 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/15 18:36:56 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/15 18:36:54 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/15 18:36:54 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/11/22 19:43:18 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2011/11/22 19:43:18 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2011/11/22 19:43:18 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2011/11/22 19:43:17 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2011/11/22 19:43:17 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2011/11/22 19:43:17 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2011/11/22 19:43:16 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2011/11/22 19:43:16 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2011/11/22 19:43:15 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2011/11/22 19:43:15 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2011/11/22 19:43:15 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2011/11/22 19:43:14 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
========== Files - Modified Within 30 Days ==========
[2011/12/22 11:44:09 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/22 11:44:09 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/22 11:43:14 | 000,140,072 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/12/22 11:43:05 | 000,280,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011/12/22 11:42:32 | 000,617,222 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/22 11:42:32 | 000,104,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/22 11:36:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/22 11:36:55 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/12/22 11:36:41 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/21 19:38:48 | 000,280,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2011/12/21 13:23:28 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/18 22:46:50 | 000,001,012 | ---- | M] () -- C:\Windows\wininit.ini
[2011/12/16 13:50:11 | 000,268,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/26 14:05:04 | 297,992,157 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/25 14:48:44 | 000,001,201 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/11/23 23:25:27 | 002,342,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/11/22 19:44:34 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011/11/22 19:43:53 | 000,138,056 | ---- | M] () -- C:\Users\McNubbins\AppData\Roaming\PnkBstrK.sys
========== Files Created - No Company Name ==========
[2011/12/22 11:36:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/12/18 22:41:57 | 000,001,012 | ---- | C] () -- C:\Windows\wininit.ini
[2011/11/09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011/11/09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/11/09 21:28:32 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011/11/09 21:28:32 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011/10/25 19:16:50 | 000,140,072 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/10/25 19:16:49 | 000,138,056 | ---- | C] () -- C:\Users\McNubbins\AppData\Roaming\PnkBstrK.sys
[2011/10/25 19:16:10 | 000,280,904 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/10/25 19:16:08 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/10/21 14:30:14 | 000,243,168 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/10/14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/08/25 13:14:07 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/05/30 16:08:09 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/05/30 16:06:21 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/04 17:12:07 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011/05/04 17:12:07 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011/04/28 10:49:40 | 000,011,264 | ---- | C] () -- C:\Windows\DCEBoot.exe
[2011/04/28 10:39:51 | 000,000,036 | ---- | C] () -- C:\Users\McNubbins\AppData\Local\housecall.guid.cache
[2011/03/13 10:27:28 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011/01/04 23:37:01 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/09/09 17:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,268,184 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,617,222 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,104,496 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/08/13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
========== Alternate Data Streams ==========
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:3EFB0FE0
< End of report >
*********************************************
OTL Extras logfile created on: 12/22/2011 11:59:16 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bubbles\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.50 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 70.37% Memory free
7.00 Gb Paging File | 5.61 Gb Available in Paging File | 80.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1397.17 Gb Total Space | 1216.64 Gb Free Space | 87.08% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 431.57 Gb Free Space | 30.89% Space Free | Partition Type: NTFS
Computer Name: HAL-2009 | User Name: McNubbins | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{05CAF469-9765-8FBF-10AD-FD621091824A}" = CCC Help English
"{10900ADA-A280-4fd4-ADC6-FC290B758283}" = BreezeBrowser Pro
"{26D4FB2E-BA55-3E2C-CC6F-97D6A0A74306}" = AMD Fuel
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic (TM)
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{305C431C-CC6E-5506-CE75-29512315D306}" = AMD Drag and Drop Transcoding
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4E1D0591-14F7-736E-143A-62DC3E552A1A}" = Catalyst Control Center InstallProxy
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{6F64A42C-6D93-6788-EB4F-07CC066DE194}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{76D1FBEB-FBBF-0D1E-BB0A-CAA0D19E2C7F}" = ccc-utility
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D8B8115-40C1-A707-B7DA-599514076A81}" = AMD VISION Engine Control Center
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A942958E-AF92-7901-861B-7F373A1B6ABA}" = AMD Catalyst Install Manager
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{ED4108A9-60FD-4F18-AF42-122219977773}" = Razer Naga
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F48756D1-A348-2DA5-B59B-DF39F293F750}" = AMD Media Foundation Decoders
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator 9.0" = Adobe Illustrator 9.0
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer
"Battlelog Web Plugins" = Battlelog Web Plugins
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ESN Sonar-0.70.4" = ESN Sonar
"ffdshow_is1" = ffdshow v1.1.3949 [2011-07-25]
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft Security Client" = Microsoft Security Essentials
"Origin" = Origin
"PlayFLV" = PlayFLV
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"Star Trek Online" = Star Trek Online
"StarCraft II" = StarCraft II
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 620" = Portal 2
"SystemRequirementsLab" = System Requirements Lab
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/16/2011 3:08:47 PM | Computer Name = HAL-2009 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Kaspersky
Lab\Kaspersky Internet Security 2011\x64\sbstart.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 12/16/2011 3:08:50 PM | Computer Name = HAL-2009 | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.
