Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gen:Variant.Cycler.1


  • This topic is locked This topic is locked
22 replies to this topic

#1 shirely

shirely

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:30 AM

Posted 26 October 2010 - 12:01 AM

Dear Helper,

I need some help up with virus detected by BitDefender Internet Security 2009. Instructed by System Guardian: Blade Zephon to start a new thread here.

Hereby the previous thread link:

http://www.bleepingcomputer.com/forums/topic351987.html/page__p__1979598__fromsearch__1#entry1979598


------------------------------------------------------------------------------------------
DDS (Ver_10-10-21.02) - NTFSx86
Run by Owner at 12:28:01.35 on 10/26/2010 Tue
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.950.886.1033.18.1015.337 [GMT 8:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe 4
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PPStream\ppsap.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
svchost.exe 4
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com.sg/
uDefault_Page_URL = hxxp://www.msn.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PPS Accelerator] c:\program files\ppstream\ppsap.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRun: [EPSON Stylus CX4100 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAEP.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: 111222.cn\list1
Trusted Zone: pps.tv\kan
Trusted Zone: pps.tv\list1
Trusted Zone: pps.tv\tvguide
Trusted Zone: pps.tv\vodguide
Trusted Zone: ppstream.com\list1
Trusted Zone: ppstream.com\notice
Trusted Zone: ppstream.com\xml1
Trusted Zone: ppstream.com\xml2
Trusted Zone: ppstream.com\xml3
Trusted Zone: ppstream.net\list1
Trusted Zone: ppstv.com\list1
Trusted Zone: ppstv.net\list1
Trusted Zone: security_PPStream.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251180378187
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251229519328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DB28CF23-0083-40B5-BF63-69925D672385} - hxxp://www.nero.com/doc/NeroVersionChecker.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\uie8b4kr.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.yahoo.com.sg
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-10-6 82696]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-8-26 54752]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2009-11-10 90112]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-2-12 104456]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-11-10 27632]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2009-1-20 172032]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-10-12 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-10-12 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-10-12 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-10-12 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2009-10-12 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-10-12 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2009-10-12 109736]

=============== Created Last 30 ================

2010-10-18 15:47:27 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-10-18 15:47:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-18 15:46:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-18 15:46:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-18 15:46:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-18 15:32:36 -------- d-----w- c:\docume~1\owner\applic~1\Registry Mechanic

==================== Find3M ====================

2010-10-26 01:45:42 81984 ----a-w- c:\windows\system32\bdod.bin
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 04:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 12:29:14.09 ===============
Attached File  Attach.Txt   13.49KB   2 downloadsAttached File  Ark.txt.log   5.69KB   0 downloads
Best Regards,
Shirely

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:30 PM

Posted 04 November 2010 - 03:26 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    hlp.dat
    explorer.exe
    winlogon.exe
    wininit.exe
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 shirely

shirely
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:30 AM

Posted 04 November 2010 - 10:24 AM

Hi myrti,

I had sent my pc to service as my problem is getting more serious(With some unknow music keep coming out). Any way thanks for your reply and help. In future if any more problem resist i will do another posting. Thanks
Best Regards,
Shirely

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:30 PM

Posted 05 November 2010 - 03:47 AM

Hi Shirely,

the music was part of the infection you had. It is called "Black Internet".

Let me know if you have any more questions or if I can close this topic.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 shirely

shirely
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:30 AM

Posted 07 November 2010 - 02:50 PM

Hi Myrti

Can i know what type of infection will come together with the 'black internet'.Is it diffcult to get rid of it, will reformatting of computer totally cure the problem.

I had just collect my PC set and had done the reformatting but strange thing is that the 1st day when i on my computer IE8 shut down by its own and the music still come out, then i do a scan saying C:\Program Files\Internet Explorer\iexplore.exe got problem, (Threat Name: Rootkit-Hidden Items) no action can be taken and 15 more cookies infection(Deleted) . 2nd and 3rd day totally no more problem.(Done deep system scan 3 times with no infection)

Can i know is my computer totally virus free now or still something is wrong. Thanks

Edited by shirely, 07 November 2010 - 02:56 PM.

Best Regards,
Shirely

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:30 PM

Posted 08 November 2010 - 05:29 AM

Hi Shirely,

please run MBRCheck to see if the infection is present:
Please download MBRCheck.exe to your desktop.

