Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Thought it was a rootkit, starting to have doubts.


  • This topic is locked This topic is locked
13 replies to this topic

#1 Xenophage

Xenophage

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 14 September 2010 - 12:40 AM

My friend recently has been having issues on her laptop and asked me for help. Honestly i have no clue what the hell is wrong with it. At first i thought it was a rootkit but im just turning up nothing but false positives.

She has a Windows 7 x64 laptop (other specs cant be included sorry) and when on landline it will not detect the local network (tried with different chords and networks) and when connecting to a wireless network it tells me i have limited access which in this case means i cant access the internet via browser. (also tried on diffrent networks.)


When trying to diagnose the problem bia troubleshoot i get an error that looks like this

Another thing is she has McAffe Security, and it appears that the Real-Time scanning has been turned off and cannot be reactivated, but the Updates and firewall are working fine it looks like.


And when i attempt to run a scan i get something along the lines of this.



I have tried quite the number of programs to check for rootkits and such but nothing has come up so if anyone has any suggestions that would be nice.

Porgrams already attempted
AVG (anti rootkit and antivirus)
Avira
GMER (Wont work on this computer if needed i can reproduce the error upon request)
HijackThis
Kaspersky
Sophos anti rootkit
Avast
Spybot Search and Destroy
Hypersight
Malwarebytes Anti Malware

All of these were inconclusive



So i think i might be going crazy or this could not be an infection either way i would really appreciate the help if any could be given

DDS LOG

DDS (Ver_10-03-17.01) - NTFSX64
Run by naida at 22:14:25.24 on Mon 09/13/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2794 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Windows\System32\vds.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SysWOW64\wscript.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
F:\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\common files\mcafee\systemcore\ScriptSn.20100820023631.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
mRun: [Dell DataSafe Online] "c:\program files (x86)\dell datasafe online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "c:\program files (x86)\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "c:\program files (x86)\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "c:\program files (x86)\roxio\roxio burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [Launcher] c:\program files (x86)\dell datasafe local backup\components\scheduler\Launcher.exe
mRunOnce: [STToasterLauncher] c:\program files (x86)\dell datasafe local backup\toasterLauncher.exe
StartupFolder: c:\users\naida\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\naida\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files (x86)\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\program files (x86)\cozi express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100820023631.dll
BHO-X64: scriptproxy - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Apoint] c:\program files\delltpad\Apoint.exe
mRun-x64: [SysTrayApp] c:\program files\idt\wdm\sttray64.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [Broadcom Wireless Manager UI] c:\program files\dell\dell wireless wlan card\WLTRAY.exe
mRun-x64: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun-x64: [IAAnotif] c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe
mRunOnce-x64: [DSUpdateLauncher] "c:\program files (x86)\dell datasafe local backup\components\dsupdate\hstart.exe" /noconsole /d="c:\program files (x86)\dell datasafe local backup\components\dsupdate" /runas "c:\program files (x86)\dell datasafe local backup\components\dsupdate\DSUpd.exe"

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-20 528616]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-6-2 55280]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-13 121936]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-20 279752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2010-9-13 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2010-9-13 267432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-13 20048]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-9-13 61008]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-13 40384]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-13 81072]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2009-6-9 155648]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-20 355440]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-20 355440]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-20 199032]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-20 244840]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-20 148520]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-9-13 1153368]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\dell datasafe local backup\SftService.exe [2010-6-2 658656]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-13 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-13 40384]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-6-2 172704]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-20 189880]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-20 440688]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-5-3 215552]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2010-5-3 393728]
S2 0046861284068466mcinstcleanup;McAfee Application Installer Cleanup (0046861284068466);c:\windows\temp\004686~1.exe c:\progra~2\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\004686~1.exe c:\progra~2\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-20 355440]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-20 62416]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-20 93840]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-16 1255736]

