Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Numerous trojans (have listed below)


  • This topic is locked This topic is locked
11 replies to this topic

#1 murrayj1

murrayj1

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 31 October 2009 - 01:02 PM

model MSi U90 notepad
Norton antivirus had expired and notepad then infected badly with malware.
Norton then uninstalled and Mcafee 8.5 viruscan and antispyware installed, updated to 5782 dat file and viruscan ran.
Following viruses were picked up on latest scan
spy.agent bw!mem trojan
generic Fakealert!lnk trojan
swizzor!hv.h trojan
swizzor!hv.m trojan
generic dropper.ice trojan
swizzor!ce trojan
fakealert-EQ trojan
fakealert-D1 trojan
generic.dx!eus trojan
generic.fakealert.k trojan
dns changer.0 trojan
hiloti.c
generic downloader.x!bos trojan
generic.dx!fya trojan
generic pup.x!br program
generic dx.!gay trojan
generic fakealert!cu trojan
html/ fakeAV trojan
downloader-bxm trojan
fakealert-ir trojan
generic dropper!beb trojan
malware still present on system.
Have ran DDS and have pseudo report
and rootrepeal log
Awaiting help
Thankyou


DDS (Ver_09-10-24.04) - NTFSx86
Run by ME at 16:22:23.50 on 25/10/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.634 [GMT 0:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\MSI\MSI Q-Face\webtest.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\virusware\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://www.msi.com.tw/
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe
mRun: [Q-Face agent] c:\program files\msi\msi q-face\webtest.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [style cool 2 city] c:\documents and settings\all users\application data\byte loud style cool\LESS MAPI.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 MSILiveVirtualCamera;MSI Live Virtual Camera;c:\windows\system32\drivers\MSILiveVirtualCamera.sys [2007-1-29 449408]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2008-12-8 156160]
R3 rtl8187Se;Realtek RTL8187SE Wireless LAN PCIE Network Adapter;c:\windows\system32\drivers\rtl8187Se.sys [2008-12-8 308608]
S2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2008-12-8 159744]
S3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\drivers\a016bus.sys [2009-5-19 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\drivers\a016mdfl.sys [2009-5-19 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\drivers\a016mdm.sys [2009-5-19 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\a016mgmt.sys [2009-5-19 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\drivers\a016obex.sys [2009-5-19 100648]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-12-8 704384]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-5-19 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-5-19 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-5-19 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-5-19 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-5-19 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-5-19 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-5-19 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-5-19 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-5-19 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-5-19 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-5-19 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-5-19 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-5-19 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-5-19 109736]

=============== Created Last 30 ================

2009-10-25 15:13:17 0 d-----w- C:\ix28396i
2009-10-25 14:45:35 0 d-sha-r- C:\cmdcons
2009-10-25 14:44:35 98816 ----a-w- c:\windows\sed.exe
2009-10-25 14:44:35 236544 ----a-w- c:\windows\PEV.exe
2009-10-25 14:44:35 161792 ----a-w- c:\windows\SWREG.exe
2009-10-25 14:44:02 0 d-----w- C:\ix
2009-10-25 10:55:44 0 d-----w- C:\virusware
2009-10-25 02:43:27 0 d-sh--w- c:\documents and settings\me\PrivacIE
2009-10-25 02:41:08 0 d-sh--w- c:\documents and settings\me\IETldCache
2009-10-24 21:54:04 0 d-----w- c:\program files\curbmoderect
2009-10-21 20:11:12 0 ----a-w- c:\windows\Ujamusefub.bin
2009-10-21 20:11:11 120 ----a-w- c:\windows\Lmikezezocohof.dat
2009-10-17 18:24:33 178432 ----a-w- c:\windows\system32\lsp.d00
2009-10-17 18:22:25 0 d-----w- c:\program files\gselkj

==================== Find3M ====================

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 18:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 18:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 18:52:22 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13:08 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ------w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 16:22:38.00 ===============



ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2009/10/25 16:24
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7504000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: ACPIEC.sys
Image Path: ACPIEC.sys
Address: 0xF7A4F000 Size: 11648 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xAA101000 Size: 138496 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF74BC000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7CFE000 Size: 3072 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xF7A4B000 Size: 16384 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7B4D000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7A43000 Size: 12288 File Visible: - Signed: -
Status: -

Name: catchme.sys
Image Path: C:\DOCUME~1\ME\LOCALS~1\Temp\catchme.sys
Address: 0xF79AB000 Size: 31744 File Visible: No Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF7673000 Size: 53248 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Address: 0xF7ADB000 Size: 13952 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xF7A47000 Size: 10240 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF7663000 Size: 36352 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF7753000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9FFC000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B5B000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xAA2C9000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7C9A000 Size: 4096 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xA8C0C000 Size: 143744 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF77D3000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltMgr.sys
Image Path: fltMgr.sys
Address: 0xF749C000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7B49000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF74D4000 Size: 125056 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF6D84000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA918C000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF7693000 Size: 52480 File Visible: - Signed: -
Status: -

Name: igxpdv32.DLL
Image Path: C:\WINDOWS\System32\igxpdv32.DLL
Address: 0xBF04F000 Size: 1671168 File Visible: - Signed: -
Status: -

Name: igxpdx32.DLL
Image Path: C:\WINDOWS\System32\igxpdx32.DLL
Address: 0xBF1E7000 Size: 2699264 File Visible: - Signed: -
Status: -

Name: igxpgd32.dll
Image Path: C:\WINDOWS\System32\igxpgd32.dll
Address: 0xBF024000 Size: 176128 File Visible: - Signed: -
Status: -

Name: igxpmp32.sys
Image Path: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
Address: 0xF6DC0000 Size: 5854688 File Visible: - Signed: -
Status: -

Name: igxprd32.dll
Image Path: C:\WINDOWS\System32\igxprd32.dll
Address: 0xBF012000 Size: 73728 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF76A3000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xAA1EB000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xAA26A000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF7633000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF7913000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7B33000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA8BE1000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF6C69000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7485000 Size: 92928 File Visible: - Signed: -
Status: -

Name: mfehidk.sys
Image Path: C:\WINDOWS\system32\drivers\mfehidk.sys
Address: 0xA92C0000 Size: 161792 File Visible: - Signed: -
Status: -

Name: mferkdk.sys
Image Path: C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
Address: 0xF7A0B000 Size: 24960 File Visible: - Signed: -
Status: -

Name: mfetdik.sys
Image Path: C:\WINDOWS\system32\drivers\mfetdik.sys
Address: 0xF7783000 Size: 45152 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7B51000 Size: 4224 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF791B000 Size: 23040 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7643000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA9C5F000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xAA066000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF79CB000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF7703000 Size: 35072 File Visible: - Signed: -
Status: -

Name: MSILiveVirtualCamera.sys
Image Path: C:\WINDOWS\system32\DRIVERS\MSILiveVirtualCamera.sys
Address: 0xF6C8C000 Size: 449408 File Visible: - Signed: -
Status: -

Name: MSPQM.sys
Image Path: C:\WINDOWS\system32\drivers\MSPQM.sys
Address: 0xF7B93000 Size: 4992 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF7B03000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF739E000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF73B8000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF7AEF000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA9EA4000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF6C52000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF7743000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF77A3000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xAA123000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF79DB000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF73E5000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7D3D000 Size: 2944 File Visible: - Signed: -
Status: -

Name: OPRGHDLR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Address: 0xF7BFC000 Size: 4096 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF78BB000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF74F3000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7BFB000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF78B3000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xAA2ED000 Size: 147456 File Visible: - Signed: -
Status: -