  • Double click to run it
  • It will prompt you with some text
  • Left click on title bar (where program name and path is written)
  • From menu chose Edit -> Select All
  • Now just click Enter key on keyboard to copy selected text
  • Now paste that text here for me.

Please also post the OTL log I asked for previously

The infection resides in the MBR of the partition. If you did a repair install instead of a reformat, this will not remove the infection. If the PC was reformatted and a fresh installation of Windwos was done, it should be done.

In any case, if you are still having problems, I would definitely complain to services.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 shirely

shirely
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:30 AM

Posted 08 November 2010 - 01:06 PM

Hi myrti,

Actually i sent my pc set to those store to service and clear virus, they have reformat and reinstall of windows but not sure whether they had totally cure my problem or not. Hereby are all the OTL, Extra and MBR log.

-------------------------------------------------------------------------------------------------------

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 117):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7AD7000 \WINDOWS\system32\KDCOM.DLL
0xF79E7000 \WINDOWS\system32\BOOTVID.dll
0xF7588000 ACPI.sys
0xF7AD9000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7577000 pci.sys
0xF75D7000 isapnp.sys
0xF7B9F000 pciide.sys
0xF7857000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF75E7000 MountMgr.sys
0xF7558000 ftdisk.sys
0xF785F000 PartMgr.sys
0xF75F7000 VolSnap.sys
0xF7540000 atapi.sys
0xF7607000 disk.sys
0xF7617000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7520000 fltMgr.sys
0xF750E000 sr.sys
0xF74F7000 KSecDD.sys
0xF746A000 Ntfs.sys
0xF743D000 NDIS.sys
0xF7423000 Mup.sys
0xF7677000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6E45000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF6E31000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6E09000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6DE6000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF78D7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6DC2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78DF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7687000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7A6F000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF78E7000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF6DAE000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7697000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78EF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF78F7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6D8B000 \SystemRoot\system32\DRIVERS\ks.sys
0xF76D7000 \SystemRoot\system32\drivers\InCDPass.sys
0xF76E7000 \SystemRoot\system32\drivers\InCDRm.sys
0xF7A7F000 \SystemRoot\system32\DRIVERS\fsvga.sys
0xF7CB9000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A83000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6D74000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7707000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7717000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78FF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6D63000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7727000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7907000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF790F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7737000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF6D4B000 \SystemRoot\system32\DRIVERS\bdfndisf.sys
0xF7AE1000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6CED000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A93000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7747000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA20B000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA1E7000 \SystemRoot\system32\drivers\portcls.sys
0xF7767000 \SystemRoot\system32\drivers\drmk.sys
0xF7787000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AE5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7917000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7AE7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BFA000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AE9000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7927000 \SystemRoot\System32\drivers\vga.sys
0xF7AEB000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AED000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF73DF000 \SystemRoot\system32\drivers\InCDRec.sys
0xAA158000 \SystemRoot\system32\drivers\InCDFs.sys
0xF792F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7937000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF73DB000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA145000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA0EC000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA0C6000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAA0A6000 \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
0xF77A7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAA07E000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA05C000 \SystemRoot\System32\drivers\afd.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA031000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA9FC1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF77C7000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7807000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA9F81000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AF5000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA1CB000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7967000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C73000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xF6C4D000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xA9D51000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9A1C000 \SystemRoot\system32\drivers\wdmaud.sys
0xF7837000 \SystemRoot\system32\drivers\sysaudio.sys
0xA96CF000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7B95000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA95CC000 \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys
0xA945C000 \SystemRoot\system32\DRIVERS\srv.sys
0xA912A000 \SystemRoot\system32\drivers\bdfsfltr.sys
0xA8FF9000 \SystemRoot\System32\Drivers\HTTP.sys
0xA9042000 \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys
0xA8F67000 \SystemRoot\system32\drivers\bdfm.sys
0xA8F53000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA8A3B000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 41):
0 System Idle Process
4 System
904 C:\WINDOWS\system32\smss.exe
964 csrss.exe
988 C:\WINDOWS\system32\winlogon.exe
1032 C:\WINDOWS\system32\services.exe
1044 C:\WINDOWS\system32\lsass.exe
1228 C:\WINDOWS\system32\svchost.exe
1304 svchost.exe
1428 C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
1460 C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
1560 C:\WINDOWS\system32\svchost.exe
1572 C:\WINDOWS\system32\svchost.exe
1652 svchost.exe
1884 svchost.exe
124 C:\WINDOWS\system32\spoolsv.exe
288 C:\WINDOWS\explorer.exe
764 C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
772 C:\Program Files\Nero\Nero8\InCD\InCD.exe
796 C:\Program Files\Common Files\Java\Java Update\jusched.exe
816 C:\WINDOWS\RTHDCPL.EXE
780 C:\WINDOWS\system32\hkcmd.exe
852 C:\WINDOWS\system32\igfxpers.exe
940 C:\WINDOWS\system32\igfxsrvc.exe
944 C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
1984 C:\WINDOWS\system32\svchost.exe
160 svchost.exe
268 C:\WINDOWS\system32\ctfmon.exe
1180 C:\Program Files\PPStream\PPSAP.exe
568 C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
624 C:\Program Files\Java\jre6\bin\jqs.exe
1436 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
1096 C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
1788 C:\WINDOWS\system32\IoctlSvc.exe
1848 C:\WINDOWS\system32\svchost.exe
2108 wdfmgr.exe
3132 alg.exe
3792 C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
2676 C:\Program Files\Mozilla Firefox\firefox.exe
432 C:\Documents and Settings\User\Desktop\MBRCheck.exe
3728 C:\WINDOWS\system32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000012`a14c7e00 (NTFS)