=============== Created Last 30 ================

2010-09-14 02:40:05 0 d-----w- c:\users\naida\appdata\roaming\Avira
2010-09-14 02:39:11 81072 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-14 02:39:08 0 d-----w- c:\programdata\Avira
2010-09-14 02:39:08 0 d-----w- c:\program files (x86)\Avira
2010-09-14 01:58:15 61008 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-14 01:58:15 0 ----a-w- c:\windows\syswow64\config.nt
2010-09-14 01:57:58 38848 ----a-w- c:\windows\avastSS.scr
2010-09-14 01:57:58 167592 ----a-w- c:\windows\syswow64\aswBoot.exe
2010-09-14 01:57:56 0 d-----w- c:\programdata\Alwil Software
2010-09-14 01:57:56 0 d-----w- c:\program files\Alwil Software
2010-09-14 00:56:52 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-14 00:56:52 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-09-13 23:02:02 65536 --sha-w- c:\users\naida\ntuser.dat{163be1cb-bf89-11df-8b47-a4badbcaa91a}.TM.blf
2010-09-13 23:02:02 524288 --sha-w- c:\users\naida\ntuser.dat{163be1cb-bf89-11df-8b47-a4badbcaa91a}.TMContainer00000000000000000002.regtrans-ms
2010-09-13 23:02:02 524288 --sha-w- c:\users\naida\ntuser.dat{163be1cb-bf89-11df-8b47-a4badbcaa91a}.TMContainer00000000000000000001.regtrans-ms
2010-09-13 21:52:36 0 d-----w- c:\program files (x86)\Trend Micro
2010-09-13 05:51:17 0 d-----w- c:\program files\Unlocker
2010-09-13 02:42:21 0 d-----w- c:\program files (x86)\Registry Distiller 1.03
2010-09-12 22:27:36 0 d-----w- c:\program files (x86)\Sophos
2010-09-12 21:12:00 65536 --sha-w- c:\users\naida\ntuser.dat{a9035bf1-bd65-11df-a938-a4badbcaa91a}.TM.blf
2010-09-12 21:12:00 524288 --sha-w- c:\users\naida\ntuser.dat{a9035bf1-bd65-11df-a938-a4badbcaa91a}.TMContainer00000000000000000002.regtrans-ms
2010-09-12 21:12:00 524288 --sha-w- c:\users\naida\ntuser.dat{a9035bf1-bd65-11df-a938-a4badbcaa91a}.TMContainer00000000000000000001.regtrans-ms
2010-09-10 04:12:06 0 d--h--w- c:\programdata\CanonBJ
2010-09-10 04:11:29 279040 ----a-w- c:\windows\system32\CNMLM9D.DLL
2010-09-09 03:35:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-08-25 03:14:03 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-25 03:14:03 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
2010-08-20 07:36:35 0 d-----w- c:\program files\McAfee.com
2010-08-20 07:36:31 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-20 07:36:26 93840 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-20 07:36:26 75288 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-08-20 07:36:26 62416 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-20 07:36:26 528616 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-20 07:36:26 440688 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-20 07:36:26 279752 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-08-20 07:36:26 189880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-20 07:36:26 121504 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

==================== Find3M ====================

2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-06-19 04:32:34 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 06:11:10 340992 ----a-w- c:\windows\system32\schannel.dll
2010-06-16 05:48:35 224256 ----a-w- c:\windows\syswow64\schannel.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-06-02 16:13:35 75 --sh--r- c:\windows\CT4CET.bin
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 22:15:52.31 ===============

Edited by hamluis, 14 September 2010 - 03:27 AM.
Moved from Am I Infected to Malware Removal Logs ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,821 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:45 PM

Posted 20 September 2010 - 03:15 PM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Xenophage

Xenophage
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 20 September 2010 - 06:04 PM

Hello Elise,

The Extra.txt was not showing up ( nor was in minimized) but the OTL.txt showed up just fine


OTL logfile created on: 9/20/2010 5:45:00 PM - Run 3
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\naida\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 249.16 Gb Free Space | 87.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEPHEN1
Current User Name: naida
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/13 21:46:18 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\naida\Desktop\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/31 11:42:56 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2010/03/04 12:28:08 | 000,658,656 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/12/29 16:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/11/13 16:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/24 16:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/21 08:59:14 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe


========== Modules (SafeList) ==========

MOD - [2010/09/13 21:46:18 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\naida\Desktop\OTL.exe
MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/16 20:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/28 23:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/02 10:56:54 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/04 12:28:08 | 000,658,656 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/06/05 19:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/12/26 02:41:32 | 000,280,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/28 23:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 05:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 22:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/19 22:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 03:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2008/11/17 07:29:18 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2008/11/17 07:29:14 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/09/14 18:26:11 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2052566008-3382463750-713698442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-2052566008-3382463750-713698442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKU\S-1-5-21-2052566008-3382463750-713698442-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2052566008-3382463750-713698442-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/09/13 17:24:44 | 000,000,000 | ---D | M] -- C:\Users\naida\AppData\Roaming\mozilla\Extensions
[2010/09/13 17:24:44 | 000,000,000 | ---D | M] -- C:\Users\naida\AppData\Roaming\mozilla\Firefox\Profiles\ittu09vt.default\extensions
[2010/09/13 17:24:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2052566008-3382463750-713698442-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\naida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\naida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d1d9bd10-bf8a-11df-ba23-a4badbcaa91a}\Shell - "" = AutoRun
O33 - MountPoints2\{d1d9bd10-bf8a-11df-ba23-a4badbcaa91a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/15 16:31:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/09/15 16:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/09/15 16:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/09/15 16:00:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\no-NO
[2010/09/15 16:00:52 | 000,178,688 | ---- | C] (Broadcom Corp.) -- C:\Windows\SysNative\bcmwlapi.dll
[2010/09/15 16:00:39 | 000,000,000 | ---D | C] -- C:\Users\naida\AppData\Roaming\InstallShield
[2010/09/15 15:23:09 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/09/14 15:51:13 | 000,000,000 | ---D | C] -- C:\Users\naida\Desktop\tdsskiller
[2010/09/13 23:39:11 | 000,000,000 | ---D | C] -- C:\Users\naida\AppData\Roaming\Malwarebytes
[2010/09/13 23:38:52 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/13 23:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/13 23:22:01 | 000,000,000 | ---D | C] -- C:\Users\naida\Desktop\gmer
[2010/09/13 22:55:27 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\naida\Desktop\OTL.exe
[2010/09/13 22:17:49 | 000,000,000 | ---D | C] -- C:\Users\naida\Desktop\Log Files
[2010/09/13 20:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/09/13 20:57:56 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/09/13 19:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/09/13 19:56:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/09/13 17:24:37 | 000,000,000 | ---D | C] -- C:\Users\naida\AppData\Roaming\Mozilla
[2010/09/13 17:24:37 | 000,000,000 | ---D | C] -- C:\Users\naida\AppData\Local\Mozilla
[2010/09/13 17:24:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/09/13 16:52:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/09/13 00:51:17 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/09/12 22:27:35 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/09/12 21:44:27 | 000,000,000 | ---D | C] -- C:\Users\naida\Documents\My Registry Distiller Logs
[2010/09/12 21:42:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Distiller 1.03
[2010/09/12 17:27:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/09/11 00:32:57 | 000,000,000 | ---D | C] -- C:\Users\naida\AppData\Local\ElevatedDiagnostics
[2010/09/09 23:12:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2010/09/09 23:10:38 | 000,000,000 | R--D | C] -- C:\Users\naida\Documents\Scanned Documents
[2010/09/09 23:10:38 | 000,000,000 | ---D | C] -- C:\Users\naida\Documents\Fax
[2010/09/09 13:14:48 | 000,000,000 | ---D | C] -- C:\Users\naida\Documents\gust
[2010/09/07 21:13:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/08/22 22:32:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/08/14 19:42:53 | 000,000,000 | ---D | C] -- C:\Users\naida\AppData\Local\PowerDVD DX
[2010/08/14 19:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010/07/27 11:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/27 11:17:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/27 11:17:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/07/13 23:24:26 | 000,000,000 | ---D | C] -- C:\Users\naida\AppData\Roaming\Reallusion
[2010/07/13 23:22:54 | 000,000,000 | ---D | C] -- C:\Users\naida\Documents\Dell WebCam Central
[2010/07/13 23:22:53 | 000,000,000 | ---D | C] -- C:\Users\naida\AppData\Roaming\Creative
[2010/07/13 23:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2010/07/13 11:51:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/07/12 20:24:31 | 000,000,000 | ---D | C] -- C:\Users\naida\AppData\Local\Adobe
[2010/07/03 18:24:51 | 000,000,000 | ---D | C] -- C:\Users\naida\AppData\Local\Diagnostics
[2010/06/29 14:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/29 14:26:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/06/25 00:53:57 | 000,000,000 | ---D | C] -- C:\4d96520fdd9237745802d5a91e30