Name: PROCEXP90.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS
Address: 0xF7BC3000 Size: 6464 File Visible: No Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF6C41000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF7963000 Size: 17792 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF7AE7000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF76D3000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF76E3000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF76F3000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF7973000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xAA0D6000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7B55000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9568000 Size: 49152 File Visible: No Signed: -
Status: -

Name: Rtenicxp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
Address: 0xF6D6A000 Size: 106368 File Visible: - Signed: -
Status: -

Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xAA311000 Size: 4911104 File Visible: - Signed: -
Status: -

Name: rtl8187Se.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rtl8187Se.sys
Address: 0xF6D1E000 Size: 308608 File Visible: - Signed: -
Status: -

Name: RTS5121.sys
Image Path: C:\WINDOWS\System32\Drivers\RTS5121.sys
Address: 0xAA014000 Size: 172032 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\sr.sys
Address: 0xA8C7D000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA9BBD000 Size: 333952 File Visible: - Signed: -
Status: -

Name: STREAM.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\STREAM.SYS
Address: 0xF76C3000 Size: 53248 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7B3D000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA9A1D000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xAA211000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF7953000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF7713000 Size: 40704 File Visible: - Signed: -
Status: -

Name: tosporte.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tosporte.sys
Address: 0xF7733000 Size: 41600 File Visible: - Signed: -
Status: -

Name: tosrfcom.sys
Image Path: C:\WINDOWS\System32\Drivers\tosrfcom.sys
Address: 0xF76B3000 Size: 64128 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF6BE3000 Size: 384768 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7B45000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF7903000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF7763000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF6CFA000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF78FB000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF79BB000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF6DAC000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7653000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF7793000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF7A33000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA98B0000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: wmiacpi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
Address: 0xF7AE3000 Size: 8832 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7B35000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: WudfPf.sys
Image Path: WudfPf.sys
Address: 0xF7472000 Size: 77568 File Visible: - Signed: -
Status: -

Attached Files


Edited by garmanma, 06 November 2009 - 02:39 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:59 PM

Posted 07 November 2009 - 12:40 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 murrayj1

murrayj1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 08 November 2009 - 07:47 AM

OTL logfile created on: 08/11/2009 12:28:56 - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\ME\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy :( :(

1013.23 Mb Total Physical Memory | 474.19 Mb Available Physical Memory | 46.80% Memory free
2.38 Gb Paging File | 1.92 Gb Available in Paging File | 80.77% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.07 Gb Total Space | 25.61 Gb Free Space | 65.56% Space Free | Partition Type: NTFS
Drive D: | 68.81 Gb Total Space | 68.44 Gb Free Space | 99.45% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHARLY
Current User Name: ME
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/08 12:12:02 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\OTL.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/06 10:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/11/25 18:44:56 | 00,012,288 | ---- | M] (MSI) -- C:\Program Files\MSI\MSI Q-Face\WebTest.exe
PRC - [2008/10/09 18:19:00 | 00,688,128 | ---- | M] (Mirco-Star International CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2008/08/27 00:52:14 | 00,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe
PRC - [2008/05/08 00:39:52 | 16,862,208 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2008/04/14 12:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 12:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2007/12/19 18:08:12 | 00,159,744 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2007/12/19 18:08:08 | 00,135,168 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2007/12/19 18:07:42 | 00,131,072 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2007/12/19 18:07:30 | 00,249,856 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2007/09/29 00:05:16 | 00,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2006/11/30 07:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2006/11/30 07:50:00 | 00,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2006/11/30 07:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006/11/17 12:40:56 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/11/17 12:39:58 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/11/17 12:37:44 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/17 02:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


========== Modules (SafeList) ==========

MOD - [2009/11/08 12:12:02 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\OTL.exe
MOD - [2008/04/14 12:00:00 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/14 12:00:00 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008/04/14 12:00:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/08/27 00:52:14 | 00,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/14 12:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/09/29 00:05:16 | 00,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006/11/30 07:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2006/11/30 07:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006/11/17 12:37:44 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV - [2008/10/21 09:22:48 | 00,114,600 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008/10/21 09:22:48 | 00,109,736 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic)
DRV - [2008/10/21 09:22:48 | 00,108,328 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV - [2008/10/21 09:22:48 | 00,104,616 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008/10/21 09:22:48 | 00,086,824 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus)
DRV - [2008/10/21 09:22:48 | 00,026,024 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5)
DRV - [2008/10/21 09:22:48 | 00,015,016 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008/09/25 04:30:08 | 00,704,384 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2008/08/23 02:25:14 | 00,308,608 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\rtl8187Se.sys -- (rtl8187Se)
DRV - [2008/06/11 03:23:07 | 00,106,368 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/06/11 03:23:01 | 00,156,160 | R--- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008/05/16 11:33:14 | 00,115,752 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008/05/16 11:33:14 | 00,025,512 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008/05/16 11:33:14 | 00,015,016 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 11:33:12 | 00,120,744 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 11:33:12 | 00,114,216 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008/05/16 11:33:12 | 00,110,632 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 11:33:12 | 00,089,256 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008/05/08 04:21:40 | 04,739,072 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/04/14 12:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 12:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008/04/09 01:45:42 | 01,309,504 | R--- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/02/15 23:01:06 | 00,131,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008/01/31 23:55:06 | 00,074,240 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008/01/23 04:57:48 | 00,054,144 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2008/01/18 15:16:28 | 00,100,648 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\a016obex.sys -- (a016obex)
DRV - [2008/01/18 15:16:26 | 00,110,504 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\a016mdm.sys -- (a016mdm)
DRV - [2008/01/18 15:16:26 | 00,104,488 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\a016mgmt.sys -- (a016mgmt)
DRV - [2008/01/18 15:16:24 | 00,015,016 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\a016mdfl.sys -- (a016mdfl)
DRV - [2008/01/18 15:16:22 | 00,083,880 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\a016bus.sys -- (a016bus)
DRV - [2007/12/19 18:32:12 | 05,854,688 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/11/29 17:45:44 | 00,036,608 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/10/18 22:25:00 | 00,041,856 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/10/02 19:43:22 | 00,064,128 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/04/03 12:57:50 | 00,100,488 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s116mgmt.sys -- (s116mgmt)
DRV - [2007/01/29 15:40:22 | 00,449,408 | ---- | M] (MSI Corporation) -- C:\WINDOWS\system32\drivers\MSILiveVirtualCamera.sys -- (MSILiveVirtualCamera)
DRV - [2006/11/30 07:50:00 | 00,168,776 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/11/30 07:50:00 | 00,072,264 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/30 07:50:00 | 00,064,360 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/30 07:50:00 | 00,052,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/30 07:50:00 | 00,034,152 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/30 07:50:00 | 00,031,944 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/10/11 03:33:00 | 00,041,600 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/01/07 13:42:00 | 00,018,612 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/12/23 12:47:10 | 00,027,392 | R--- | M] (Ulead Systems, Inc.) -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw

IE - HKU\S-1-5-21-652596351-2509141567-1838502690-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-652596351-2509141567-1838502690-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-652596351-2509141567-1838502690-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-652596351-2509141567-1838502690-1007\S-1-5-21-652596351-2509141567-1838502690-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/31 23:01:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{81EF1982-27F4-41C7-A0FC-628322520603}: C:\Documents and Settings\Frewy\Local Settings\Application Data\{81EF1982-27F4-41C7-A0FC-628322520603}
FF - HKLM\software\mozilla\Firefox\Extensions\\{D088D32C-4516-4EF2-8A9A-EEF394D9471B}: C:\Documents and Settings\ME\Local Settings\Application Data\{D088D32C-4516-4EF2-8A9A-EEF394D9471B} [2009/10/25 02:41:22 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Q-Face agent] C:\Program Files\MSI\MSI Q-Face\WebTest.exe (MSI)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [style cool 2 city] C:\Documents and Settings\All Users\Application Data\byte loud style cool\LESS MAPI.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-652596351-2509141567-1838502690-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-652596351-2509141567-1838502690-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-652596351-2509141567-1838502690-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-652596351-2509141567-1838502690-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-652596351-2509141567-1838502690-1007_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/08 20:21:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/08 12:26:58 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\OTL.exe
[2009/10/25 15:23:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/25 15:13:17 | 00,000,000 | ---D | C] -- C:\ix28396i
[2009/10/25 14:45:35 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/25 14:44:35 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/25 14:44:35 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/25 14:44:35 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/25 14:44:35 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/25 14:44:02 | 00,000,000 | ---D | C] -- C:\ix
[2009/10/25 14:44:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/25 14:39:51 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/25 10:55:44 | 00,000,000 | ---D | C] -- C:\virusware
[2009/10/25 09:48:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Application Data\Macromedia
[2009/10/25 02:43:27 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\ME\PrivacIE
[2009/10/25 02:41:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Local Settings\Application Data\{D088D32C-4516-4EF2-8A9A-EEF394D9471B}
[2009/10/25 02:41:08 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\ME\IETldCache
[2009/10/25 02:40:32 | 00,000,000 | --SD | C] -- C:\Documents and Settings\ME\Application Data\Microsoft
[2009/10/25 02:40:32 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\ME\SendTo
[2009/10/25 02:40:32 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\ME\Recent
[2009/10/25 02:40:32 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\ME\Application Data
[2009/10/25 02:40:32 | 00,000,000 | R--D | C] -- C:\Documents and Settings\ME\Desktop\Windy Zone
[2009/10/25 02:40:32 | 00,000,000 | R--D | C] -- C:\Documents and Settings\ME\Start Menu
[2009/10/25 02:40:32 | 00,000,000 | R--D | C] -- C:\Documents and Settings\ME\My Documents\My Pictures
[2009/10/25 02:40:32 | 00,000,000 | R--D | C] -- C:\Documents and Settings\ME\My Documents\My Music
[2009/10/25 02:40:32 | 00,000,000 | R--D | C] -- C:\Documents and Settings\ME\My Documents
[2009/10/25 02:40:32 | 00,000,000 | R--D | C] -- C:\Documents and Settings\ME\Favorites
[2009/10/25 02:40:32 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\ME\Cookies
[2009/10/25 02:40:32 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\ME\Templates
[2009/10/25 02:40:32 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\ME\PrintHood
[2009/10/25 02:40:32 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\ME\NetHood
[2009/10/25 02:40:32 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\ME\Local Settings
[2009/10/25 02:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Desktop\User Manual
[2009/10/25 02:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\My Documents\Ulead Burn.Now
[2009/10/25 02:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\My Documents\qface
[2009/10/25 02:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Desktop
[2009/10/25 02:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\My Documents\Bluetooth
[2009/10/25 02:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Local Settings\Application Data\Toshiba
[2009/10/25 02:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Local Settings\Application Data\Microsoft Help
[2009/10/25 02:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Local Settings\Application Data\Microsoft
[2009/10/25 02:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Local Settings\Application Data\Adobe
[2009/10/25 02:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Application Data\Ulead Systems
[2009/10/25 02:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Application Data\InstallShield
[2009/10/25 02:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Application Data\Identities
[2009/10/25 02:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Application Data\Adobe
[2009/10/24 21:54:04 | 00,000,000 | ---D | C] -- C:\Program Files\curbmoderect
[2009/10/17 18:22:25 | 00,000,000 | ---D | C] -- C:\Program Files\gselkj
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/08 12:16:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/08 12:16:30 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/08 12:16:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/08 12:16:20 | 10,625,26976 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/08 12:12:02 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\OTL.exe
[2009/10/31 19:01:40 | 01,310,720 | -H-- | M] () -- C:\Documents and Settings\ME\NTUSER.DAT
[2009/10/31 19:01:35 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\ME\ntuser.ini
[2009/10/25 15:21:40 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/25 14:55:48 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/25 14:45:41 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/25 14:28:03 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Lmikezezocohof.dat
[2009/10/25 10:07:09 | 00,000,331 | ---- | M] () -- C:\Documents and Settings\ME\Desktop\bad image error, .dll is not a valid windows image.url
[2009/10/25 02:08:32 | 00,512,784 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/25 02:08:32 | 00,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/25 02:08:32 | 00,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/24 23:10:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Ujamusefub.bin
[2009/10/24 21:49:14 | 00,178,432 | ---- | M] () -- C:\WINDOWS\System32\lsp.d00
[2009/10/15 20:39:48 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/10/25 14:45:41 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/25 14:45:38 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/25 14:44:35 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/25 14:44:35 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/25 14:44:35 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/25 14:44:35 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/25 10:07:09 | 00,000,331 | ---- | C] () -- C:\Documents and Settings\ME\Desktop\bad image error, .dll is not a valid windows image.url
[2009/10/25 02:40:48 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\ME\Application Data\desktop.ini
[2009/10/25 02:40:46 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\ME\Desktop\Magnifier.lnk
[2009/10/25 02:40:46 | 00,000,612 | ---- | C] () -- C:\Documents and Settings\ME\Desktop\Install CorelWinZip.lnk
[2009/10/25 02:40:46 | 00,000,506 | ---- | C] () -- C:\Documents and Settings\ME\Desktop\Install NIS2008.lnk
[2009/10/25 02:40:34 | 04,822,734 | -H-- | C] () -- C:\Documents and Settings\ME\Local Settings\Application Data\IconCache.db
[2009/10/25 02:40:32 | 01,310,720 | -H-- | C] () -- C:\Documents and Settings\ME\NTUSER.DAT
[2009/10/25 02:40:32 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\ME\ntuser.ini
[2009/10/21 20:11:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Ujamusefub.bin
[2009/10/21 20:11:11 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Lmikezezocohof.dat
[2009/10/17 18:24:33 | 00,178,432 | ---- | C] () -- C:\WINDOWS\System32\lsp.d00
[2009/09/19 12:51:45 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/09/12 21:30:27 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/12 19:10:35 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009/05/19 08:57:25 | 00,000,096 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2008/12/09 00:56:30 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/12/08 22:17:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/12/08 21:01:46 | 06,184,960 | R--- | C] () -- C:\WINDOWS\System32\RTS5121icon.dll
[2008/12/08 20:50:02 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2008/12/08 19:05:39 | 00,001,188 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/12/08 19:05:34 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/12/08 19:05:33 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2008/12/08 12:12:58 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2007/12/22 00:46:32 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/07/23 05:30:18 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >
DRV - [2008/10/21 09:22:48 | 00,114,600 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008/10/21 09:22:48 | 00,109,736 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic)
DRV - [2008/10/21 09:22:48 | 00,108,328 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV - [2008/10/21 09:22:48 | 00,104,616 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008/10/21 09:22:48 | 00,086,824 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus)
DRV - [2008/10/21 09:22:48 | 00,026,024 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5)
DRV - [2008/10/21 09:22:48 | 00,015,016 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008/09/25 04:30:08 | 00,704,384 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2008/08/23 02:25:14 | 00,308,608 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\rtl8187Se.sys -- (rtl8187Se)
DRV - [2008/06/11 03:23:07 | 00,106,368 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/06/11 03:23:01 | 00,156,160 | R--- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008/05/16 11:33:14 | 00,115,752 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008/05/16 11:33:14 | 00,025,512 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008/05/16 11:33:14 | 00,015,016 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 11:33:12 | 00,120,744 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 11:33:12 | 00,114,216 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008/05/16 11:33:12 | 00,110,632 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 11:33:12 | 00,089,256 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008/05/08 04:21:40 | 04,739,072 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/04/14 12:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 12:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008/04/09 01:45:42 | 01,309,504 | R--- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/02/15 23:01:06 | 00,131,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008/01/31 23:55:06 | 00,074,240 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008/01/23 04:57:48 | 00,054,144 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2008/01/18 15:16:28 | 00,100,648 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\a016obex.sys -- (a016obex)
DRV - [2008/01/18 15:16:26 | 00,110,504 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\a016mdm.sys -- (a016mdm)
DRV - [2008/01/18 15:16:26 | 00,104,488 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\a016mgmt.sys -- (a016mgmt)
DRV - [2008/01/18 15:16:24 | 00,015,016 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\a016mdfl.sys -- (a016mdfl)
DRV - [2008/01/18 15:16:22 | 00,083,880 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\a016bus.sys -- (a016bus)
DRV - [2007/12/19 18:32:12 | 05,854,688 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/11/29 17:45:44 | 00,036,608 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/10/18 22:25:00 | 00,041,856 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/10/02 19:43:22 | 00,064,128 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/04/03 12:57:50 | 00,100,488 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s116mgmt.sys -- (s116mgmt)
DRV - [2007/01/29 15:40:22 | 00,449,408 | ---- | M] (MSI Corporation) -- C:\WINDOWS\system32\drivers\MSILiveVirtualCamera.sys -- (MSILiveVirtualCamera)
DRV - [2006/11/30 07:50:00 | 00,168,776 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/11/30 07:50:00 | 00,072,264 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/30 07:50:00 | 00,064,360 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/30 07:50:00 | 00,052,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/30 07:50:00 | 00,034,152 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/30 07:50:00 | 00,031,944 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/10/11 03:33:00 | 00,041,600 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/01/07 13:42:00 | 00,018,612 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/12/23 12:47:10 | 00,027,392 | R--- | M] (Ulead Systems, Inc.) -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw

IE - HKU\S-1-5-21-652596351-2509141567-1838502690-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-652596351-2509141567-1838502690-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-652596351-2509141567-1838502690-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-652596351-2509141567-1838502690-1007\S-1-5-21-652596351-2509141567-1838502690-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/31 23:01:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{81EF1982-27F4-41C7-A0FC-628322520603}: C:\Documents and Settings\Frewy\Local Settings\Application Data\{81EF1982-27F4-41C7-A0FC-628322520603}
FF - HKLM\software\mozilla\Firefox\Extensions\\{D088D32C-4516-4EF2-8A9A-EEF394D9471B}: C:\Documents and Settings\ME\Local Settings\Application Data\{D088D32C-4516-4EF2-8A9A-EEF394D9471B} [2009/10/25 02:41:22 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Q-Face agent] C:\Program Files\MSI\MSI Q-Face\WebTest.exe (MSI)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [style cool 2 city] C:\Documents and Settings\All Users\Application Data\byte loud style cool\LESS MAPI.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-652596351-2509141567-1838502690-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-652596351-2509141567-1838502690-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-652596351-2509141567-1838502690-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-652596351-2509141567-1838502690-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-652596351-2509141567-1838502690-1007_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/08 20:21:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/08 12:26:58 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\OTL.exe
[2009/10/25 15:23:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/25 15:13:17 | 00,000,000 | ---D | C] -- C:\ix28396i
[2009/10/25 14:45:35 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/25 14:44:35 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/25 14:44:35 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/25 14:44:35 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/25 14:44:35 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/25 14:44:02 | 00,000,000 | ---D | C] -- C:\ix
[2009/10/25 14:44:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/25 14:39:51 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/25 10:55:44 | 00,000,000 | ---D | C] -- C:\virusware
[2009/10/25 09:48:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Application Data\Macromedia
[2009/10/25 02:43:27 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\ME\PrivacIE
[2009/10/25 02:41:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Local Settings\Application Data\{D088D32C-4516-4EF2-8A9A-EEF394D9471B}
[2009/10/25 02:41:08 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\ME\IETldCache
[2009/10/25 02:40:32 | 00,000,000 | --SD | C] -- C:\Documents and Settings\ME\Application Data\Microsoft
[2009/10/25 02:40:32 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\ME\SendTo
[2009/10/25 02:40:32 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\ME\Recent
[2009/10/25 02:40:32 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\ME\Application Data
[2009/10/25 02:40:32 | 00,000,000 | R--D | C] -- C:\Documents and Settings\ME\Desktop\Windy Zone
[2009/10/25 02:40:32 | 00,000,000 | R--D | C] -- C:\Documents and Settings\ME\Start Menu
[2009/10/25 02:40:32 | 00,000,000 | R--D | C] -- C:\Documents and Settings\ME\My Documents\My Pictures
[2009/10/25 02:40:32 | 00,000,000 | R--D | C] -- C:\Documents and Settings\ME\My Documents\My Music
[2009/10/25 02:40:32 | 00,000,000 | R--D | C] -- C:\Documents and Settings\ME\My Documents
[2009/10/25 02:40:32 | 00,000,000 | R--D | C] -- C:\Documents and Settings\ME\Favorites
[2009/10/25 02:40:32 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\ME\Cookies
[2009/10/25 02:40:32 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\ME\Templates
[2009/10/25 02:40:32 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\ME\PrintHood
[2009/10/25 02:40:32 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\ME\NetHood
[2009/10/25 02:40:32 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\ME\Local Settings
[2009/10/25 02:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Desktop\User Manual
[2009/10/25 02:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\My Documents\Ulead Burn.Now
[2009/10/25 02:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\My Documents\qface
[2009/10/25 02:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Desktop
[2009/10/25 02:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\My Documents\Bluetooth
[2009/10/25 02:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Local Settings\Application Data\Toshiba
[2009/10/25 02:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Local Settings\Application Data\Microsoft Help
[2009/10/25 02:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Local Settings\Application Data\Microsoft
[2009/10/25 02:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Local Settings\Application Data\Adobe
[2009/10/25 02:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Application Data\Ulead Systems
[2009/10/25 02:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Application Data\InstallShield
[2009/10/25 02:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Application Data\Identities
[2009/10/25 02:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ME\Application Data\Adobe
[2009/10/24 21:54:04 | 00,000,000 | ---D | C] -- C:\Program Files\curbmoderect
[2009/10/17 18:22:25 | 00,000,000 | ---D | C] -- C:\Program Files\gselkj
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/08 12:16:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/08 12:16:30 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/08 12:16:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/08 12:16:20 | 10,625,26976 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/08 12:12:02 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ME\Desktop\OTL.exe
[2009/10/31 19:01:40 | 01,310,720 | -H-- | M] () -- C:\Documents and Settings\ME\NTUSER.DAT
[2009/10/31 19:01:35 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\ME\ntuser.ini
[2009/10/25 15:21:40 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/25 14:55:48 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/25 14:45:41 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/25 14:28:03 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Lmikezezocohof.dat
[2009/10/25 10:07:09 | 00,000,331 | ---- | M] () -- C:\Documents and Settings\ME\Desktop\bad image error, .dll is not a valid windows image.url
[2009/10/25 02:08:32 | 00,512,784 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/25 02:08:32 | 00,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/25 02:08:32 | 00,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/24 23:10:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Ujamusefub.bin
[2009/10/24 21:49:14 | 00,178,432 | ---- | M] () -- C:\WINDOWS\System32\lsp.d00
[2009/10/15 20:39:48 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/10/25 14:45:41 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/25 14:45:38 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/25 14:44:35 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/25 14:44:35 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/25 14:44:35 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/25 14:44:35 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/25 10:07:09 | 00,000,331 | ---- | C] () -- C:\Documents and Settings\ME\Desktop\bad image error, .dll is not a valid windows image.url
[2009/10/25 02:40:48 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\ME\Application Data\desktop.ini
[2009/10/25 02:40:46 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\ME\Desktop\Magnifier.lnk
[2009/10/25 02:40:46 | 00,000,612 | ---- | C] () -- C:\Documents and Settings\ME\Desktop\Install CorelWinZip.lnk
[2009/10/25 02:40:46 | 00,000,506 | ---- | C] () -- C:\Documents and Settings\ME\Desktop\Install NIS2008.lnk
[2009/10/25 02:40:34 | 04,822,734 | -H-- | C] () -- C:\Documents and Settings\ME\Local Settings\Application Data\IconCache.db
[2009/10/25 02:40:32 | 01,310,720 | -H-- | C] () -- C:\Documents and Settings\ME\NTUSER.DAT
[2009/10/25 02:40:32 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\ME\ntuser.ini
[2009/10/21 20:11:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Ujamusefub.bin
[2009/10/21 20:11:11 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Lmikezezocohof.dat
[2009/10/17 18:24:33 | 00,178,432 | ---- | C] () -- C:\WINDOWS\System32\lsp.d00
[2009/09/19 12:51:45 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/09/12 21:30:27 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/12 19:10:35 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009/05/19 08:57:25 | 00,000,096 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2008/12/09 00:56:30 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/12/08 22:17:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/12/08 21:01:46 | 06,184,960 | R--- | C] () -- C:\WINDOWS\System32\RTS5121icon.dll
[2008/12/08 20:50:02 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2008/12/08 19:05:39 | 00,001,188 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/12/08 19:05:34 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/12/08 19:05:33 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2008/12/08 12:12:58 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2007/12/22 00:46:32 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/07/23 05:30:18 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >











OTL Extras logfile created on: 08/11/2009 12:28:56 - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\ME\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.23 Mb Total Physical Memory | 474.19 Mb Available Physical Memory | 46.80% Memory free
2.38 Gb Paging File | 1.92 Gb Available in Paging File | 80.77% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.07 Gb Total Space | 25.61 Gb Free Space | 65.56% Space Free | Partition Type: NTFS
Drive D: | 68.81 Gb Total Space | 68.44 Gb Free Space | 99.45% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHARLY
Current User Name: ME
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{558C02DD-1EC8-4835-889C-B13EE02FBE36}" = Chicken Shake Game MSI
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{84A37E15-BCA3-4488-B406-090C9DAD6F05}" = Star Miision Game MSI
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9AE395DB-6BC3-4CA9-B894-351CB8DE915A}" = BurnRecovery
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D10CB652-9332-4242-B7A9-2D61570144F7}" = USB 2.0 Card Reader
"{E30037F1-29B8-4A98-B673-C47C27641793}" = MSI Q-Face
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"22F0BEF1FEF235D1ECEC14DA60E19006CC07BAC4" = Windows Driver Package - Realtek (rtl8187Se) Net (08/22/2008 5.9071.0822.2008)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"DreamLight Photo Editor_is1" = DreamLight Photo Editor 3.5
"E0E22E828DBDB1F29F3D91CF328727F39AF8062B" = Windows Driver Package - Atheros (AR5416) Net (04/08/2008 7.6.0.200)
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Messenger Plus! Live" = Messenger Plus! Live & Sponsor (CiD)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23/10/2009 16:15:25 | Computer Name = CHARLY | Source = McLogEvent | ID = 259
Description = The file C:\WINDOWS\system32\config\systemprofile\ntuser.dll contains
the Generic.dx!fya Trojan. Undetermined clean error, delete failed. Detected using
Scan engine version 5301.4018 DAT version 5779.0000.

Error - 23/10/2009 16:16:17 | Computer Name = CHARLY | Source = Application Error | ID = 1000
Description = Faulting application win16.exe, version 0.0.0.0, faulting module ,
version 0.0.0.0, fault address 0x00000000.

Error - 24/10/2009 17:17:40 | Computer Name = CHARLY | Source = McLogEvent | ID = 259
Description = The file c:\WINDOWS\system32\lsp.dll contains the Downloader-BXM Trojan.
Undetermined clean error, delete failed. Detected using Scan engine version 5301.4018
DAT version 5781.0000.

Error - 24/10/2009 17:37:03 | Computer Name = CHARLY | Source = McLogEvent | ID = 259
Description = The scan found detections. Scan engine version 5301.4018 DAT version
5781.

Error - 24/10/2009 17:43:45 | Computer Name = CHARLY | Source = Application Hang | ID = 1002
Description = Hanging application scan32.exe, version 8.5.0.781, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 24/10/2009 17:49:16 | Computer Name = CHARLY | Source = McLogEvent | ID = 259
Description = The file C:\WINDOWS\system32\lsp.dll contains the Downloader-BXM Trojan.
Undetermined clean error, delete failed. Detected using Scan engine version 5301.4018
DAT version 5781.0000.

Error - 24/10/2009 17:55:52 | Computer Name = CHARLY | Source = McLogEvent | ID = 259
Description = The file C:\WINDOWS\system32\lsp.dll contains the '_' '_'. Delete
failed, denied access and continued (OAS). Detected using Scan engine version 5301.4018
DAT version 5781.0000.

Error - 24/10/2009 21:04:15 | Computer Name = CHARLY | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00010cd0.

Error - 25/10/2009 10:57:24 | Computer Name = CHARLY | Source = Application Error | ID = 1000
Description = Faulting application mgsysctrl.exe, version 1.0.0.1, faulting module
mgsysctrl.exe, version 1.0.0.1, fault address 0x00003918.

Error - 25/10/2009 19:14:19 | Computer Name = CHARLY | Source = McLogEvent | ID = 259
Description = The scan found detections. Scan engine version 5301.4018 DAT version
5782.

[ System Events ]
Error - 25/10/2009 11:15:45 | Computer Name = CHARLY | Source = Service Control Manager | ID = 7034
Description = The Micro Star SCM service terminated unexpectedly. It has done this
1 time(s).

Error - 25/10/2009 11:15:47 | Computer Name = CHARLY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 25/10/2009 11:21:31 | Computer Name = CHARLY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 25/10/2009 17:18:06 | Computer Name = CHARLY | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 25/10/2009 17:56:27 | Computer Name = CHARLY | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 25/10/2009 17:56:32 | Computer Name = CHARLY | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 25/10/2009 18:00:41 | Computer Name = CHARLY | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 25/10/2009 18:00:46 | Computer Name = CHARLY | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 25/10/2009 18:00:51 | Computer Name = CHARLY | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 08/11/2009 08:18:16 | Computer Name = CHARLY | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:59 PM

Posted 08 November 2009 - 10:30 AM

Hi,

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please do not run Combofix on your own

If you still have the log, it should be located at C:\combofix.txt, please post the content in your next reply.