Error - 12/18/2011 12:01:00 PM | Computer Name = HAL-2009 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Razer\Drivers\RzSynapse\DPInst_amd64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 12/18/2011 12:01:32 PM | Computer Name = HAL-2009 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Kaspersky
Lab\Kaspersky Internet Security 2011\x64\sbstart.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 12/18/2011 12:01:35 PM | Computer Name = HAL-2009 | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.
Error - 12/19/2011 7:32:01 PM | Computer Name = HAL-2009 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Razer\Drivers\RzSynapse\DPInst_amd64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 12/19/2011 7:32:20 PM | Computer Name = HAL-2009 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Kaspersky
Lab\Kaspersky Internet Security 2011\x64\sbstart.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 12/19/2011 7:32:23 PM | Computer Name = HAL-2009 | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.
Error - 12/21/2011 7:59:46 PM | Computer Name = HAL-2009 | Source = Application Error | ID = 1000
Description = Faulting application name: bf3.exe, version: 1.0.0.0, time stamp:
0x4ece50fa Faulting module name: bf3.exe, version: 1.0.0.0, time stamp: 0x4ece50fa
Exception
code: 0xc0000005 Fault offset: 0x00c27b15 Faulting process id: 0x1468 Faulting application
start time: 0x01ccc036c762c258 Faulting application path: C:\Program Files\Origin
Games\Battlefield 3\bf3.exe Faulting module path: C:\Program Files\Origin Games\Battlefield
3\bf3.exe Report Id: db388cf8-2c2f-11e1-bec7-0018f34d9ae9
Error - 12/21/2011 8:59:19 PM | Computer Name = HAL-2009 | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: MSHTML.dll, version: 9.0.8112.16440,
time stamp: 0x4eb31d5a Exception code: 0xc0000005 Fault offset: 0x00220a3e Faulting
process id: 0xba4 Faulting application start time: 0x01ccc034822716f0 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: 2cd8e078-2c38-11e1-bec7-0018f34d9ae9
[ System Events ]
Error - 12/21/2011 1:56:50 PM | Computer Name = HAL-2009 | Source = DCOM | ID = 10016
Description =
Error - 12/21/2011 2:06:02 PM | Computer Name = HAL-2009 | Source = bowser | ID = 8003
Description =
Error - 12/21/2011 2:18:00 PM | Computer Name = HAL-2009 | Source = bowser | ID = 8003
Description =
Error - 12/21/2011 2:37:37 PM | Computer Name = HAL-2009 | Source = bowser | ID = 8003
Description =
Error - 12/21/2011 3:01:37 PM | Computer Name = HAL-2009 | Source = bowser | ID = 8003
Description =
Error - 12/21/2011 7:00:10 PM | Computer Name = HAL-2009 | Source = DCOM | ID = 10016
Description =
Error - 12/21/2011 10:34:52 PM | Computer Name = HAL-2009 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:10:36 PM on ?12/?21/?2011 was unexpected.