========== Files - Modified Within 90 Days ==========

[2010/09/20 17:43:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/20 17:43:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/20 17:43:28 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/15 17:14:06 | 001,572,864 | -HS- | M] () -- C:\Users\naida\ntuser.dat
[2010/09/15 16:31:44 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/09/15 16:20:36 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/15 16:20:36 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/15 16:01:56 | 000,720,082 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/15 16:01:56 | 000,619,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/15 16:01:56 | 000,105,646 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/15 16:01:13 | 000,773,890 | ---- | M] () -- C:\Windows\SysNative\oem4.inf
[2010/09/14 18:26:11 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/09/14 15:56:39 | 000,000,000 | ---- | M] () -- C:\Users\naida\defogger_reenable
[2010/09/14 15:49:52 | 001,193,882 | ---- | M] () -- C:\Users\naida\Desktop\tdsskiller.zip
[2010/09/14 15:42:50 | 000,050,477 | ---- | M] () -- C:\Users\naida\Desktop\Defogger.exe
[2010/09/14 15:38:54 | 000,133,632 | ---- | M] () -- C:\Users\naida\Desktop\RKUnhookerLE.EXE
[2010/09/13 22:31:00 | 000,284,915 | ---- | M] () -- C:\Users\naida\Desktop\gmer.zip
[2010/09/13 21:46:18 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\naida\Desktop\OTL.exe
[2010/09/13 20:58:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/09/13 19:56:56 | 000,001,284 | ---- | M] () -- C:\Users\naida\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/13 19:56:56 | 000,001,260 | ---- | M] () -- C:\Users\naida\Desktop\Spybot - Search & Destroy.lnk
[2010/09/13 18:02:02 | 000,524,288 | -HS- | M] () -- C:\Users\naida\ntuser.dat{163be1cb-bf89-11df-8b47-a4badbcaa91a}.TMContainer00000000000000000002.regtrans-ms
[2010/09/13 18:02:02 | 000,524,288 | -HS- | M] () -- C:\Users\naida\ntuser.dat{163be1cb-bf89-11df-8b47-a4badbcaa91a}.TMContainer00000000000000000001.regtrans-ms
[2010/09/13 18:02:02 | 000,065,536 | -HS- | M] () -- C:\Users\naida\ntuser.dat{163be1cb-bf89-11df-8b47-a4badbcaa91a}.TM.blf
[2010/09/12 16:12:00 | 000,524,288 | -HS- | M] () -- C:\Users\naida\ntuser.dat{a9035bf1-bd65-11df-a938-a4badbcaa91a}.TMContainer00000000000000000002.regtrans-ms
[2010/09/12 16:12:00 | 000,524,288 | -HS- | M] () -- C:\Users\naida\ntuser.dat{a9035bf1-bd65-11df-a938-a4badbcaa91a}.TMContainer00000000000000000001.regtrans-ms
[2010/09/12 16:12:00 | 000,065,536 | -HS- | M] () -- C:\Users\naida\ntuser.dat{a9035bf1-bd65-11df-a938-a4badbcaa91a}.TM.blf
[2010/09/08 22:35:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/08/13 03:20:04 | 000,310,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/07/08 12:08:46 | 000,010,145 | ---- | M] () -- C:\Users\naida\Documents\Stephen.docx