PhysicalDrive0 Model Number: ST3160215AS, Rev: 3.AAD

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 7DC9B85FB6C93BA3C73988A26F436FED0329D1D9


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:


------------------------------------------------------------------------------------------------------------


OTL logfile created on: 11/9/2010 1:39:29 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 437.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 60.27 Gb Free Space | 80.88% Space Free | Partition Type: NTFS
Drive D: | 74.52 Gb Total Space | 70.71 Gb Free Space | 94.89% Space Free | Partition Type: NTFS

Computer Name: USER-74AE817AE6 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/09 01:36:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2010/11/04 11:29:02 | 000,413,696 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2010/11/04 11:28:57 | 001,638,240 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
PRC - [2010/11/04 11:28:50 | 000,782,336 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
PRC - [2010/11/04 11:28:46 | 000,442,368 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
PRC - [2010/10/27 14:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/24 11:25:30 | 000,214,408 | ---- | M] (PPStream Inc) -- C:\Program Files\PPStream\PPSAP.exe
PRC - [2008/06/10 12:29:40 | 002,049,320 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
PRC - [2008/06/10 12:29:40 | 001,442,088 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
PRC - [2008/06/10 12:29:40 | 000,053,032 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
PRC - [2008/06/10 12:29:20 | 001,083,176 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\InCD\InCD.exe
PRC - [2008/04/14 20:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/11/09 01:36:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
MOD - [2010/08/24 00:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/04 11:29:02 | 000,413,696 | ---- | M] (BitDefender SRL) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2010/11/04 11:28:57 | 001,638,240 | ---- | M] (BitDefender S. R. L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV)
SRV - [2010/11/04 11:28:40 | 000,323,584 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/01/20 19:16:20 | 000,172,032 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3)
SRV - [2008/06/10 12:29:40 | 001,442,088 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2008/06/10 12:29:40 | 000,053,032 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)


========== Driver Services (SafeList) ==========

DRV - [2010/11/04 11:29:01 | 000,104,456 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf)
DRV - [2010/11/04 11:28:40 | 000,137,224 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/20 19:08:26 | 005,795,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/29 19:59:14 | 000,142,592 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/04/03 17:49:38 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2009/01/12 12:27:58 | 000,008,832 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr)
DRV - [2008/12/10 20:42:46 | 000,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2008/10/06 18:16:16 | 000,082,696 | ---- | M] (BitDefender S.R.L.) [Kernel | Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -- (BDVEDISK)
DRV - [2008/09/18 12:09:12 | 000,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
DRV - [2008/09/02 14:32:06 | 000,013,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/06/10 12:29:30 | 000,040,488 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2008/06/10 12:29:30 | 000,038,952 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2008/06/10 12:29:20 | 000,128,424 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2008/04/14 20:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 20:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2007/12/19 11:32:12 | 005,854,688 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.sg/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.sg/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-746137067-1637723038-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.sg/
IE - HKU\S-1-5-21-746137067-1637723038-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com.sg"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ [2010/11/04 12:16:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/04 21:20:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/06 16:23:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2010/11/03 21:14:53 | 000,000,000 | ---D | M]

