Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Live Search ? malware, virus

Started by pderbs , Oct 07 2011 09:04 PM

Next
»

This topic is locked

58 replies to this topic

#1 pderbs

Member

Members
66 posts

Posted 07 October 2011 - 09:04 PM

Computer a mess, pop ups, redirects, running brutal , cursor off on its own. Logs attached I may not have gotten complete GMER log because wasnt allowed to save after scan finished.

Attached Files

ark.txt 11.93K 1 downloads
attach.txt 18.1K 2 downloads
dds.txt 15.3K 6 downloads

Back to top

BC Ads
BleepingComputer.com

#2 gringo_pr

Bleepin Gringo

Malware Response Team
120,576 posts

Gender:Male
Location:Puerto rico

Posted 11 October 2011 - 08:10 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

Do not run any other tool untill instructed to do so!
please Do not Attach logs or put in code boxes.
Tell me about any problems that have occurred during the fix.
Tell me of any other symptoms you may be having as these can help also.
Do not run anything while running a fix.
Do not run any other tool untill instructed to do so!

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Please download DummyCreator.zip and unzip it.

Run the tool.
Copy and paste the following into the edit box:

C:\WINDOWS\533174528
Press Create button and post the content of the Result.txt.

Important: Restart the computer.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Back to top

#3 pderbs

Member

Members
66 posts

Posted 11 October 2011 - 09:58 PM

Thanks Gringo, I am unable to download either program on this computer, cant access or not available says message. On start up I get About Security Risk IE screen which says that a program has corruoted my default search providers settings aand that it is going to reset it as google IE open search settings. What next?

Back to top

#4 gringo_pr

Bleepin Gringo

Malware Response Team
120,576 posts

Gender:Male
Location:Puerto rico

Posted 11 October 2011 - 10:05 PM

can you download them from a clean computer and move them by a usb drive?

gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Back to top

#5 pderbs

Member

Members
66 posts

Posted 12 October 2011 - 02:51 PM

Gringo here is the dummy result: DummyCreator by Farbar
Ran by Paul (administrator) on 12-10-2011 at 07:53:14
**************************************************************

C:\WINDOWS\533174528 [12-10-2011 07:53:14]

== End of log ==

I was able to get dummy and combofix on through my evo usb drive but have been unable to successfully run combo fix and get any log files, i get attempting to creat new system restore point and a cscript error "loading setting failed. access denied.

Computer still a mess i get about security risk page and program had corriupted your default search provider settings every time on sstart.

I have combofix on computer just cant run, I do get updated version prompt for combo fix. What next?

Back to top

#6 gringo_pr

Bleepin Gringo

Malware Response Team
120,576 posts

Gender:Male
Location:Puerto rico

Posted 12 October 2011 - 06:28 PM

Hello

Download this tool and save it to the desktop: http://download.bleepingcomputer.com/sUBs/...xes/Inherit.exe

once it is saved to the desktop I want you to drag the combofix icon onto the inherit icon

after that is complete I want you to boot into safe mode and try to run combofix again

Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Back to top

#7 pderbs

Member

Members
66 posts

Posted 12 October 2011 - 07:56 PM

I ran combofix once before I got your instruction for safe mode and it deleted some files and folders but did not generate a log. Below is log created after running it in safe mode: Computer not running any better yet and still starts in "about: security risk"