========== Files Created - No Company Name ==========

[2010/09/15 16:31:44 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/09/15 16:01:18 | 000,773,890 | ---- | C] () -- C:\Windows\SysNative\oem4.inf
[2010/09/15 16:00:52 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\WLTRYSVC.EXE
[2010/09/15 16:00:52 | 000,001,591 | ---- | C] () -- C:\Windows\SysNative\Uninst_EAPModules.bat
[2010/09/15 15:40:51 | 000,001,980 | ---- | C] () -- C:\Users\naida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2010/09/15 15:40:51 | 000,001,308 | ---- | C] () -- C:\Users\naida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/09/14 15:56:39 | 000,000,000 | ---- | C] () -- C:\Users\naida\defogger_reenable
[2010/09/14 15:56:16 | 000,050,477 | ---- | C] () -- C:\Users\naida\Desktop\Defogger.exe
[2010/09/14 15:51:08 | 001,193,882 | ---- | C] () -- C:\Users\naida\Desktop\tdsskiller.zip
[2010/09/14 15:41:44 | 000,133,632 | ---- | C] () -- C:\Users\naida\Desktop\RKUnhookerLE.EXE
[2010/09/14 15:41:38 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/09/13 23:21:56 | 000,284,915 | ---- | C] () -- C:\Users\naida\Desktop\gmer.zip
[2010/09/13 20:58:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/09/13 19:56:56 | 000,001,284 | ---- | C] () -- C:\Users\naida\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/13 19:56:56 | 000,001,260 | ---- | C] () -- C:\Users\naida\Desktop\Spybot - Search & Destroy.lnk
[2010/09/13 18:02:02 | 000,524,288 | -HS- | C] () -- C:\Users\naida\ntuser.dat{163be1cb-bf89-11df-8b47-a4badbcaa91a}.TMContainer00000000000000000002.regtrans-ms
[2010/09/13 18:02:02 | 000,524,288 | -HS- | C] () -- C:\Users\naida\ntuser.dat{163be1cb-bf89-11df-8b47-a4badbcaa91a}.TMContainer00000000000000000001.regtrans-ms
[2010/09/13 18:02:02 | 000,065,536 | -HS- | C] () -- C:\Users\naida\ntuser.dat{163be1cb-bf89-11df-8b47-a4badbcaa91a}.TM.blf
[2010/09/12 16:12:00 | 000,524,288 | -HS- | C] () -- C:\Users\naida\ntuser.dat{a9035bf1-bd65-11df-a938-a4badbcaa91a}.TMContainer00000000000000000002.regtrans-ms
[2010/09/12 16:12:00 | 000,524,288 | -HS- | C] () -- C:\Users\naida\ntuser.dat{a9035bf1-bd65-11df-a938-a4badbcaa91a}.TMContainer00000000000000000001.regtrans-ms
[2010/09/12 16:12:00 | 000,065,536 | -HS- | C] () -- C:\Users\naida\ntuser.dat{a9035bf1-bd65-11df-a938-a4badbcaa91a}.TM.blf
[2010/09/08 22:35:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/07/08 12:08:46 | 000,010,145 | ---- | C] () -- C:\Users\naida\Documents\Stephen.docx
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/06/13 00:50:12 | 000,000,000 | ---D | M] -- C:\Users\naida\AppData\Roaming\WildTangent
[2010/09/13 22:11:43 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >



The Rootkit Unhooker how ever had an error pop up that prevented me from starting up the program.



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,821 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:45 PM

Posted 21 September 2010 - 03:37 AM

Hello again,

First of all, reset the router (it should have a button on the backside for that). If you don't know how to do that, let me know the router mark/model.

OTL FIX
------------
We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :otl
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

    :commands
    [emptytemp]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Xenophage

Xenophage
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 21 September 2010 - 11:12 AM

If reseting the router is a must i can, but i just need to make sure i have to. I am currently in college and if i were to reset the router the entire floor would get reset not just me.


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: naida
->Temp folder emptied: 2512287 bytes
->Temporary Internet Files folder emptied: 154104339 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 53524 bytes
->Flash cache emptied: 69360 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16267515 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50467 bytes
RecycleBin emptied: 262511400 bytes

Total Files Cleaned = 415.00 mb


OTL by OldTimer - Version 3.2.12.0 log created on 09212010_110613

Files\Folders moved on Reboot...
C:\Users\naida\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...



#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,821 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:45 PM

Posted 21 September 2010 - 01:31 PM

Simplest thing to check is asking the whole floor if they have the same sort of problems. smile.gif If so, you can bet it is the router. If they all have perfect connection, no update problems and so on, it might be something else.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Xenophage

Xenophage
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 22 September 2010 - 02:05 AM

I checked previous to posting this thread this computer is the only one with the issue. No matter which wireless network its connected to i get the same results.

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,821 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:45 PM

Posted 22 September 2010 - 03:30 AM

Hello again,

Please click Start > Programs > Accessories, right click on Command Prompt and select "run as administrator".