[2010/11/04 18:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2010/11/04 18:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ijma89zc.default\extensions
[2010/11/04 18:40:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/04 11:28:45 | 000,065,536 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\FFComm.dll

O1 HOSTS File: ([2008/04/14 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-746137067-1637723038-1801674531-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)
O4 - HKLM..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe (Nero AG)
O4 - HKU\S-1-5-21-746137067-1637723038-1801674531-1004..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSAP.exe (PPStream Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-1637723038-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O15 - HKU\S-1-5-21-746137067-1637723038-1801674531-1004\..Trusted Domains: 111222.cn ([list1] http in Trusted sites)
O15 - HKU\S-1-5-21-746137067-1637723038-1801674531-1004\..Trusted Domains: pps.tv ([kan] http in Trusted sites)
O15 - HKU\S-1-5-21-746137067-1637723038-1801674531-1004\..Trusted Domains: pps.tv ([list1] http in Trusted sites)
O15 - HKU\S-1-5-21-746137067-1637723038-1801674531-1004\..Trusted Domains: pps.tv ([tvguide] http in Trusted sites)
O15 - HKU\S-1-5-21-746137067-1637723038-1801674531-1004\..Trusted Domains: pps.tv ([vodguide] http in Trusted sites)
O15 - HKU\S-1-5-21-746137067-1637723038-1801674531-1004\..Trusted Domains: ppstream.com ([list1] http in Trusted sites)
O15 - HKU\S-1-5-21-746137067-1637723038-1801674531-1004\..Trusted Domains: ppstream.com ([notice] http in Trusted sites)
O15 - HKU\S-1-5-21-746137067-1637723038-1801674531-1004\..Trusted Domains: ppstream.com ([xml1] http in Trusted sites)
O15 - HKU\S-1-5-21-746137067-1637723038-1801674531-1004\..Trusted Domains: ppstream.com ([xml2] http in Trusted sites)
O15 - HKU\S-1-5-21-746137067-1637723038-1801674531-1004\..Trusted Domains: ppstream.com ([xml3] http in Trusted sites)
O15 - HKU\S-1-5-21-746137067-1637723038-1801674531-1004\..Trusted Domains: ppstream.net ([list1] http in Trusted sites)
O15 - HKU\S-1-5-21-746137067-1637723038-1801674531-1004\..Trusted Domains: ppstv.com ([list1] http in Trusted sites)
O15 - HKU\S-1-5-21-746137067-1637723038-1801674531-1004\..Trusted Domains: ppstv.net ([list1] http in Trusted sites)
O15 - HKU\S-1-5-21-746137067-1637723038-1801674531-1004\..Trusted Domains: security_PPStream.exe ([]about in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261045403343 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 218.186.1.58 202.156.1.58 218.186.1.88
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/17 16:39:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/09 01:36:47 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/11/08 03:17:48 | 000,026,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CTL3D.DLL
[2010/11/08 03:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\NJStar Communicator
[2010/11/06 19:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Bit Defender
[2010/11/06 15:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/11/06 15:09:14 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/11/06 15:09:14 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/11/05 17:48:38 | 000,000,000 | ---D | C] -- C:\tmp
[2010/11/05 15:18:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/11/05 15:17:36 | 000,479,232 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICSDK.dll
[2010/11/05 15:17:36 | 000,114,688 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EpPicPrt.dll
[2010/11/05 15:17:35 | 000,065,536 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EPPicMgr.dll
[2010/11/05 15:17:00 | 000,064,000 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FBCBAEP.DLL
[2010/11/05 15:17:00 | 000,049,152 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\E_DCINST.DLL
[2010/11/05 15:17:00 | 000,034,304 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FBCHAEP.DLL
[2010/11/05 15:16:59 | 000,079,679 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FLMAEP.DLL
[2010/11/05 15:16:54 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2010/11/05 15:16:49 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010/11/05 15:16:45 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2010/11/05 15:14:42 | 000,046,080 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\escimgd.dll
[2010/11/05 15:14:42 | 000,029,696 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\escwiad.dll
[2010/11/05 15:14:42 | 000,022,016 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\esccmd.dll
[2010/11/05 15:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2010/11/05 15:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\My Received Files
[2010/11/05 14:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Tracing
[2010/11/05 14:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/11/05 14:45:20 | 000,054,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fssfltr_tdi.sys
[2010/11/05 14:44:47 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2010/11/05 14:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/11/05 14:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/11/05 14:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/11/05 14:43:13 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/11/05 14:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/11/05 14:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/11/05 14:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\PPStream
[2010/11/05 14:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\PPStream
[2010/11/04 22:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\IGS