ComboFix 11-10-12.04 - Paul 10/12/2011 20:25:45.6.2 - x86 MINIMAL
Running from: c:\documents and settings\Paul.WXP-G5N1Q91.000\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Paul\Application Data\Fymumy
c:\documents and settings\Paul\Application Data\Fymumy\zuku.tmp
c:\documents and settings\Paul\Application Data\Fymumy\zuku.yzi
.
---- Previous Run -------
.
c:\documents and settings\bleepingputer\Application Data\Usacce
c:\documents and settings\bleepingputer\Application Data\Usacce\uwovi.tmp
c:\documents and settings\Paul\My Documents\~WRL0001.tmp
c:\documents and settings\Paul\My Documents\~WRL0002.tmp
c:\documents and settings\Paul\My Documents\~WRL0003.tmp
c:\documents and settings\Paul\My Documents\~WRL0004.tmp
c:\documents and settings\Paul\My Documents\~WRL0005.tmp
c:\documents and settings\Paul\My Documents\~WRL0071.tmp
c:\documents and settings\Paul\My Documents\~WRL0182.tmp
c:\documents and settings\Paul\My Documents\~WRL0235.tmp
c:\documents and settings\Paul\My Documents\~WRL0455.tmp
c:\documents and settings\Paul\My Documents\~WRL0545.tmp
c:\documents and settings\Paul\My Documents\~WRL0586.tmp
c:\documents and settings\Paul\My Documents\~WRL0654.tmp
c:\documents and settings\Paul\My Documents\~WRL0724.tmp
c:\documents and settings\Paul\My Documents\~WRL0804.tmp
c:\documents and settings\Paul\My Documents\~WRL0859.tmp
c:\documents and settings\Paul\My Documents\~WRL0956.tmp
c:\documents and settings\Paul\My Documents\~WRL1315.tmp
c:\documents and settings\Paul\My Documents\~WRL1354.tmp
c:\documents and settings\Paul\My Documents\~WRL1476.tmp
c:\documents and settings\Paul\My Documents\~WRL1581.tmp
c:\documents and settings\Paul\My Documents\~WRL1624.tmp
c:\documents and settings\Paul\My Documents\~WRL1666.tmp
c:\documents and settings\Paul\My Documents\~WRL1725.tmp
c:\documents and settings\Paul\My Documents\~WRL2080.tmp
c:\documents and settings\Paul\My Documents\~WRL2462.tmp
c:\documents and settings\Paul\My Documents\~WRL2797.tmp
c:\documents and settings\Paul\My Documents\~WRL3270.tmp
c:\documents and settings\Paul\My Documents\~WRL3338.tmp
c:\documents and settings\Paul\My Documents\~WRL3736.tmp
c:\documents and settings\Paul\My Documents\~WRL3786.tmp
c:\documents and settings\Paul\My Documents\~WRL3831.tmp
c:\documents and settings\Paul\My Documents\~WRL3840.tmp
c:\documents and settings\sheila\Application Data\Wutyz
c:\documents and settings\sheila\Application Data\Wutyz\ubhib.onn
c:\documents and settings\sheila\Application Data\Wutyz\ubhib.tmp
c:\program files\Fast Browser Search
c:\windows\533174528
c:\windows\offitems.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_99c71f
.
.
((((((((((((((((((((((((( Files Created from 2011-09-13 to 2011-10-13 )))))))))))))))))))))))))))))))
.
.
2011-10-12 23:27 . 2011-02-16 13:22 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2011-10-12 23:27 . 2011-02-16 13:22 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-11 03:04 . 2011-10-11 03:04 -------- d-----w- C:\AVG2012
2011-10-11 00:33 . 2011-10-11 02:23 -------- d-----w- c:\documents and settings\Paul.WXP-G5N1Q91
2011-10-11 00:33 . 2011-10-11 00:33 -------- d-----w- C:\ArcSoft
2011-10-11 00:32 . 2011-10-11 00:33 -------- d-----w- c:\documents and settings\TEMP.WXP-G5N1Q91
2011-10-08 13:31 . 2011-10-08 13:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-08 13:31 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-08 12:37 . 2011-10-08 12:37 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-10-08 00:36 . 2011-10-08 00:37 -------- d-----w- c:\documents and settings\TEMP\Local Settings\Application Data\AskToolbar
2011-10-08 00:36 . 2011-10-08 00:36 -------- d-----w- c:\documents and settings\TEMP\Local Settings\Application Data\Google
2011-10-08 00:31 . 2011-10-08 00:31 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-10-07 11:47 . 2011-10-07 11:47 -------- d-sh--w- c:\documents and settings\Cara\IECompatCache
2011-09-26 19:42 . 2011-10-07 11:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone
2011-09-26 19:42 . 2011-09-26 19:42 -------- d-----w- c:\program files\Rosetta Stone
2011-09-26 19:36 . 2011-09-26 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2011-09-26 19:36 . 2011-09-26 19:36 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-09-26 19:31 . 2011-09-26 19:31 -------- d-----w- c:\program files\Elaborate Bytes
2011-09-21 21:34 . 2011-09-21 21:34 -------- d-----w- c:\documents and settings\delia\Application Data\AVG Secure Search
2011-09-21 21:33 . 2011-09-21 21:33 -------- d-----w- c:\documents and settings\delia\Application Data\AVG2012
2011-09-20 17:04 . 2011-09-20 17:04 -------- d-----w- c:\documents and settings\Patrick\Application Data\AVG Secure Search
2011-09-20 17:03 . 2011-09-20 17:03 -------- d-----w- c:\documents and settings\Patrick\Application Data\AVG2012
2011-09-20 00:44 . 2011-09-20 00:44 -------- d-----w- c:\documents and settings\Cara\Application Data\AVG Secure Search
2011-09-20 00:43 . 2011-09-20 00:43 -------- d-----w- c:\documents and settings\Cara\Application Data\AVG2012
2011-09-18 13:51 . 2011-09-18 13:51 -------- d-----w- c:\documents and settings\sheila\Application Data\AVG Secure Search
2011-09-17 10:46 . 2011-09-17 10:46 -------- d-----w- c:\documents and settings\Paul\Application Data\Jaran Nilsen
2011-09-17 10:46 . 2011-09-17 10:46 -------- d-----w- c:\program files\iTunes Agent
2011-09-17 01:25 . 2011-09-27 02:44 -------- d-----w- c:\documents and settings\Paul\Application Data\Genieo
2011-09-17 01:25 . 2011-09-17 01:25 -------- d-----w- c:\documents and settings\Paul\Application Data\AVG Secure Search
2011-09-17 01:25 . 2011-09-17 01:25 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-09-17 01:25 . 2011-09-17 01:25 -------- d-----w- c:\program files\AVG Secure Search
2011-09-17 00:27 . 2011-09-17 00:27 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\doubleTwist_Corporation
2011-09-17 00:27 . 2011-09-17 00:27 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\doubleTwist Corporation
2011-09-17 00:26 . 2011-09-27 02:50 -------- d-----w- c:\program files\Common Files\doubleTwist
2011-09-17 00:26 . 2008-12-17 23:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2011-09-17 00:26 . 2008-12-11 17:26 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2011-09-17 00:26 . 2011-09-27 02:50 -------- d-----w- c:\program files\ffdshow
2011-09-17 00:25 . 2011-09-17 09:28 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\OpenCandy
2011-09-17 00:25 . 2011-09-17 00:25 -------- d-----w- c:\documents and settings\Paul\Application Data\OpenCandy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2004-08-12 13:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-04 02:25 . 2011-09-04 02:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-29 17:04 . 2010-06-19 02:07 1324 ----a-w- c:\documents and settings\sheila\Local Settings\Application Data\d3d9caps.tmp
2011-08-10 03:59 . 2011-01-04 21:59 1324 ----a-w- c:\documents and settings\Cara\Local Settings\Application Data\d3d9caps.tmp
2011-07-20 05:27 . 2011-02-08 15:36 1324 ----a-w- c:\documents and settings\delia\Local Settings\Application Data\d3d9caps.tmp
2011-07-15 13:29 . 2004-08-12 13:22 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-11-23 00:31 . 2010-11-23 00:31 3137976 ----a-w- c:\program files\DMSetup.exe
2010-11-09 00:01 . 2010-11-09 00:01 266313336 ----a-w- c:\program files\LexiaReading_7.0.1_us.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-09-17 01:25 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 01:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-09-17 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-26 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ArcSoft MediaImpression Monitor"="c:\program files\Kodak\MediaImpression\ArcMonitor.exe" [2010-07-20 80384]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-06 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-06 13877248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-09-17 218440]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFLUlItR1BFSkstUjdRTkctQUdNSTYtQVJGNlItWQ&inst=NzYtOTE2NDIzMDUxLUIxLVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE&prod=92&ver=2012.0.1809&mid=21be40c0cfc847d1800ad15a3458cc10-0236fde42eb391011a5519bd2ce47db43043d232" [?]
"AFD"="c:\windows\Regedit.exe" [2008-04-14 146432]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-02-04 01:05 233304 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"1886:TCP"= 1886:TCP:Genieo
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 136176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-09-17 246600]
R3 ArcCD;ArcCD Filter Driver Service; [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 136176]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-08-11 56992]
R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\DRIVERS\WUSB54GCv3.sys [2008-12-04 627072]
R4 ArcUdfs;ArcUdfs FileSystem Driver Service; [x]
R4 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2003-02-24 11029]
S0 a320raid;a320raid;c:\windows\System32\DRIVERS\a320raid.sys [2005-02-18 218112]
S0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\System32\DRIVERS\aac.sys [2004-04-07 48140]
S0 aarich;aarich;c:\windows\system32\DRIVERS\aarich.sys [2005-05-18 204800]
S0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\megasas.sys [2006-04-18 17664]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ArcRec
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 15:53]
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 15:53]
.
2011-10-12 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-08-24 01:20]
.
2011-10-12 c:\windows\Tasks\User_Feed_Synchronization-{52508262-3DA4-4112-9E03-487C0ACF1BFB}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 16:31]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-12 20:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,62,30,a9,45,21,79,42,ac,32,ad,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,62,30,a9,45,21,79,42,ac,32,ad,\
.
Completion time: 2011-10-12 20:44:51
ComboFix-quarantined-files.txt 2011-10-13 00:44
ComboFix2.txt 2010-11-25 15:58
ComboFix3.txt 2010-11-24 22:12
ComboFix4.txt 2010-07-02 10:11
.
Pre-Run: 6,856,425,472 bytes free
Post-Run: 6,841,491,456 bytes free
.
- - End Of File - - 5AA1BECFDFC6556A3E8562C97D46D4E7

Edited by pderbs, 12 October 2011 - 07:57 PM.

Back to top

#8 gringo_pr

Bleepin Gringo

Malware Response Team
120,576 posts

Gender:Male
Location:Puerto rico

Posted 12 October 2011 - 08:25 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Back to top

#9 pderbs

Member

Members
66 posts

Posted 12 October 2011 - 08:49 PM

I dont know if this is complete log becuase scan was so quick but here it is:

:46:53.0703 2816 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54
21:46:53.0953 2816 ============================================================
21:46:53.0953 2816 Current date / time: 2011/10/12 21:46:53.0953
21:46:53.0953 2816 SystemInfo:
21:46:53.0953 2816
21:46:53.0953 2816 OS Version: 5.1.2600 ServicePack: 3.0
21:46:53.0953 2816 Product type: Workstation
21:46:53.0953 2816 ComputerName: WXP-G5N1Q91
21:46:53.0953 2816 UserName: Paul
21:46:53.0953 2816 Windows directory: C:\WINDOWS
21:46:53.0953 2816 System windows directory: C:\WINDOWS
21:46:53.0953 2816 Processor architecture: Intel x86
21:46:53.0953 2816 Number of processors: 2
21:46:53.0953 2816 Page size: 0x1000
21:46:53.0953 2816 Boot type: Normal boot
21:46:53.0953 2816 ============================================================
21:46:54.0750 2816 Initialize success
21:47:05.0046 1984 ============================================================
21:47:05.0046 1984 Scan started
21:47:05.0046 1984 Mode: Manual;
21:47:05.0046 1984 ============================================================
21:47:07.0078 1984 a320raid (28615e07c5b8803841a038418406b98e) C:\WINDOWS\system32\DRIVERS\a320raid.sys
21:47:07.0078 1984 a320raid - ok
21:47:07.0078 1984 aac (74365ea0c390d9af5d2ee720c65be2a9) C:\WINDOWS\system32\DRIVERS\aac.sys
21:47:07.0078 1984 aac - ok
21:47:07.0109 1984 aarich (b7dbe200b5395fe2937ea2b69e413dad) C:\WINDOWS\system32\DRIVERS\aarich.sys
21:47:07.0125 1984 aarich - ok
21:47:07.0125 1984 Abiosdsk - ok
21:47:07.0140 1984 abp480n5 - ok
21:47:07.0156 1984 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:47:07.0156 1984 ACPI - ok
21:47:07.0187 1984 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:47:07.0187 1984 ACPIEC - ok
21:47:07.0203 1984 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:47:07.0203 1984 adpu160m - ok
21:47:07.0234 1984 adpu320 (e4e13ce4c85c7e45a643ba54b8c8b16b) C:\WINDOWS\system32\drivers\adpu320.sys
21:47:07.0234 1984 adpu320 - ok
21:47:07.0250 1984 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:47:07.0250 1984 aec - ok
21:47:07.0296 1984 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
21:47:07.0296 1984 Afc - ok
21:47:07.0343 1984 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
21:47:07.0343 1984 AFD - ok
21:47:07.0359 1984 Aha154x - ok
21:47:07.0375 1984 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:47:07.0375 1984 aic78u2 - ok
21:47:07.0390 1984 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:47:07.0390 1984 aic78xx - ok
21:47:07.0406 1984 AliIde - ok
21:47:07.0421 1984 amsint - ok
21:47:07.0453 1984 ArcCD (a82f1a1b09593c73efd02a59dc94920c) C:\WINDOWS\system32\drivers\ArcCD.sys
21:47:07.0453 1984 ArcCD - ok
21:47:07.0468 1984 ArcRec (1af9061b61741a912368ab4dc309d25e) C:\WINDOWS\system32\drivers\ArcRec.sys
21:47:07.0468 1984 ArcRec - ok
21:47:07.0500 1984 ArcUdfs (3ee9e41102a2c6b8f7dbad5d44abda05) C:\WINDOWS\system32\drivers\ArcUdfs.sys
21:47:07.0500 1984 ArcUdfs - ok
21:47:07.0515 1984 asc - ok
21:47:07.0515 1984 asc3350p - ok
21:47:07.0531 1984 asc3550 - ok
21:47:07.0578 1984 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:47:07.0578 1984 AsyncMac - ok
21:47:07.0609 1984 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:47:07.0609 1984 atapi - ok
21:47:07.0625 1984 Atdisk - ok
21:47:07.0718 1984 ati2mtag (a7dd7088e2c987dbcb3f4d6d56f723bd) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:47:07.0718 1984 ati2mtag - ok
21:47:07.0750 1984 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:47:07.0750 1984 Atmarpc - ok
21:47:07.0796 1984 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:47:07.0796 1984 audstub - ok
21:47:07.0812 1984 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:47:07.0812 1984 b57w2k - ok
21:47:07.0921 1984 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:47:07.0921 1984 Beep - ok
21:47:07.0968 1984 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
21:47:07.0968 1984 BVRPMPR5 - ok
21:47:08.0031 1984 catchme - ok
21:47:08.0062 1984 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:47:08.0062 1984 cbidf2k - ok
21:47:08.0078 1984 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:47:08.0078 1984 CCDECODE - ok
21:47:08.0093 1984 cd20xrnt - ok
21:47:08.0125 1984 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:47:08.0125 1984 Cdaudio - ok
21:47:08.0156 1984 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:47:08.0156 1984 Cdfs - ok
21:47:08.0203 1984 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:47:08.0218 1984 Cdrom - ok
21:47:08.0250 1984 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
21:47:08.0250 1984 cercsr6 - ok
21:47:08.0265 1984 Changer (2a5815ca6fff24b688c01f828b96819c) C:\WINDOWS\system32\drivers\Changer.sys
21:47:08.0281 1984 Changer - ok
21:47:08.0281 1984 CmdIde - ok
21:47:08.0296 1984 Cpqarray - ok
21:47:08.0312 1984 dac2w2k - ok
21:47:08.0328 1984 dac960nt - ok
21:47:08.0343 1984 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:47:08.0343 1984 Disk - ok
21:47:08.0390 1984 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:47:08.0390 1984 dmboot - ok
21:47:08.0406 1984 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:47:08.0406 1984 dmio - ok
21:47:08.0406 1984 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:47:08.0421 1984 dmload - ok
21:47:08.0437 1984 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:47:08.0453 1984 DMusic - ok
21:47:08.0453 1984 dpti2o - ok
21:47:08.0468 1984 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:47:08.0468 1984 drmkaud - ok
21:47:08.0515 1984 E1000 (a8b3ec8ee13cbe14f067c72110155a1b) C:\WINDOWS\system32\DRIVERS\e1000325.sys
21:47:08.0515 1984 E1000 - ok
21:47:08.0562 1984 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
21:47:08.0562 1984 ElbyCDIO - ok
21:47:08.0609 1984 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:47:08.0609 1984 Fastfat - ok
21:47:08.0640 1984 fasttx2k (b62ba9f5e991d64c28dd75121aa38c81) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
21:47:08.0640 1984 fasttx2k - ok
21:47:08.0671 1984 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:47:08.0671 1984 Fdc - ok
21:47:08.0687 1984 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:47:08.0687 1984 Fips - ok
21:47:08.0718 1984 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:47:08.0718 1984 Flpydisk - ok
21:47:08.0796 1984 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:47:08.0796 1984 FltMgr - ok
21:47:08.0812 1984 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:47:08.0812 1984 Fs_Rec - ok
21:47:08.0843 1984 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:47:08.0843 1984 Ftdisk - ok
21:47:08.0890 1984 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:47:08.0890 1984 GEARAspiWDM - ok
21:47:08.0937 1984 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:47:08.0937 1984 Gpc - ok
21:47:09.0000 1984 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:47:09.0000 1984 HDAudBus - ok
21:47:09.0031 1984 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:47:09.0031 1984 hidusb - ok
21:47:09.0046 1984 hpn - ok
21:47:09.0093 1984 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:47:09.0093 1984 HPZid412 - ok
21:47:09.0109 1984 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:47:09.0109 1984 HPZipr12 - ok
21:47:09.0125 1984 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:47:09.0125 1984 HPZius12 - ok
21:47:09.0156 1984 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
21:47:09.0156 1984 HTCAND32 - ok
21:47:09.0203 1984 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:47:09.0203 1984 HTTP - ok
21:47:09.0265 1984 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:47:09.0265 1984 i2omgmt - ok
21:47:09.0265 1984 i2omp - ok
21:47:09.0281 1984 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:47:09.0281 1984 i8042prt - ok
21:47:09.0343 1984 iaStor (1c77a81756d4777ccb0425ae8107fe96) C:\WINDOWS\system32\DRIVERS\iaStor.sys
21:47:09.0343 1984 iaStor - ok
21:47:09.0375 1984 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:47:09.0375 1984 Imapi - ok
21:47:09.0390 1984 ini910u - ok
21:47:09.0421 1984 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:47:09.0421 1984 IntelIde - ok
21:47:09.0468 1984 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:47:09.0468 1984 intelppm - ok
21:47:09.0531 1984 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:47:09.0531 1984 Ip6Fw - ok
21:47:09.0578 1984 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:47:09.0578 1984 IpFilterDriver - ok
21:47:09.0609 1984 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:47:09.0609 1984 IpInIp - ok
21:47:09.0656 1984 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:47:09.0656 1984 IpNat - ok
21:47:09.0671 1984 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:47:09.0671 1984 IPSec - ok
21:47:09.0687 1984 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:47:09.0687 1984 IRENUM - ok
21:47:09.0703 1984 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:47:09.0703 1984 isapnp - ok
21:47:09.0718 1984 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:47:09.0718 1984 Kbdclass - ok
21:47:09.0765 1984 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:47:09.0765 1984 kbdhid - ok
21:47:09.0796 1984 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:47:09.0796 1984 kmixer - ok
21:47:09.0859 1984 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:47:09.0859 1984 KSecDD - ok
21:47:09.0875 1984 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys
21:47:09.0875 1984 lbrtfdc - ok
21:47:09.0937 1984 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
21:47:09.0937 1984 MBAMProtector - ok
21:47:09.0984 1984 megasas (b9ca93897ee500c87471d4353707ee43) C:\WINDOWS\system32\drivers\megasas.sys
21:47:10.0000 1984 megasas - ok
21:47:10.0046 1984 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys
21:47:10.0046 1984 mfeavfk - ok
21:47:10.0062 1984 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys
21:47:10.0062 1984 mfebopk - ok
21:47:10.0125 1984 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys
21:47:10.0125 1984 mfehidk - ok
21:47:10.0171 1984 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
21:47:10.0171 1984 mferkdk - ok
21:47:10.0218 1984 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
21:47:10.0218 1984 mfesmfk - ok
21:47:10.0265 1984 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:47:10.0265 1984 mnmdd - ok
21:47:10.0312 1984 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:47:10.0312 1984 Modem - ok
21:47:10.0312 1984 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:47:10.0312 1984 Mouclass - ok
21:47:10.0328 1984 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:47:10.0343 1984 mouhid - ok
21:47:10.0375 1984 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:47:10.0375 1984 MountMgr - ok
21:47:10.0375 1984 mraid35x - ok