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case BitTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

Download Lop S&D by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Double-click LopSD.exe
    If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 2 to choose Option 2 (Fix + Hosts), then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %SystemDrive%\lopR.txt, in most cases C:\lopR.txt)

And finally please run Malwarebytes:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Please post the logs from Combofix, Lop S&D and Malwarebytes if possible.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 murrayj1

murrayj1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 08 November 2009 - 01:24 PM

Hi, thanks for replying so quick,
have enclosed 2 combofix reports as I ran it twice, please also find LOPR and mbam.logs as follows

ComboFix 09-10-24.01 - ME 25/10/2009 14:46.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.552 [GMT 0:00]
Running from: c:\virusware\mbofix\ix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Frewy\ntuser.dll
c:\documents and settings\Frewy\Start Menu\Programs\Startup\scandisk.lnk
C:\NORTON~1.EXE
c:\program files\AskSearch\bin\DeFAultsearch.dll
c:\windows\akilayotevokomas.dll
c:\windows\oloheraf.dll
c:\windows\syssvc.exe
c:\windows\system32\AVR09.exe
c:\windows\system32\calc.dll
c:\windows\system32\drivers\ndisrd.sys
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\ndisapi.dll
c:\windows\system32\UAChmrdbaibrq.log
c:\windows\system32\uacinit.dll
c:\windows\system32\UACtnvrnorste.dat
c:\windows\system32\winhelper.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NDISRD
-------\Legacy_UACd.sys
-------\Service_NDISRD
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 )))))))))))))))))))))))))))))))
.

2009-10-25 10:55 . 2009-10-25 14:39 -------- d-----w- C:\virusware
2009-10-25 02:43 . 2009-10-25 02:43 -------- d-sh--w- c:\documents and settings\ME\PrivacIE
2009-10-25 02:41 . 2009-10-25 02:41 -------- d-----w- c:\documents and settings\ME\Local Settings\Application Data\{D088D32C-4516-4EF2-8A9A-EEF394D9471B}
2009-10-25 02:41 . 2009-10-25 02:41 -------- d-sh--w- c:\documents and settings\ME\IETldCache
2009-10-25 02:27 . 2009-10-25 02:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\curbmoderect
2009-10-25 02:26 . 2009-10-25 02:26 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-24 21:54 . 2009-10-24 21:54 -------- d-----w- c:\program files\curbmoderect
2009-10-21 20:11 . 2009-10-24 23:10 0 ----a-w- c:\windows\Ujamusefub.bin
2009-10-21 20:11 . 2009-10-25 14:28 120 ----a-w- c:\windows\Lmikezezocohof.dat
2009-10-17 18:22 . 2009-10-24 21:46 -------- d-----w- c:\program files\gselkj

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 02:16 . 2009-05-20 08:28 -------- d-----w- c:\program files\DNA
2009-10-24 21:54 . 2009-08-12 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\byte loud style cool
2009-10-06 18:51 . 2009-05-20 08:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-06 18:51 . 2009-05-20 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-15 21:48 . 2009-09-12 21:27 -------- d-----w- c:\program files\Microsoft Works
2009-09-12 21:28 . 2009-09-12 21:28 -------- d-----w- c:\program files\Common Files\L&H
2009-09-12 21:28 . 2009-09-12 21:28 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-09-12 21:26 . 2009-09-12 21:26 -------- d-----w- c:\program files\Microsoft.NET
2009-09-12 20:51 . 2008-12-08 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-12 20:05 . 2009-08-12 11:40 -------- d-----w- c:\program files\Crcle Developement
2009-09-12 19:24 . 2009-08-26 20:01 -------- d-----w- c:\program files\PersonalAV
2009-09-12 19:11 . 2009-09-12 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-12 19:10 . 2009-09-12 19:10 -------- d-----w- c:\program files\Common Files\Cisco Systems
2009-09-12 19:10 . 2009-09-12 19:09 -------- d-----w- c:\program files\McAfee
2009-09-12 19:09 . 2009-09-12 19:09 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-11 14:18 . 2008-12-08 19:05 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:09 . 2009-05-20 08:28 -------- d-----w- c:\program files\BitTorrent
2009-09-04 21:03 . 2008-12-08 19:05 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-27 12:18 . 2009-06-13 19:55 -------- d-----w- c:\program files\Google
2009-08-26 20:02 . 2009-08-26 20:02 -------- d-----w- c:\program files\Common Files\Uninstall
2009-08-26 08:00 . 2008-12-08 19:05 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 18:24 . 2008-12-08 20:19 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 18:24 . 2008-12-08 20:19 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 18:24 . 2008-12-08 20:19 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 18:24 . 2008-10-16 13:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 18:24 . 2008-12-08 20:19 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 18:24 . 2008-12-08 19:05 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 18:23 . 2008-12-08 20:19 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 18:23 . 2009-05-20 13:49 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 18:23 . 2009-05-20 13:49 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 18:23 . 2008-12-08 20:19 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2008-12-08 19:05 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 18:52 . 2009-08-04 18:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13 . 2008-04-14 00:54 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2008-04-14 00:01 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-10-09 688128]
"Q-Face agent"="c:\program files\MSI\MSI Q-Face\webtest.exe" [2008-11-25 12288]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"style cool 2 city"="c:\documents and settings\All Users\Application Data\byte loud style cool\LESS MAPI.exe" [2009-10-25 696320]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-08 16862208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R3 MSILiveVirtualCamera;MSI Live Virtual Camera;c:\windows\system32\drivers\MSILiveVirtualCamera.sys [29/01/2007 15:40 449408]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [08/12/2008 21:01 156160]
R3 rtl8187Se;Realtek RTL8187SE Wireless LAN PCIE Network Adapter;c:\windows\system32\drivers\rtl8187Se.sys [08/12/2008 22:39 308608]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [08/12/2008 22:53 159744]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [08/12/2008 22:46 704384]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [19/05/2009 10:59 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [19/05/2009 10:59 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [19/05/2009 10:59 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [19/05/2009 10:59 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [19/05/2009 10:59 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [19/05/2009 10:59 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [19/05/2009 10:59 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [19/05/2009 10:59 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [19/05/2009 10:59 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [19/05/2009 10:59 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [19/05/2009 10:59 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [19/05/2009 10:59 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [19/05/2009 10:59 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [19/05/2009 10:59 109736]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msi.com.tw
uInternet Connection Wizard,ShellNext = hxxp://www.msi.com.tw/
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-Run-Qnohuwamoxobuz - c:\windows\akilayotevokomas.dll
SharedTaskScheduler-{A2234B15-23F2-42AD-F4E4-00AAC39C0004} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-25 14:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1376)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\ix\CF1985.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\windows\system32\dwwin.exe
c:\ix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-25 15:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-25 15:01

Pre-Run: 27,158,855,680 bytes free
Post-Run: 27,508,383,744 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - B41D2C7D8F494FD076C4AE656F8787E4






ComboFix 09-10-24.05 - ME 25/10/2009 15:16.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.573 [GMT 0:00]
Running from: c:\virusware\mbofix\ix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 )))))))))))))))))))))))))))))))
.