Type ipconfig /flushdns and press enter.

OTL
-----
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    /md5start
    explorer.exe
    hlp.dat
    wininit.exe
    /md5stop
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\at*.job
  5. Push
  6. A report will open. Copy and Paste that report in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Xenophage

Xenophage
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 23 September 2010 - 05:46 PM

I followed the command prompt instructions and it said it was sucessful

Log:

OTL logfile created on: 9/23/2010 11:04:27 AM - Run 4
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\naida\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 76.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 249.56 Gb Free Space | 88.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 3.74 Gb Total Space | 1.77 Gb Free Space | 47.44% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEPHEN1
Current User Name: naida
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/13 21:46:18 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\naida\Desktop\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/31 11:42:56 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2010/03/04 12:28:08 | 000,658,656 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/12/29 16:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/11/13 16:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/24 16:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe


========== Modules (SafeList) ==========

MOD - [2010/09/13 21:46:18 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\naida\Desktop\OTL.exe
MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/16 20:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/28 23:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/02 10:56:54 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/04 12:28:08 | 000,658,656 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/06/05 19:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/12/26 02:41:32 | 000,280,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/28 23:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 05:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 22:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/19 22:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 03:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2008/11/17 07:29:18 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2008/11/17 07:29:14 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/09/20 17:50:16 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/09/13 17:24:44 | 000,000,000 | ---D | M] -- C:\Users\naida\AppData\Roaming\mozilla\Extensions
[2010/09/13 17:24:44 | 000,000,000 | ---D | M] -- C:\Users\naida\AppData\Roaming\mozilla\Firefox\Profiles\ittu09vt.default\extensions
[2010/09/13 17:24:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\naida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\naida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{d1d9bd10-bf8a-11df-ba23-a4badbcaa91a}\Shell - "" = AutoRun
O33 - MountPoints2\{d1d9bd10-bf8a-11df-ba23-a4badbcaa91a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007/10/23 02:45:39 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007/10/23 02:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/21 11:06:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/15 16:31:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/09/15 16:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/09/15 16:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/09/15 16:00:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\no-NO
[2010/09/15 16:00:52 | 004,119,552 | ---- | C] (Dell Inc.) -- C:\Windows\SysNative\WLTRAY.EXE
[2010/09/15 16:00:52 | 003,051,520 | ---- | C] (Dell Inc.) -- C:\Windows\SysNative\BCMWLTRY.EXE
[2010/09/15 16:00:52 | 000,311,296 | ---- | C] (Dell Inc.) -- C:\Windows\SysNative\bcmwlu00.exe
[2010/09/15 16:00:52 | 000,178,688 | ---- | C] (Broadcom Corp.) -- C:\Windows\SysNative\bcmwlapi.dll
[2010/09/15 16:00:39 | 000,000,000 | ---D | C] -- C:\Users\naida\AppData\Roaming\InstallShield
[2010/09/15 15:23:09 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/09/14 15:51:13 | 000,000,000 | ---D | C] -- C:\Users\naida\Desktop\tdsskiller
[2010/09/13 23:39:11 | 000,000,000 | ---D | C] -- C:\Users\naida\AppData\Roaming\Malwarebytes
[2010/09/13 23:38:52 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/13 23:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/13 23:22:01 | 000,000,000 | ---D | C] -- C:\Users\naida\Desktop\gmer
[2010/09/13 22:55:27 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\naida\Desktop\OTL.exe
[2010/09/13 22:17:49 | 000,000,000 | ---D | C] -- C:\Users\naida\Desktop\Log Files
[2010/09/13 20:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/09/13 20:57:56 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/09/13 19:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/09/13 19:56:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/09/13 17:24:37 | 000,000,000 | ---D | C] -- C:\Users\naida\AppData\Roaming\Mozilla
[2010/09/13 17:24:37 | 000,000,000 | ---D | C] -- C:\Users\naida\AppData\Local\Mozilla
[2010/09/13 17:24:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/09/13 16:52:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/09/13 00:51:17 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/09/12 22:27:35 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/09/12 21:44:27 | 000,000,000 | ---D | C] -- C:\Users\naida\Documents\My Registry Distiller Logs
[2010/09/12 21:42:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Distiller 1.03
[2010/09/12 17:27:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/09/11 00:32:57 | 000,000,000 | ---D | C] -- C:\Users\naida\AppData\Local\ElevatedDiagnostics
[2010/09/09 23:12:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2010/09/09 23:11:29 | 000,279,040 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLM9D.DLL
[2010/09/09 23:10:38 | 000,000,000 | R--D | C] -- C:\Users\naida\Documents\Scanned Documents
[2010/09/09 23:10:38 | 000,000,000 | ---D | C] -- C:\Users\naida\Documents\Fax
[2010/09/09 13:14:48 | 000,000,000 | ---D | C] -- C:\Users\naida\Documents\gust
[2010/09/07 21:13:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/08/24 22:14:03 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll

========== Files - Modified Within 30 Days ==========

[2010/09/23 11:03:41 | 000,720,082 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/23 11:03:41 | 000,619,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/23 11:03:41 | 000,105,646 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/23 11:02:03 | 001,572,864 | -HS- | M] () -- C:\Users\naida\ntuser.dat
[2010/09/23 11:01:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/23 11:01:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/23 11:01:44 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/21 11:07:18 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/21 11:07:18 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/21 11:07:15 | 001,090,055 | -H-- | M] () -- C:\Users\naida\AppData\Local\IconCache.db
[2010/09/20 17:50:16 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/09/15 16:31:44 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/09/15 16:01:13 | 000,773,890 | ---- | M] () -- C:\Windows\SysNative\oem4.inf
[2010/09/14 15:56:39 | 000,000,000 | ---- | M] () -- C:\Users\naida\defogger_reenable
[2010/09/14 15:49:52 | 001,193,882 | ---- | M] () -- C:\Users\naida\Desktop\tdsskiller.zip
[2010/09/14 15:42:50 | 000,050,477 | ---- | M] () -- C:\Users\naida\Desktop\Defogger.exe
[2010/09/14 15:38:54 | 000,133,632 | ---- | M] () -- C:\Users\naida\Desktop\RKUnhookerLE.EXE
[2010/09/13 22:31:00 | 000,284,915 | ---- | M] () -- C:\Users\naida\Desktop\gmer.zip
[2010/09/13 21:46:18 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\naida\Desktop\OTL.exe
[2010/09/13 20:58:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/09/13 19:56:56 | 000,001,284 | ---- | M] () -- C:\Users\naida\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/13 19:56:56 | 000,001,260 | ---- | M] () -- C:\Users\naida\Desktop\Spybot - Search & Destroy.lnk
[2010/09/13 18:02:02 | 000,524,288 | -HS- | M] () -- C:\Users\naida\ntuser.dat{163be1cb-bf89-11df-8b47-a4badbcaa91a}.TMContainer00000000000000000002.regtrans-ms
[2010/09/13 18:02:02 | 000,524,288 | -HS- | M] () -- C:\Users\naida\ntuser.dat{163be1cb-bf89-11df-8b47-a4badbcaa91a}.TMContainer00000000000000000001.regtrans-ms
[2010/09/13 18:02:02 | 000,065,536 | -HS- | M] () -- C:\Users\naida\ntuser.dat{163be1cb-bf89-11df-8b47-a4badbcaa91a}.TM.blf
[2010/09/12 16:12:00 | 000,524,288 | -HS- | M] () -- C:\Users\naida\ntuser.dat{a9035bf1-bd65-11df-a938-a4badbcaa91a}.TMContainer00000000000000000002.regtrans-ms
[2010/09/12 16:12:00 | 000,524,288 | -HS- | M] () -- C:\Users\naida\ntuser.dat{a9035bf1-bd65-11df-a938-a4badbcaa91a}.TMContainer00000000000000000001.regtrans-ms
[2010/09/12 16:12:00 | 000,065,536 | -HS- | M] () -- C:\Users\naida\ntuser.dat{a9035bf1-bd65-11df-a938-a4badbcaa91a}.TM.blf
[2010/09/08 22:35:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