21:47:10.0390 1984 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:47:10.0390 1984 MRxDAV - ok
21:47:10.0468 1984 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:47:10.0468 1984 MRxSmb - ok
21:47:10.0531 1984 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:47:10.0531 1984 Msfs - ok
21:47:10.0578 1984 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:47:10.0578 1984 MSKSSRV - ok
21:47:10.0593 1984 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:47:10.0593 1984 MSPCLOCK - ok
21:47:10.0609 1984 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:47:10.0609 1984 MSPQM - ok
21:47:10.0640 1984 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:47:10.0640 1984 mssmbios - ok
21:47:10.0671 1984 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:47:10.0671 1984 MSTEE - ok
21:47:10.0718 1984 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:47:10.0718 1984 Mup - ok
21:47:10.0750 1984 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:47:10.0750 1984 NABTSFEC - ok
21:47:10.0796 1984 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:47:10.0796 1984 NDIS - ok
21:47:10.0828 1984 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:47:10.0828 1984 NdisIP - ok
21:47:10.0859 1984 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:47:10.0859 1984 NdisTapi - ok
21:47:10.0921 1984 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:47:10.0921 1984 Ndisuio - ok
21:47:10.0937 1984 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:47:10.0937 1984 NdisWan - ok
21:47:10.0984 1984 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:47:10.0984 1984 NDProxy - ok
21:47:11.0046 1984 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:47:11.0046 1984 NetBIOS - ok
21:47:11.0078 1984 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:47:11.0078 1984 NetBT - ok
21:47:11.0125 1984 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:47:11.0125 1984 Npfs - ok
21:47:11.0156 1984 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:47:11.0171 1984 Ntfs - ok
21:47:11.0218 1984 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:47:11.0218 1984 Null - ok
21:47:11.0562 1984 nv (cf49346faeffbd046b4dcaf29673e02a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:47:11.0625 1984 nv - ok
21:47:11.0734 1984 NVHDA (2e661d73b21619818787fd5059294751) C:\WINDOWS\system32\drivers\nvhda32.sys
21:47:11.0734 1984 NVHDA - ok
21:47:11.0781 1984 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:47:11.0781 1984 NwlnkFlt - ok
21:47:11.0796 1984 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:47:11.0796 1984 NwlnkFwd - ok
21:47:11.0812 1984 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:47:11.0828 1984 Parport - ok
21:47:11.0859 1984 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:47:11.0859 1984 PartMgr - ok
21:47:11.0890 1984 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:47:11.0890 1984 ParVdm - ok
21:47:11.0937 1984 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:47:11.0937 1984 PCI - ok
21:47:11.0937 1984 PCIDump - ok
21:47:12.0000 1984 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:47:12.0000 1984 PCIIde - ok
21:47:12.0031 1984 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:47:12.0046 1984 Pcmcia - ok
21:47:12.0046 1984 PDCOMP - ok
21:47:12.0062 1984 PDFRAME - ok
21:47:12.0078 1984 PDRELI - ok
21:47:12.0078 1984 PDRFRAME - ok
21:47:12.0093 1984 perc2 - ok
21:47:12.0109 1984 perc2hib - ok
21:47:12.0156 1984 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:47:12.0156 1984 PptpMiniport - ok
21:47:12.0171 1984 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:47:12.0171 1984 PSched - ok
21:47:12.0203 1984 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:47:12.0203 1984 Ptilink - ok
21:47:12.0203 1984 ql1080 - ok
21:47:12.0218 1984 Ql10wnt - ok
21:47:12.0234 1984 ql12160 - ok
21:47:12.0234 1984 ql1240 - ok
21:47:12.0250 1984 ql1280 - ok
21:47:12.0281 1984 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:47:12.0281 1984 RasAcd - ok
21:47:12.0312 1984 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:47:12.0312 1984 Rasl2tp - ok
21:47:12.0328 1984 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:47:12.0328 1984 RasPppoe - ok
21:47:12.0328 1984 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:47:12.0343 1984 Raspti - ok
21:47:12.0359 1984 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:47:12.0359 1984 Rdbss - ok
21:47:12.0359 1984 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:47:12.0359 1984 RDPCDD - ok
21:47:12.0390 1984 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:47:12.0390 1984 rdpdr - ok
21:47:12.0453 1984 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:47:12.0453 1984 RDPWD - ok
21:47:12.0531 1984 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:47:12.0531 1984 redbook - ok
21:47:12.0546 1984 RimUsb - ok
21:47:12.0593 1984 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
21:47:12.0609 1984 RimVSerPort - ok
21:47:12.0625 1984 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
21:47:12.0640 1984 ROOTMODEM - ok
21:47:12.0703 1984 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:47:12.0703 1984 Secdrv - ok
21:47:12.0765 1984 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
21:47:12.0781 1984 senfilt - ok
21:47:12.0828 1984 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:47:12.0828 1984 Serenum - ok
21:47:12.0843 1984 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:47:12.0843 1984 Serial - ok
21:47:12.0859 1984 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:47:12.0875 1984 Sfloppy - ok
21:47:12.0890 1984 Simbad - ok
21:47:12.0906 1984 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:47:12.0906 1984 SLIP - ok
21:47:12.0953 1984 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
21:47:12.0953 1984 smwdm - ok
21:47:12.0968 1984 Sparrow - ok
21:47:12.0984 1984 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:47:12.0984 1984 splitter - ok
21:47:13.0015 1984 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:47:13.0015 1984 sr - ok
21:47:13.0078 1984 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:47:13.0078 1984 Srv - ok
21:47:13.0125 1984 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
21:47:13.0125 1984 StillCam - ok
21:47:13.0156 1984 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:47:13.0156 1984 streamip - ok
21:47:13.0171 1984 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:47:13.0171 1984 swenum - ok
21:47:13.0203 1984 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:47:13.0203 1984 swmidi - ok
21:47:13.0218 1984 symc810 - ok
21:47:13.0234 1984 symc8xx - ok
21:47:13.0296 1984 Symmpi (e16380d5911fa00e90452f90f49ed352) C:\WINDOWS\system32\DRIVERS\symmpi.sys
21:47:13.0296 1984 Symmpi - ok
21:47:13.0296 1984 sym_hi - ok
21:47:13.0312 1984 sym_u3 - ok
21:47:13.0328 1984 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:47:13.0328 1984 sysaudio - ok
21:47:13.0406 1984 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:47:13.0406 1984 Tcpip - ok
21:47:13.0437 1984 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:47:13.0437 1984 TDPIPE - ok
21:47:13.0500 1984 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:47:13.0500 1984 TDTCP - ok
21:47:13.0546 1984 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:47:13.0546 1984 TermDD - ok
21:47:13.0578 1984 TosIde - ok
21:47:13.0625 1984 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:47:13.0625 1984 Udfs - ok
21:47:13.0640 1984 ultra - ok
21:47:13.0703 1984 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:47:13.0718 1984 Update - ok
21:47:13.0765 1984 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:47:13.0765 1984 USBAAPL - ok
21:47:13.0796 1984 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:47:13.0796 1984 usbaudio - ok
21:47:13.0812 1984 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:47:13.0812 1984 usbccgp - ok
21:47:13.0875 1984 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:47:13.0875 1984 usbehci - ok
21:47:13.0906 1984 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:47:13.0906 1984 usbhub - ok
21:47:13.0921 1984 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:47:13.0921 1984 usbprint - ok
21:47:13.0953 1984 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:47:13.0953 1984 usbscan - ok
21:47:13.0953 1984 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:47:13.0953 1984 USBSTOR - ok
21:47:13.0984 1984 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:47:13.0984 1984 usbuhci - ok
21:47:14.0015 1984 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:47:14.0031 1984 usbvideo - ok
21:47:14.0062 1984 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\WINDOWS\system32\DRIVERS\VClone.sys
21:47:14.0062 1984 VClone - ok
21:47:14.0093 1984 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:47:14.0093 1984 VgaSave - ok
21:47:14.0109 1984 ViaIde - ok
21:47:14.0203 1984 vmscsi (cd8a1f04836111dc0e6c0cd904b3c660) C:\WINDOWS\system32\drivers\vmscsi.sys
21:47:14.0218 1984 vmscsi - ok
21:47:14.0250 1984 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:47:14.0250 1984 VolSnap - ok
21:47:14.0312 1984 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:47:14.0312 1984 Wanarp - ok
21:47:14.0375 1984 Wdf01000 (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:47:14.0375 1984 Wdf01000 - ok
21:47:14.0375 1984 WDICA - ok
21:47:14.0406 1984 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:47:14.0421 1984 wdmaud - ok
21:47:14.0484 1984 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:47:14.0484 1984 WpdUsb - ok
21:47:14.0546 1984 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:47:14.0546 1984 WSTCODEC - ok
21:47:14.0593 1984 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:47:14.0593 1984 WudfPf - ok
21:47:14.0640 1984 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:47:14.0640 1984 WudfRd - ok
21:47:14.0687 1984 WUSB54GCv3 (326c012c7fe573829871fe9c9e41cf9b) C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys
21:47:14.0687 1984 WUSB54GCv3 - ok
21:47:14.0718 1984 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:47:14.0843 1984 \Device\Harddisk0\DR0 - ok
21:47:14.0859 1984 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR4
21:47:14.0875 1984 \Device\Harddisk1\DR4 - ok
21:47:14.0875 1984 Boot (0x1200) (bce4d6360c72a3e012d762ffdc7fa2c8) \Device\Harddisk0\DR0\Partition0
21:47:14.0875 1984 \Device\Harddisk0\DR0\Partition0 - ok
21:47:14.0890 1984 Boot (0x1200) (98eee6a20244e1ad75ed1bbb5bfda24c) \Device\Harddisk1\DR4\Partition0
21:47:14.0890 1984 \Device\Harddisk1\DR4\Partition0 - ok
21:47:14.0890 1984 ============================================================
21:47:14.0890 1984 Scan finished
21:47:14.0890 1984 ============================================================
21:47:14.0906 3576 Detected object count: 0
21:47:14.0906 3576 Actual detected object count: 0