2009-10-25 15:13 . 2009-10-25 15:13 -------- d-----w- C:\ix28396i
2009-10-25 14:44 . 2009-10-25 15:02 -------- d-----w- C:\ix
2009-10-25 10:55 . 2009-10-25 14:39 -------- d-----w- C:\virusware
2009-10-25 02:43 . 2009-10-25 02:43 -------- d-sh--w- c:\documents and settings\ME\PrivacIE
2009-10-25 02:41 . 2009-10-25 02:41 -------- d-----w- c:\documents and settings\ME\Local Settings\Application Data\{D088D32C-4516-4EF2-8A9A-EEF394D9471B}
2009-10-25 02:41 . 2009-10-25 02:41 -------- d-sh--w- c:\documents and settings\ME\IETldCache
2009-10-25 02:27 . 2009-10-25 02:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\curbmoderect
2009-10-25 02:26 . 2009-10-25 02:26 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-24 21:54 . 2009-10-24 21:54 -------- d-----w- c:\program files\curbmoderect
2009-10-21 20:11 . 2009-10-24 23:10 0 ----a-w- c:\windows\Ujamusefub.bin
2009-10-21 20:11 . 2009-10-25 14:28 120 ----a-w- c:\windows\Lmikezezocohof.dat
2009-10-17 18:22 . 2009-10-24 21:46 -------- d-----w- c:\program files\gselkj

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 02:16 . 2009-05-20 08:28 -------- d-----w- c:\program files\DNA
2009-10-24 21:54 . 2009-08-12 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\byte loud style cool
2009-10-06 18:51 . 2009-05-20 08:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-06 18:51 . 2009-05-20 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-15 21:48 . 2009-09-12 21:27 -------- d-----w- c:\program files\Microsoft Works
2009-09-12 21:28 . 2009-09-12 21:28 -------- d-----w- c:\program files\Common Files\L&H
2009-09-12 21:28 . 2009-09-12 21:28 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-09-12 21:26 . 2009-09-12 21:26 -------- d-----w- c:\program files\Microsoft.NET
2009-09-12 20:51 . 2008-12-08 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-12 20:05 . 2009-08-12 11:40 -------- d-----w- c:\program files\Crcle Developement
2009-09-12 19:24 . 2009-08-26 20:01 -------- d-----w- c:\program files\PersonalAV
2009-09-12 19:11 . 2009-09-12 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-12 19:10 . 2009-09-12 19:10 -------- d-----w- c:\program files\Common Files\Cisco Systems
2009-09-12 19:10 . 2009-09-12 19:09 -------- d-----w- c:\program files\McAfee
2009-09-12 19:09 . 2009-09-12 19:09 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-11 14:18 . 2008-12-08 19:05 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:09 . 2009-05-20 08:28 -------- d-----w- c:\program files\BitTorrent
2009-09-04 21:03 . 2008-12-08 19:05 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-27 12:18 . 2009-06-13 19:55 -------- d-----w- c:\program files\Google
2009-08-26 20:02 . 2009-08-26 20:02 -------- d-----w- c:\program files\Common Files\Uninstall
2009-08-26 08:00 . 2008-12-08 19:05 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 18:24 . 2008-12-08 20:19 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 18:24 . 2008-12-08 20:19 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 18:24 . 2008-12-08 20:19 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 18:24 . 2008-10-16 13:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 18:24 . 2008-12-08 20:19 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 18:24 . 2008-12-08 19:05 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 18:23 . 2008-12-08 20:19 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 18:23 . 2009-05-20 13:49 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 18:23 . 2009-05-20 13:49 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 18:23 . 2008-12-08 20:19 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2008-12-08 19:05 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 18:52 . 2009-08-04 18:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13 . 2008-04-14 00:54 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2008-04-14 00:01 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-10-09 688128]
"Q-Face agent"="c:\program files\MSI\MSI Q-Face\webtest.exe" [2008-11-25 12288]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"style cool 2 city"="c:\documents and settings\All Users\Application Data\byte loud style cool\LESS MAPI.exe" [2009-10-25 696320]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-08 16862208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R3 MSILiveVirtualCamera;MSI Live Virtual Camera;c:\windows\system32\drivers\MSILiveVirtualCamera.sys [29/01/2007 15:40 449408]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [08/12/2008 21:01 156160]
R3 rtl8187Se;Realtek RTL8187SE Wireless LAN PCIE Network Adapter;c:\windows\system32\drivers\rtl8187Se.sys [08/12/2008 22:39 308608]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [08/12/2008 22:53 159744]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [08/12/2008 22:46 704384]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [19/05/2009 10:59 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [19/05/2009 10:59 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [19/05/2009 10:59 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [19/05/2009 10:59 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [19/05/2009 10:59 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [19/05/2009 10:59 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [19/05/2009 10:59 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [19/05/2009 10:59 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [19/05/2009 10:59 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [19/05/2009 10:59 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [19/05/2009 10:59 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [19/05/2009 10:59 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [19/05/2009 10:59 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [19/05/2009 10:59 109736]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://www.msi.com.tw/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-25 15:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(464)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-25 15:23
ComboFix-quarantined-files.txt 2009-10-25 15:23
ComboFix2.txt 2009-10-25 15:01

Pre-Run: 27,554,070,528 bytes free
Post-Run: 27,524,386,816 bytes free

- - End Of File - - 4BA7D0F6F5ABA3681B39D9B75B46ED0E










--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Atom™ CPU N270 @ 1.60GHz )
BIOS : Default System BIOS
USER : ME ( Administrator )
BOOT : Normal boot
Antivirus : VirusScan Enterprise + AntiSpyware Enterprise 8.5.0.781 (Not Activated)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:25 Go)
D:\ (Local Disk) - NTFS - Total:68 Go (Free:68 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 08/11/2009|18:00 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[08/12/2008|21:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[16/08/2009|22:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[19/05/2009|11:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[20/05/2009|11:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InterAction studios
[12/09/2009|19:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[25/10/2009|02:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[12/09/2009|20:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[08/12/2008|22:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ralink Driver
[19/05/2009|10:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[06/10/2009|18:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[08/12/2008|22:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems

[09/12/2008|00:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[08/12/2008|20:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[08/12/2008|21:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InstallShield
[08/12/2008|22:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[08/12/2008|22:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Ulead Systems


[25/10/2009|02:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\curbmoderect
[25/10/2009|02:26] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[09/12/2008|00:49] C:\DOCUME~1\ME\APPLIC~1\Adobe
[08/12/2008|20:21] C:\DOCUME~1\ME\APPLIC~1\Identities
[08/12/2008|21:01] C:\DOCUME~1\ME\APPLIC~1\InstallShield
[25/10/2009|09:48] C:\DOCUME~1\ME\APPLIC~1\Macromedia
[08/12/2008|22:28] C:\DOCUME~1\ME\APPLIC~1\Microsoft
[08/12/2008|22:57] C:\DOCUME~1\ME\APPLIC~1\Ulead Systems