Error - 12/21/2011 10:36:04 PM | Computer Name = HAL-2009 | Source = DCOM | ID = 10016
Description =
Error - 12/22/2011 12:28:06 PM | Computer Name = HAL-2009 | Source = DCOM | ID = 10016
Description =
Error - 12/22/2011 12:38:24 PM | Computer Name = HAL-2009 | Source = DCOM | ID = 10016
Description =
< End of report > |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 24 May 2013
Posts: 4045
Location: Land Of The Leprechauns
|
| Posted: Mon Dec 26, 2011 2:58 am Post subject: |
|
|
Hi James,
I hope you had an enjoyable Christmas.
| Quote: |
| Hello Cypher and thanks again for your help. |
You're most welcome.
| Quote: |
| ust a quick not that I did change out the video card on this machine sinse my last communication. |
No problem.
Create a new System Restore point
- Click Start, Right Click on Computer, and select Properties.
- In the left pane, click System Protection > Creat.
- Give this restore point a descriptive name and click Create.
- Click Apply and OK.
Next.
We need to run an OTL Fix
- Right-click OTL.exe and select " Run as administrator " to run it.
- Copy and Paste the following code into the
 textbox. Do not include the word Code
| Code: |
:processes
killallprocesses
:otl
IE - HKU\S-1-5-21-75803724-854183212-86490946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 B9 85 27 E5 AA CB 01 [binary data]
IE - HKU\S-1-5-21-75803724-854183212-86490946-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 08 4C A4 85 95 CC 01 [binary data]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:3EFB0FE0
:files
C:\Windows\DCEBoot.exe
ipconfig /flushdns /c
:commands
[emptyflash]
[emptytemp]
[emptyjava]
[resethosts]]
[REBOOT]
|
Then click the Run Fix button at the top.
Click  .
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
Next.
ESET online scannner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
- First please Disable any Antivirus you have active, as shown in This topic.
- Note: Don't forget to re-enable it after the scan.
- Next hold down Control then click on the following link to open a new window to ESET online scannner
- Select the option YES, I accept the Terms of Use then click on Start.
| Quote: |
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. |
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Now click on Start.
- The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
- Now click on Finish.
- Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
- Copy and paste that log as a reply to this topic.
Logs/Information to Post in your Next Reply
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
mcnubbins
Junior Member
Joined: 22 Nov 2008
Last Visit: 27 Dec 2011
Posts: 37
|
| Posted: Mon Dec 26, 2011 8:31 pm Post subject: |
|
|
Hello Cypher,
Yes it was a good Christmas and I hope yours was enjoyable as well.
The following are the logs you requested. It looks like ESET found 1 infected file, however it looks like it is in an old backup zip file from another PC build. The D drive on this machinne is a large data drive that I backup the other PC's in the house to.
Thanks again,
McNubbins
All processes killed
========== PROCESSES ==========
========== OTL ==========
HKU\S-1-5-21-75803724-854183212-86490946-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKU\S-1-5-21-75803724-854183212-86490946-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
ADS C:\ProgramData\TEMP:3EFB0FE0 deleted successfully.
========== FILES ==========
C:\Windows\DCEBoot.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Bubbles\Desktop\cmd.bat deleted successfully.
C:\Users\Bubbles\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Bubbles
->Flash cache emptied: 58077 bytes
User: Default
->Flash cache emptied: 56502 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: McNubbins
->Flash cache emptied: 29043 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: Bubbles
->Temp folder emptied: 15599810 bytes
->Temporary Internet Files folder emptied: 25691198 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: McNubbins
->Temp folder emptied: 393992421 bytes
->Temporary Internet Files folder emptied: 322271994 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 61427894 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 781.00 mb
[EMPTYJAVA]
User: All Users
User: Bubbles
User: Default
User: Default User
User: McNubbins
User: Public
Total Java Files Cleaned = 0.00 mb
Error: Unable to interpret <[resethosts]] > in the current context!