Back to top

#10 gringo_pr

Bleepin Gringo

Malware Response Team
120,576 posts

Gender:Male
Location:Puerto rico

Posted 12 October 2011 - 09:13 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Back to top

#11 pderbs

Member

Members
66 posts

Posted 12 October 2011 - 09:28 PM

Log below:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-12 22:18:20
-----------------------------
22:18:20.203 OS Version: Windows 5.1.2600 Service Pack 3
22:18:20.203 Number of processors: 2 586 0x403
22:18:20.203 ComputerName: WXP-G5N1Q91 UserName: Paul
22:18:20.656 Initialize success
22:19:29.203 AVAST engine defs: 11101201
22:19:41.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
22:19:41.250 Disk 0 Vendor: ST380819AS 8.04 Size: 76293MB BusType: 3
22:19:43.265 Disk 0 MBR read successfully
22:19:43.265 Disk 0 MBR scan
22:19:43.265 Disk 0 Windows XP default MBR code
22:19:43.265 Disk 0 scanning sectors +156232125
22:19:43.328 Disk 0 scanning C:\WINDOWS\system32\drivers
22:19:54.062 Service scanning
22:19:55.375 Modules scanning
22:19:59.390 Disk 0 trace - called modules:
22:19:59.406 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a56d6f8]<<
22:19:59.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae21ab8]
22:19:59.875 AVAST engine scan C:\WINDOWS
22:20:14.171 AVAST engine scan C:\WINDOWS\system32
22:21:53.921 AVAST engine scan C:\WINDOWS\system32\drivers
22:22:07.328 AVAST engine scan C:\Documents and Settings\Paul.WXP-G5N1Q91.000
22:22:53.531 AVAST engine scan C:\Documents and Settings\All Users
22:26:13.750 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Desktop\MBR.dat"
22:26:13.750 The log file has been saved successfully to "C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Desktop\aswMBR.txt"

Back to top

#12 gringo_pr

Bleepin Gringo

Malware Response Team
120,576 posts

Gender:Male
Location:Puerto rico

Posted 12 October 2011 - 10:13 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened and the that I need posted back here
- Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
Please post the contents of OTListIt.txt in your next reply.

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Back to top

#13 pderbs

Member

Members
66 posts

Posted 13 October 2011 - 03:50 AM

Gringo, below is otl log. I am still having to download these programs onto my smartphone and then to move to computer as I can't download to computer.

OTL logfile created on: 10/13/2011 4:44:10 AM - Run 5
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:

3.00 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 81.80% Memory free
4.34 Gb Paging File | 3.96 Gb Available in Paging File | 91.27% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 2.84 Gb Free Space | 3.82% Space Free | Partition Type: NTFS
Drive F: | 7.39 Gb Total Space | 1.50 Gb Free Space | 20.31% Space Free | Partition Type: FAT32

Computer Name: WXP-G5N1Q91 | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe ()
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe ()
MOD - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
MOD - C:\Program Files\Flip Video\FlipShare\Core.dll ()
MOD - C:\Program Files\Flip Video\FlipShare\qca2.dll ()
MOD - C:\Program Files\Flip Video\FlipShare\QtGui4.dll ()
MOD - C:\Program Files\Flip Video\FlipShare\QtCore4.dll ()
MOD - C:\Program Files\Flip Video\FlipShare\QtXml4.dll ()
MOD - C:\Program Files\Flip Video\FlipShare\QtSql4.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll ()

========== Win32 Services (SafeList) ==========

SRV - (MSDTC) -- File not found
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (vToolbarUpdater) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe ()
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)