[08/12/2008|20:21] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft


--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[08/11/2009 17:37][--ah-----] C:\WINDOWS\tasks\SA.DAT
[14/04/2008 12:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[08/12/2008|21:34] C:\Program Files\Adobe
[20/05/2009|08:28] C:\Program Files\AskSearch
[16/08/2009|22:11] C:\Program Files\AVS4YOU
[04/09/2009|21:09] C:\Program Files\BitTorrent
[27/05/2009|10:33] C:\Program Files\Circle Developemet
[25/10/2009|15:19] C:\Program Files\Common Files
[08/12/2008|20:19] C:\Program Files\ComPlus Applications
[24/10/2009|21:54] C:\Program Files\curbmoderect
[08/12/2008|21:31] C:\Program Files\DIFX
[25/10/2009|02:16] C:\Program Files\DNA
[16/08/2009|22:14] C:\Program Files\DreamLight Photo Editor
[27/08/2009|12:18] C:\Program Files\Google
[24/10/2009|21:46] C:\Program Files\gselkj
[19/05/2009|10:58] C:\Program Files\InstallShield Installation Information
[08/12/2008|20:37] C:\Program Files\Intel
[20/09/2009|06:48] C:\Program Files\Internet Explorer
[12/09/2009|19:10] C:\Program Files\McAfee
[20/05/2009|06:23] C:\Program Files\Messenger
[20/05/2009|08:36] C:\Program Files\Microsoft
[12/09/2009|21:28] C:\Program Files\Microsoft ActiveSync
[08/12/2008|20:21] C:\Program Files\microsoft frontpage
[12/09/2009|21:27] C:\Program Files\Microsoft Office
[08/12/2008|22:06] C:\Program Files\Microsoft Office Suite Activation Assistant
[20/05/2009|23:01] C:\Program Files\Microsoft Sync Framework
[12/09/2009|21:27] C:\Program Files\Microsoft Visual Studio
[15/09/2009|21:48] C:\Program Files\Microsoft Works
[12/09/2009|21:26] C:\Program Files\Microsoft.NET
[08/12/2008|20:19] C:\Program Files\Movie Maker
[20/05/2009|08:28] C:\Program Files\Mozilla Firefox
[14/08/2009|14:06] C:\Program Files\MSBuild
[09/12/2008|00:33] C:\Program Files\MSI
[28/09/2009|19:53] C:\Program Files\MSN
[08/12/2008|20:18] C:\Program Files\MSN Gaming Zone
[08/12/2008|20:19] C:\Program Files\NetMeeting
[08/12/2008|20:18] C:\Program Files\Online Services
[12/08/2009|09:52] C:\Program Files\Outlook Express
[12/09/2009|19:24] C:\Program Files\PersonalAV
[08/12/2008|21:02] C:\Program Files\Realtek
[14/08/2009|14:05] C:\Program Files\Reference Assemblies
[08/12/2008|22:53] C:\Program Files\System Control Manager
[08/12/2008|21:40] C:\Program Files\Toshiba
[08/12/2008|22:16] C:\Program Files\Ulead Systems
[08/12/2008|20:25] C:\Program Files\Uninstall Information
[08/12/2008|21:01] C:\Program Files\USB 2.0 Card Reader
[20/05/2009|23:07] C:\Program Files\Windows Live
[20/05/2009|08:35] C:\Program Files\Windows Live SkyDrive
[19/05/2009|10:49] C:\Program Files\Windows Media Player
[08/12/2008|20:18] C:\Program Files\Windows NT
[08/12/2008|20:19] C:\Program Files\WindowsUpdate
[08/12/2008|21:33] C:\Program Files\WinRAR 3.61 Multi
[08/12/2008|20:21] C:\Program Files\xerox

--------------------\\ Listing Folders in C:\Program Files\Common Files

[08/12/2008|21:34] C:\Program Files\Common Files\Adobe
[16/08/2009|22:11] C:\Program Files\Common Files\AVSMedia
[12/09/2009|19:10] C:\Program Files\Common Files\Cisco Systems
[12/09/2009|21:27] C:\Program Files\Common Files\DESIGNER
[09/12/2008|00:32] C:\Program Files\Common Files\InstallShield
[12/09/2009|21:28] C:\Program Files\Common Files\L&H
[12/09/2009|19:09] C:\Program Files\Common Files\McAfee
[15/09/2009|21:47] C:\Program Files\Common Files\Microsoft Shared
[08/12/2008|20:19] C:\Program Files\Common Files\MSSoap
[08/12/2008|12:13] C:\Program Files\Common Files\ODBC
[08/12/2008|20:19] C:\Program Files\Common Files\Services
[08/12/2008|12:13] C:\Program Files\Common Files\SpeechEngines
[06/10/2009|18:51] C:\Program Files\Common Files\Symantec Shared
[12/09/2009|21:26] C:\Program Files\Common Files\System
[08/12/2008|22:16] C:\Program Files\Common Files\Ulead Systems
[26/08/2009|20:02] C:\Program Files\Common Files\Uninstall
[20/05/2009|08:25] C:\Program Files\Common Files\Windows Live

--------------------\\ Process

( 40 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-08 18:03:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:37][D:10]-> C:\DOCUME~1\ME\LOCALS~1\Temp
[F:45][D:0]-> C:\DOCUME~1\ME\Cookies
[F:288][D:4]-> C:\DOCUME~1\ME\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 08/11/2009|16:12 - Option : [2]
2 - "C:\Lop SD\LopR_2.txt" - 08/11/2009|18:04 - Option : [2]

--------------------\\ Scan completed at 18:04:43













Malwarebytes' Anti-Malware 1.41
Database version: 3128
Windows 5.1.2600 Service Pack 3

08/11/2009 18:14:59
mbam-log-2009-11-08 (18-14-59).txt

Scan type: Quick Scan
Objects scanned: 104524
Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Common Files\Uninstall\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:59 PM

Posted 08 November 2009 - 02:32 PM

Hi,

you caught at least part of the infection by installing Messenger Live Plus. It is bundled with the Swizzor/LOP Adware. There are still some remains of it on your PC:

Please download a new version of ComboFix and save it onto your Desktop.
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\Lmikezezocohof.dat
Folder::
C:\Program Files\curbmoderect
C:\Program Files\gselkj


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please also run a rootkit scan:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 murrayj1

murrayj1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 08 November 2009 - 04:32 PM

Hi again,
Have attached combofix and gmer logs as requested.

Attached Files



#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:59 PM

Posted 08 November 2009 - 04:51 PM

Hi,

this is looking pretty good. :( How is your PC behaving? Do you still have trouble?

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 murrayj1

murrayj1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 08 November 2009 - 05:06 PM

hi again,
Have not tried since logs collected.
sounds optimistic :(
will try now

Best Regards and thanks
Will update on performance of system

#10 murrayj1

murrayj1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 08 November 2009 - 06:38 PM

Hi again,

Tried out all ok, till I tried out daughters profile, got dll errors and active desktop recovery errors.
Deleted daughters profile and recreated, as all others ok.
Now working ok, but proof of pudding is letting daughter loose on system as they seem to instinctively know where the viruses hang out.
Will there be a problem later with the Malware program that was installed, ie. expiring or needing payment.
Many thanks for your excellent help.
Will update you in couple of days when the youth hits the internet.
Best Regards
jim
:(

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:59 PM

Posted 08 November 2009 - 07:03 PM

Hi,

all tools we used are free for personal use. This is also true for the anti malware applications, like Malwarebytes. Some tools we used are not aimed for personal use and should only be used when suggested by a trained malware remover, as for example ComboFix.

I noticed that most of your applications are up to date. :( That is making live harder for malware already. Staying up to date is an important part of prevention, this is not only true for Windows itself, but also for third party applications such as Java, Flash or Acrobat Reader. (The last could be upgraded to 9 :()

If you are not having anymore issues I would suggest that we remove the programs we used from your PC:

Please do the following to clean up your PC:
  • Delete the tools used during the disinfection:
  • Uninstall ComboFix.exe And all Backups of the files it deleted
  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image
[*]This will also delete all system restore points and reset your system files to hidden.
[*]Please run OTL once more and press CleanUp to remove the remaining tools that are on your PC. If any tools are miss, you can just remove them manually.Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Some more links you might find of interest:Have a nice day
_temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:59 PM

Posted 16 November 2009 - 09:28 AM

Since the issue seems to be resolved, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users