========== Files Created - No Company Name ==========

[2010/09/15 16:31:44 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/09/15 16:01:18 | 000,773,890 | ---- | C] () -- C:\Windows\SysNative\oem4.inf
[2010/09/15 16:00:52 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\WLTRYSVC.EXE
[2010/09/15 16:00:52 | 000,001,591 | ---- | C] () -- C:\Windows\SysNative\Uninst_EAPModules.bat
[2010/09/15 15:40:51 | 000,001,980 | ---- | C] () -- C:\Users\naida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2010/09/15 15:40:51 | 000,001,308 | ---- | C] () -- C:\Users\naida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/09/14 15:56:39 | 000,000,000 | ---- | C] () -- C:\Users\naida\defogger_reenable
[2010/09/14 15:56:16 | 000,050,477 | ---- | C] () -- C:\Users\naida\Desktop\Defogger.exe
[2010/09/14 15:51:08 | 001,193,882 | ---- | C] () -- C:\Users\naida\Desktop\tdsskiller.zip
[2010/09/14 15:41:44 | 000,133,632 | ---- | C] () -- C:\Users\naida\Desktop\RKUnhookerLE.EXE
[2010/09/14 15:41:38 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/09/13 23:21:56 | 000,284,915 | ---- | C] () -- C:\Users\naida\Desktop\gmer.zip
[2010/09/13 20:58:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/09/13 19:56:56 | 000,001,284 | ---- | C] () -- C:\Users\naida\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/13 19:56:56 | 000,001,260 | ---- | C] () -- C:\Users\naida\Desktop\Spybot - Search & Destroy.lnk
[2010/09/13 18:02:02 | 000,524,288 | -HS- | C] () -- C:\Users\naida\ntuser.dat{163be1cb-bf89-11df-8b47-a4badbcaa91a}.TMContainer00000000000000000002.regtrans-ms
[2010/09/13 18:02:02 | 000,524,288 | -HS- | C] () -- C:\Users\naida\ntuser.dat{163be1cb-bf89-11df-8b47-a4badbcaa91a}.TMContainer00000000000000000001.regtrans-ms
[2010/09/13 18:02:02 | 000,065,536 | -HS- | C] () -- C:\Users\naida\ntuser.dat{163be1cb-bf89-11df-8b47-a4badbcaa91a}.TM.blf
[2010/09/12 16:12:00 | 000,524,288 | -HS- | C] () -- C:\Users\naida\ntuser.dat{a9035bf1-bd65-11df-a938-a4badbcaa91a}.TMContainer00000000000000000002.regtrans-ms
[2010/09/12 16:12:00 | 000,524,288 | -HS- | C] () -- C:\Users\naida\ntuser.dat{a9035bf1-bd65-11df-a938-a4badbcaa91a}.TMContainer00000000000000000001.regtrans-ms
[2010/09/12 16:12:00 | 000,065,536 | -HS- | C] () -- C:\Users\naida\ntuser.dat{a9035bf1-bd65-11df-a938-a4badbcaa91a}.TM.blf
[2010/09/08 22:35:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2010/06/02 13:28:55 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2010/06/02 13:29:01 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2010/06/02 13:29:01 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2010/06/02 13:29:01 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010/06/02 13:28:55 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/06/02 13:28:57 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2010/06/02 13:29:01 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2010/06/02 13:29:01 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/06/02 13:28:57 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/06/02 13:29:01 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/06/02 13:28:57 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/06/02 13:29:01 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/06/02 13:28:55 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2010/06/02 13:28:57 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/06/02 13:28:55 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: WININIT.EXE >
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 20:16:13 | 000,163,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\scrrun.dll

< %systemroot%\Tasks\at*.job >
< End of report >


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,821 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:45 PM

Posted 24 September 2010 - 03:19 AM

Please press Windows Key + R, type services.msc and press enter. Scroll down to the DHCP service and verify it is running and set to automated.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Xenophage

Xenophage
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 25 September 2010 - 10:34 AM

Yes its running and set to Automatic.

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,821 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:45 PM

Posted 25 September 2010 - 12:07 PM

Did you get any third party connection software with your router? I'm asking because I encountered a few cases lately where windows was for some reason unable to connect, whereas third-party software provided by ISP could.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,821 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:45 PM

Posted 04 October 2010 - 05:24 AM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,821 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:45 PM

Posted 10 October 2010 - 05:24 AM

Due to lack of feedback, this topic will now be closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users