========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (BVRPMPR5) -- C:\WINDOWS\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (NVHDA) -- C:\WINDOWS\System32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (HTCAND32) -- C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (WUSB54GCv3) -- C:\WINDOWS\System32\DRIVERS\WUSB54GCv3.sys (Ralink Technology, Corp.)
DRV - (Changer) -- C:\WINDOWS\System32\drivers\changer.sys (Microsoft Corporation)
DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (ArcCD) -- C:\WINDOWS\System32\drivers\ArcCD.sys (ArcSoft Inc.)
DRV - (ArcUdfs) -- C:\WINDOWS\System32\drivers\ArcUdfs.sys (ArcSoft Inc.)
DRV - (Afc) -- C:\WINDOWS\System32\drivers\Afc.sys (Arcsoft, Inc.)
DRV - (Symmpi) -- C:\WINDOWS\System32\DRIVERS\symmpi.sys (LSI Logic)
DRV - (ati2mtag) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (aarich) -- C:\WINDOWS\system32\DRIVERS\aarich.sys (Adaptec, Inc.)
DRV - (b57w2k) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (a320raid) -- C:\WINDOWS\System32\DRIVERS\a320raid.sys (Adaptec, Inc.)
DRV - (senfilt) -- C:\WINDOWS\System32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (aac) -- C:\WINDOWS\System32\DRIVERS\aac.sys (Adaptec, Inc.)
DRV - (fasttx2k) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (vmscsi) -- C:\WINDOWS\System32\drivers\vmscsi.sys (VMware, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Paul\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F1A95211-58FD-4FD2-9F54-92535BF5C26A}: C:\Documents and Settings\Paul\Local Settings\Application Data\{F1A95211-58FD-4FD2-9F54-92535BF5C26A}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/28 18:32:35 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/10/12 20:42:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found
O3 - HKLM\..\Toolbar: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\RunOnce: [AFD] C:\WINDOWS\Regedit.exe /s "C:\ComboFix\SW_AFD.reg" File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Application Data [2010/07/02 06:02:29 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Administrator\Cookies [2011/10/07 20:31:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Administrator\Desktop [2011/10/11 20:37:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Administrator\Favorites [2009/05/31 23:52:52 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Administrator\IECompatCache [2010/06/20 00:00:46 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Administrator\IETldCache [2010/06/19 23:07:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Administrator\Local Settings [2011/10/12 20:44:53 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Administrator\My Documents [2009/05/30 07:08:31 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Administrator\NetHood [2006/07/28 06:03:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Administrator\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\Administrator\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\Administrator\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\Administrator\PrintHood [2006/07/28 06:03:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Administrator\PrivacIE [2011/10/07 20:31:04 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Administrator\Recent [2011/10/07 20:32:12 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Administrator\SendTo [2006/07/28 13:17:21 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu [2006/07/28 06:03:42 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Administrator\Templates [2006/07/28 13:09:47 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Administrator\UserData [2009/05/30 07:20:07 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\All Users\Application Data [2011/09/26 15:42:54 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Bank of America [2009/06/19 02:47:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\All Users\Desktop [2011/10/11 21:14:26 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\All Users\Documents [2010/08/28 19:37:37 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\All Users\DRM [2009/06/20 22:54:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\All Users\Favorites [2006/07/28 06:03:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\All Users\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\All Users\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu [2011/05/08 17:55:39 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\All Users\Templates [2006/07/28 06:03:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\bleepingputer\Application Data [2011/10/12 20:06:11 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\bleepingputer\Cookies [2011/04/28 19:46:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\bleepingputer\Desktop [2010/07/02 00:05:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\bleepingputer\Favorites [2010/07/02 00:05:30 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\bleepingputer\IETldCache [2010/07/02 00:05:12 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\bleepingputer\Local Settings [2011/10/12 20:44:53 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\bleepingputer\My Documents [2010/07/02 00:05:29 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\bleepingputer\NetHood [2006/07/28 06:03:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\bleepingputer\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\bleepingputer\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\bleepingputer\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\bleepingputer\PrintHood [2006/07/28 06:03:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\bleepingputer\PrivacIE [2010/07/04 19:35:59 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\bleepingputer\Recent [2010/07/02 00:05:29 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\bleepingputer\SendTo [2006/07/28 13:17:21 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\bleepingputer\Start Menu [2006/07/28 06:03:42 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\bleepingputer\Templates [2006/07/28 13:09:47 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Cara\Application Data [2011/09/19 20:44:27 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Cara\Cookies [2011/10/07 07:51:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Cara\Desktop [2011/03/11 19:32:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Cara\Favorites [2011/07/23 09:02:07 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Cara\IECompatCache [2011/10/07 07:47:09 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Cara\IETldCache [2010/04/10 18:14:11 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Cara\Local Settings [2011/10/12 20:44:53 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Cara\My Documents [2011/10/11 20:37:34 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Cara\NetHood [2006/07/28 06:03:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Cara\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\Cara\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\Cara\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\Cara\PrintHood [2006/07/28 06:03:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Cara\PrivacIE [2010/04/10 18:15:52 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Cara\Recent [2011/08/07 15:37:52 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Cara\SendTo [2006/07/28 13:17:21 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Cara\Start Menu [2006/07/28 06:03:42 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Cara\Templates [2006/07/28 13:09:47 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Cara\UserData [2009/12/24 04:21:28 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Default User\Application Data [2010/01/17 18:54:20 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Default User\Cookies [2011/10/13 03:08:18 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Default User\Desktop [2006/07/28 06:03:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Default User\Favorites [2006/07/28 13:17:34 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Default User\Local Settings [2006/07/28 06:03:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Default User\My Documents [2006/07/28 13:17:33 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Default User\NetHood [2006/07/28 06:03:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Default User\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\Default User\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\Default User\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\Default User\PrintHood [2006/07/28 06:03:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Default User\Recent [2006/07/28 13:17:33 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Default User\SendTo [2006/07/28 13:17:21 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Default User\Start Menu [2006/07/28 06:03:42 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Default User\Templates [2006/07/28 13:09:47 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\delia\Application Data [2011/09/21 17:34:34 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\delia\Cookies [2011/09/21 17:52:53 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\delia\Desktop [2011/07/14 11:33:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\delia\Favorites [2010/04/24 00:12:30 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\delia\IETldCache [2010/04/24 00:12:28 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\delia\Local Settings [2011/10/12 20:44:53 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\delia\My Documents [2011/10/11 20:37:39 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\delia\NetHood [2006/07/28 06:03:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\delia\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\delia\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\delia\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\delia\PrintHood [2006/07/28 06:03:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\delia\PrivacIE [2010/04/24 00:13:32 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\delia\Recent [2011/05/15 19:29:07 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\delia\SendTo [2011/07/14 11:33:02 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\delia\Start Menu [2006/07/28 06:03:42 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\delia\Templates [2006/07/28 13:09:47 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\delia\UserData [2009/06/02 05:10:12 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\LocalService\Application Data [2011/10/08 23:54:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\LocalService\Cookies [2011/10/12 20:48:48 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\LocalService\Favorites [2011/10/09 00:11:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\LocalService\IETldCache [2010/08/12 06:48:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\LocalService\Local Settings [2011/10/12 20:44:53 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\LocalService\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\LocalService\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\LocalService\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\NetworkService\Application Data [2006/07/28 13:16:58 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\NetworkService\Cookies [2011/10/12 20:49:07 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\NetworkService\Favorites [2010/06/19 08:54:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\NetworkService\IETldCache [2010/04/06 04:01:14 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\NetworkService\Local Settings [2011/10/12 20:44:53 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\NetworkService\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\NetworkService\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\NetworkService\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\Patrick\Application Data [2011/09/20 13:04:03 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Patrick\Cookies [2011/09/29 18:00:50 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Patrick\Desktop [2011/10/11 20:37:44 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Patrick\Favorites [2010/04/18 17:16:28 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Patrick\IETldCache [2010/04/18 17:16:25 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Patrick\Local Settings [2011/10/12 20:44:53 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Patrick\My Documents [2011/10/11 20:23:22 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Patrick\NetHood [2006/07/28 06:03:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Patrick\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\Patrick\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\Patrick\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\Patrick\PrintHood [2006/07/28 06:03:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Patrick\PrivacIE [2010/04/18 17:17:41 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Patrick\Recent [2011/01/03 17:31:07 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Patrick\SendTo [2006/07/28 13:17:21 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Patrick\Start Menu [2006/07/28 06:03:42 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Patrick\Templates [2006/07/28 13:09:47 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Patrick\UserData [2009/12/31 22:01:12 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Paul\Application Data [2011/10/12 20:41:23 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Paul\Cookies [2011/10/10 19:05:32 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Paul\Desktop [2011/10/08 09:30:54 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Paul\Favorites [2011/10/08 08:31:19 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Paul\IECompatCache [2010/04/06 04:02:52 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Paul\IETldCache [2010/04/06 04:00:39 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Paul\Local Settings [2010/11/25 11:58:38 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Paul\My Documents [2011/10/12 20:06:10 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Paul\NetHood [2006/07/28 06:03:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Paul\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\Paul\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\Paul\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\Paul\pool.bin ()