OTL by OldTimer - Version 3.2.31.0 log created on 12232011_131629
Files\Folders moved on Reboot...
C:\Users\Bubbles\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\74ETPPQ0\google_com[1].htm moved successfully.
C:\Users\Bubbles\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Windows\temp\kls9D39.tmp not found!
Registry entries deleted on Reboot...
*******************************************
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=261b15e9763ba74a8c5be69ad959063d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-12-24 02:13:43
# local_time=2011-12-23 09:13:43 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 20031539 20031539 0 0
# compatibility_mode=5893 16776574 100 94 16916840 76209784 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=235676
# found=1
# cleaned=0
# scan_time=27830
D:\Backup Files\ANTEC-HTPC\ANTEC-HTPC\Backup Set 2010-09-19 134009\Backup Files 2010-09-19 134009\Backup files 31.zip BAT/Munga.A trojan (unable to clean) 00000000000000000000000000000000 I |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 24 May 2013
Posts: 4045
Location: Land Of The Leprechauns
|
| Posted: Tue Dec 27, 2011 3:43 am Post subject: |
|
|
Hi James,
| Quote: |
| Yes it was a good Christmas and I hope yours was enjoyable as well. |
Yes it was thank you 
Your latest set of logs appear to be clean!
This is my general post for when your logs show no more signs of malware.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Clean up with OTL
- Right-click OTL.exe and select " Run as administrator " to run it.
- This will remove all the tools we used to clean your pc.
- Close all other programs apart from OTL as this step will require a reboot
- On the OTL main screen, press the CleanUp! button
- Say Yes to the prompt and then allow the program to reboot your computer.
You can now delete any tools we used if they remain on your Desktop.
Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.
Here are some free programs I recommend that could help you improve your computer's security.
Install SpywareBlaster
Download and install Javacools SpywareBlaster from Here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.
Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here
Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE
MVPS Hosts
Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check
Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates
I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
Safe surfing!
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
mcnubbins
Junior Member
Joined: 22 Nov 2008
Last Visit: 27 Dec 2011
Posts: 37
|
| Posted: Tue Dec 27, 2011 12:03 pm Post subject: |
|
|
Hi Cypher,
Yes I have read and understand your closing post. Just have a couple more questions though...
Did you find/remove anything that could have contributed to my daughters WoW acct being hacked (key logger or otherwise)? I would really like the piece of mind knowing that the security issue was identified.
Also will my currently installed Kaspersly Internet Security 2011 already perform any of the functions of the recommended software above? If so I will only install the apps with functions it cannot manage.
Thanks again for all your help,
McNubbins |
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 24 May 2013
Posts: 4045
Location: Land Of The Leprechauns
|
| Posted: Wed Dec 28, 2011 2:45 am Post subject: |
|
|
Hi McNubbins,
| Quote: |
| Did you find/remove anything that could have contributed to my daughters WoW acct being hacked (key logger or otherwise)? I would really like the piece of mind knowing that the security issue was identified. |
There were a few items that needed to be removed, but there was no evidence of a key logger on your computer.
The scans we have run are pretty in depth and appear to be clean now.
| Quote: |
Also will my currently installed Kaspersly Internet Security 2011 already perform any of the functions of the recommended software above? If so I will only install the apps with functions it cannot manage.
|
All the security programs i recommended provide extra security for your computer, i would advise you to download and install them.
Any other questions?
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
Cypher
Moderator
Joined: 05 Jul 2009
Last Visit: 24 May 2013
Posts: 4045
Location: Land Of The Leprechauns
|
| Posted: Thu Dec 29, 2011 2:05 am Post subject: |
|
|
| Quote: |
As your issues appear to be resolved, this topic is now closed.
If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations |
_________________
Admin/Teacher at Malware Removal University
Member of...
|
|
| Back to top |
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