O4 - Startup: C:\Documents and Settings\Paul\PrintHood [2006/07/28 06:03:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Paul\PrivacIE [2010/04/06 04:02:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Paul\Recent [2011/10/08 09:33:10 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Paul\SendTo [2009/06/11 01:07:57 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Paul\Start Menu [2009/06/11 01:08:00 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Paul\Templates [2009/06/11 01:07:29 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Paul\UserData [2009/06/02 06:09:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Paul.WXP-G5N1Q91\Application Data [2011/10/10 22:21:13 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Paul.WXP-G5N1Q91\Cookies [2011/10/10 22:13:38 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Paul.WXP-G5N1Q91\Desktop [2011/10/10 22:19:45 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Paul.WXP-G5N1Q91\Favorites [2011/10/10 22:20:23 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Paul.WXP-G5N1Q91\Local Settings [2011/10/10 22:13:38 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Paul.WXP-G5N1Q91\My Documents [2011/10/10 22:23:21 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Paul.WXP-G5N1Q91\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\Paul.WXP-G5N1Q91\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\Paul.WXP-G5N1Q91\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\Paul.WXP-G5N1Q91\Recent [2011/10/10 22:19:45 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Paul.WXP-G5N1Q91\Start Menu [2011/10/10 22:19:45 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Paul.WXP-G5N1Q91\Templates [2011/10/10 22:13:38 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Application Data [2011/10/12 20:25:30 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Cookies [2011/10/11 20:14:20 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Desktop [2011/10/13 04:43:52 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Favorites [2011/10/11 20:46:53 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Local Settings [2011/10/11 20:21:27 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Paul.WXP-G5N1Q91.000\My Documents [2011/10/12 07:46:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Paul.WXP-G5N1Q91.000\NetHood [2011/10/12 07:46:49 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Paul.WXP-G5N1Q91.000\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\Paul.WXP-G5N1Q91.000\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\Paul.WXP-G5N1Q91.000\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\Paul.WXP-G5N1Q91.000\PrintHood [2011/10/12 07:46:49 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Recent [2011/10/11 20:20:25 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Paul.WXP-G5N1Q91.000\SendTo [2011/10/12 07:46:49 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Start Menu [2011/10/11 20:20:25 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Templates [2011/10/11 20:14:20 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\sheila\Application Data [2011/10/12 20:06:11 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\sheila\Cookies [2011/10/06 20:01:31 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\sheila\Desktop [2011/09/07 10:49:15 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\sheila\Favorites [2010/04/07 19:44:33 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\sheila\IETldCache [2010/04/07 19:44:06 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\sheila\Local Settings [2011/10/12 20:44:53 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\sheila\My Documents [2011/10/11 20:33:14 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\sheila\NetHood [2006/07/28 06:03:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\sheila\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\sheila\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\sheila\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\sheila\PrintHood [2006/07/28 06:03:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\sheila\PrivacIE [2010/04/07 19:47:19 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\sheila\Recent [2010/10/27 20:30:34 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\sheila\SendTo [2006/07/28 13:17:21 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\sheila\Start Menu [2006/07/28 06:03:42 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\sheila\Templates [2006/07/28 13:09:47 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\sheila\UserData [2009/06/02 06:04:05 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\TEMP\Application Data [2011/10/07 20:37:19 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\TEMP\Desktop [2011/06/25 21:45:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\TEMP\Favorites [2011/10/07 20:17:37 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\TEMP\Local Settings [2011/06/25 21:45:13 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\TEMP\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\TEMP\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\TEMP\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\TEMP\Recent [2011/06/25 21:45:23 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\TEMP\Start Menu [2011/06/25 21:45:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\TEMP.WXP-G5N1Q91\Cookies [2011/10/10 20:34:52 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\TEMP.WXP-G5N1Q91\Favorites [2011/10/10 20:33:30 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\TEMP.WXP-G5N1Q91\Local Settings [2011/10/10 20:35:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\TEMP.WXP-G5N1Q91.000\Application Data [2011/10/10 23:04:27 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\TEMP.WXP-G5N1Q91.000\Cookies [2011/10/10 23:04:31 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\TEMP.WXP-G5N1Q91.000\Local Settings [2011/10/10 23:04:08 | 000,000,000 | ---D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2835520393-2346535299-1512314548-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2835520393-2346535299-1512314548-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2835520393-2346535299-1512314548-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51E9D222-B091-46D6-8673-80AC4F763B02}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/04 21:25:21 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/12 20:49:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies
[2011/10/12 20:48:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService\Cookies
[2011/10/12 20:44:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/12 19:27:41 | 000,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2011/10/12 07:46:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Paul.WXP-G5N1Q91.000\SendTo
[2011/10/12 07:46:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Paul.WXP-G5N1Q91.000\PrintHood
[2011/10/12 07:46:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Paul.WXP-G5N1Q91.000\NetHood
[2011/10/11 21:58:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Paul.WXP-G5N1Q91.000\My Documents
[2011/10/11 21:14:09 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/10/11 21:14:09 | 000,000,000 | ---D | C] -- \Config.Msi
[2011/10/11 21:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Local Settings\Application Data\Apple Computer
[2011/10/11 21:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Local Settings\Application Data\Adobe
[2011/10/11 20:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Local Settings\Application Data\HP
[2011/10/11 20:47:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Local Settings\Application Data\AskToolbar
[2011/10/11 20:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Local Settings\Application Data\Google
[2011/10/11 20:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Application Data
[2011/10/11 20:20:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Recent
[2011/10/11 20:20:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Favorites
[2011/10/11 20:20:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Start Menu
[2011/10/11 20:20:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Desktop
[2011/10/11 20:14:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Templates
[2011/10/11 20:14:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Cookies
[2011/10/11 20:14:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Local Settings
[2011/10/11 20:14:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Local Settings\Application Data\Microsoft
[2011/10/10 23:04:48 | 000,000,000 | ---D | C] -- C:\AVG2012
[2011/10/10 23:04:48 | 000,000,000 | ---D | C] -- \AVG2012
[2011/10/10 20:33:09 | 000,000,000 | ---D | C] -- C:\ArcSoft
[2011/10/10 20:33:09 | 000,000,000 | ---D | C] -- \ArcSoft
[2011/10/09 00:11:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\Favorites
[2011/10/08 09:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/08 09:31:22 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/08 09:31:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/08 08:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/09/26 15:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rosetta Stone
[2011/09/26 15:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone
[2011/09/26 15:42:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2011/09/26 15:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2011/09/26 15:36:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2011/09/26 15:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2011/09/26 15:31:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Elaborate Bytes
[2011/09/17 06:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes Agent
[2011/09/16 21:25:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/09/16 21:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/09/16 20:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\doubleTwist
[2011/09/16 20:26:47 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2011/09/16 20:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2010/11/22 20:31:28 | 003,137,976 | ---- | C] (McAfee, Inc.) -- C:\Program Files\DMSetup.exe
[2010/11/08 20:01:32 | 266,313,336 | ---- | C] (Lexia Learning Systems, Inc.) -- C:\Program Files\LexiaReading_7.0.1_us.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/13 04:45:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{52508262-3DA4-4112-9E03-487C0ACF1BFB}.job
[2011/10/13 04:26:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/13 04:26:07 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/13 04:14:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/13 04:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/10/13 03:24:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/13 03:24:52 | 000,212,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/13 03:24:51 | 3219,271,680 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/13 03:08:17 | 000,432,778 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/13 03:08:17 | 000,067,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/13 03:01:59 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/12 20:42:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/12 15:28:25 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/11 21:25:44 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2011/10/11 20:59:14 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/10 23:04:04 | 000,248,739 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/10/10 22:32:12 | 000,035,262 | ---- | M] () -- C:\WINDOWS\Administrator.acl
[2011/10/08 09:31:25 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/07 11:46:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/05 18:41:34 | 000,000,028 | ---- | M] () -- C:\WINDOWS\MotionDVSTUDIO.INI
[2011/10/03 04:35:11 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/09/26 15:32:21 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Virtual CloneDrive.lnk
[2011/09/26 11:41:20 | 000,611,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011/09/26 11:41:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll
[2011/09/18 22:49:03 | 000,000,063 | ---- | M] () -- C:\1.html
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/12 20:48:35 | 3219,271,680 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/12 20:48:35 | 3219,271,680 | -HS- | C] () -- \hiberfil.sys
[2011/10/11 21:30:00 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/11 20:59:14 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/10 22:32:12 | 000,035,262 | ---- | C] () -- C:\WINDOWS\Administrator.acl
[2011/10/08 09:31:25 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/26 15:32:21 | 000,000,903 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Virtual CloneDrive.lnk
[2011/09/18 20:04:32 | 000,000,063 | ---- | C] () -- C:\1.html
[2011/09/18 20:04:32 | 000,000,063 | ---- | C] () -- \1.html
[2011/09/16 20:26:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/04/14 21:03:27 | 000,000,056 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsidmv.dat
[2010/09/13 21:37:13 | 000,000,992 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat.temp
[2010/09/13 20:11:29 | 000,640,704 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/28 18:25:45 | 000,201,755 | ---- | C] () -- C:\WINDOWS\hpoins40.dat
[2010/08/28 18:25:45 | 000,000,992 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat
[2010/07/05 10:40:14 | 000,053,364 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/26 16:15:08 | 000,000,281 | ---- | C] () -- \Boot.bak
[2010/06/26 16:15:02 | 000,260,272 | RHS- | C] () -- \cmldr
[2010/06/26 16:07:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/26 16:07:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/26 16:07:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/26 16:07:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/26 16:07:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/19 16:41:23 | 000,983,040 | ---- | C] () -- \ffastunT.ffl
[2010/06/17 12:48:27 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/03/08 05:18:24 | 000,000,039 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/01/16 23:24:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2009/09/18 18:19:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/08/05 19:50:00 | 001,597,690 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/06/29 21:32:29 | 000,008,074 | ---- | C] () -- C:\WINDOWS\extend.dat
[2009/06/26 04:30:03 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/06/26 04:03:58 | 000,015,312 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2009/06/25 06:13:49 | 000,001,048 | ---- | C] () -- \net_save.dna
[2009/06/11 01:12:25 | 004,468,736 | -H-- | C] () -- \ffastun0.ffx
[2009/06/11 01:12:25 | 000,229,376 | -H-- | C] () -- \ffastun.ffo
[2009/06/11 01:12:25 | 000,004,890 | -H-- | C] () -- \ffastun.ffa
[2009/06/11 01:10:20 | 000,983,040 | -H-- | C] () -- \ffastun.ffl
[2009/06/11 01:07:53 | 000,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/11 01:07:53 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2009/06/07 06:05:27 | 000,000,028 | ---- | C] () -- C:\WINDOWS\MotionDVSTUDIO.INI
[2009/06/07 05:55:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Title.INI
[2009/05/30 08:09:21 | 000,905,290 | R--- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2009/05/30 07:57:08 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/05/30 07:57:08 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD5250DN.DAT
[2009/05/30 02:05:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/05/30 01:55:14 | 000,114,630 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/11/07 08:12:28 | 000,232,960 | ---- | C] () -- \VC_RED.MSI
[2007/11/07 08:09:22 | 001,442,522 | ---- | C] () -- \VC_RED.cab
[2007/11/07 08:03:18 | 000,097,296 | ---- | C] () -- \install.res.1036.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | C] () -- \install.res.3082.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | C] () -- \install.res.1031.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | C] () -- \install.res.1040.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | C] () -- \install.res.1033.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | C] () -- \install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | C] () -- \install.res.1042.dll
[2007/11/07 08:03:18 | 000,076,304 | ---- | C] () -- \install.res.1028.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | C] () -- \install.res.2052.dll
[2007/11/07 08:00:40 | 000,005,686 | ---- | C] () -- \vcredist.bmp
[2007/11/07 08:00:40 | 000,001,110 | ---- | C] () -- \globdata.ini
[2007/11/07 08:00:40 | 000,000,843 | ---- | C] () -- \install.ini
[2006/09/24 19:55:20 | 000,004,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\WinIo.sys
[2006/09/24 19:53:02 | 000,000,798 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/28 13:34:06 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2006/07/28 13:16:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/28 13:13:37 | 000,000,050 | ---- | C] () -- \AUTOEXEC.BAT
[2006/07/28 13:13:37 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2006/07/28 13:13:37 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2006/07/28 13:13:37 | 000,000,000 | ---- | C] () -- \CONFIG.SYS
[2006/07/28 13:10:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/28 06:04:06 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/28 06:03:01 | 000,212,080 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/07/28 06:02:35 | 000,000,327 | RHS- | C] () -- \boot.ini
[2004/08/12 09:36:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 09:36:06 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 09:28:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/12 09:26:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 09:26:07 | 000,432,778 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/12 09:26:06 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 09:26:05 | 000,067,734 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/12 09:25:13 | 000,250,048 | RHS- | C] () -- \ntldr
[2004/08/12 09:25:07 | 000,047,564 | RHS- | C] () -- \NTDETECT.COM
[2004/08/12 09:24:57 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/12 09:22:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 09:22:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 09:18:55 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/12 09:18:32 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1997/07/11 08:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1997/07/11 08:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1997/07/11 08:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
[1997/07/11 08:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 08:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 08:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

< End of report >

Edited by pderbs, 13 October 2011 - 03:51 AM.

Back to top

#14 gringo_pr

Bleepin Gringo

Malware Response Team
120,576 posts

Gender:Male
Location:Puerto rico

Posted 13 October 2011 - 09:42 AM

Hello

I want you to run this custem OTL script for me and then let me know how things are after you finish.

Run OTL Script

Double-click OTL.exe to start the program.

Copy and Paste the following code into the Posted Image

textbox. Do not include the word Code

:otl
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found
O3 - HKLM\..\Toolbar: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found
O4 - HKLM..\RunOnce: [AFD] C:\WINDOWS\Regedit.exe /s "C:\ComboFix\SW_AFD.reg" File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
:Files
ipconfig /flushdns /c
:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]

Then click the Run Fix button at the top.
Click .
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Back to top

#15 pderbs

Member

Members
66 posts

Posted 13 October 2011 - 05:12 PM

I believe this is the log, computer rebooted and this was titled OTL notepad: Still getting same crap about security risk page and warnings at startup not my homepage, even after restart.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AFD deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File move failed. C:\Program Files\Ask.com\GenericAskToolbar.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File move failed. C:\Program Files\Ask.com\GenericAskToolbar.dll scheduled to be moved on reboot.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File move failed. C:\Program Files\Ask.com\GenericAskToolbar.dll scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File move failed. C:\Program Files\Ask.com\GenericAskToolbar.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Paul.WXP-G5N1Q91.000\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: All Users
-> No Temporary Internet Files cache folder defined!

User: bleepingputer
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: Cara
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: Default User
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: delia
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: LocalService
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: NetworkService
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: Patrick
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: Paul
->Temp folder emptied: 302592 bytes
-> No Temporary Internet Files cache folder defined!

User: Paul.WXP-G5N1Q91
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: Paul.WXP-G5N1Q91.000
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: sheila
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: TEMP
-> No Temporary Internet Files cache folder defined!

User: TEMP.WXP-G5N1Q91
->Temp folder emptied: 36782 bytes
-> No Temporary Internet Files cache folder defined!

User: TEMP.WXP-G5N1Q91.000
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 62515502 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13563466 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 71028443 bytes
RecycleBin emptied: shell32.dll unable to determine bytes removed.

Total Files Cleaned = 141.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: bleepingputer

User: Cara

User: Default User

User: delia

User: LocalService

User: NetworkService

User: Patrick

User: Paul

User: Paul.WXP-G5N1Q91

User: Paul.WXP-G5N1Q91.000

User: sheila

User: TEMP

User: TEMP.WXP-G5N1Q91

User: TEMP.WXP-G5N1Q91.000

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.29.1 log created on 10132011_173633

Files\Folders moved on Reboot...
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
File\Folder C:\Documents and Settings\Paul\Local Settings\Temp\Temporary Directory 1 for gmer.zip\gmer.exe not found!

Registry entries deleted on Reboot...

Edited by pderbs, 13 October 2011 - 06:15 PM.