[2010/11/04 22:39:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/04 22:33:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Downloads
[2010/11/04 22:24:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/11/04 22:24:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/11/04 18:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Mozilla
[2010/11/04 18:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Mozilla
[2010/11/04 18:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/11/04 12:51:50 | 000,032,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2010/11/04 12:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/11/04 12:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/11/04 12:49:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/11/04 12:48:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Microsoft Help
[2010/11/04 12:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/11/04 12:48:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/11/04 12:48:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/11/04 12:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/04 12:45:48 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/04 12:45:48 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/04 12:45:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/04 12:45:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/04 12:44:51 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/11/04 12:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/11/04 11:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\9 huang ye
[2010/11/04 11:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\My Wedding
[2010/11/04 11:39:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Power MP3 Cutter
[2010/11/04 11:39:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Shirely HP
[2010/11/04 11:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Vincent Hp Picture
[2010/11/04 11:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\California Pools
[2010/11/04 11:19:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/11/03 21:15:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\BitDefender
[2010/11/03 21:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2010/11/03 21:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/11/03 21:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2010/11/03 19:26:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/11/03 19:05:30 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/11/03 19:05:30 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/11/03 19:05:29 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/11/03 19:05:28 | 001,986,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/11/03 19:05:27 | 011,080,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/11/03 19:01:50 | 000,172,032 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2010/11/03 18:59:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/03 18:59:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/03 18:59:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/11/03 18:59:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Google
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/09 01:37:57 | 000,011,402 | ---- | M] () -- C:\Documents and Settings\User\Desktop\msconfig.docx
[2010/11/09 01:36:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/11/09 01:30:48 | 000,001,821 | ---- | M] () -- C:\WINDOWS\psnetwork.ini
[2010/11/09 01:30:42 | 000,000,090 | ---- | M] () -- C:\WINDOWS\PCDNSetting.ini
[2010/11/09 01:30:41 | 000,001,370 | ---- | M] () -- C:\WINDOWS\Powerlist.ini
[2010/11/09 01:30:41 | 000,001,283 | ---- | M] () -- C:\WINDOWS\powerplayer.ini
[2010/11/09 01:19:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/08 23:33:51 | 000,000,060 | ---- | M] () -- C:\WINDOWS\MediaList.ini
[2010/11/08 23:30:16 | 000,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2010/11/08 23:29:38 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/08 23:29:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/08 23:28:58 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2010/11/08 16:50:33 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2010/11/08 03:37:53 | 000,000,378 | ---- | M] () -- C:\WINDOWS\NJCOM.INI
[2010/11/08 03:17:55 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\ NJStar Communicator .LNK
[2010/11/08 03:17:55 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\User\Desktop\NJStar Communicator.LNK
[2010/11/06 15:28:46 | 000,210,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/05 17:49:03 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to LoginPatch.lnk
[2010/11/05 15:28:02 | 000,312,054 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/05 15:28:02 | 000,040,442 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/05 15:14:28 | 000,000,025 | ---- | M] () -- C:\WINDOWS\CDE CX4100EC.ini
[2010/11/05 14:44:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/05 14:27:17 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PPStream.lnk
[2010/11/04 18:40:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/11/04 18:40:05 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/04 12:16:30 | 000,000,850 | ---- | M] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2010/11/04 12:16:30 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2010/11/04 11:59:50 | 000,000,289 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2010/11/04 11:29:01 | 000,104,456 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys
[2010/11/03 19:00:18 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/03 19:00:18 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/09 01:37:56 | 000,011,402 | ---- | C] () -- C:\Documents and Settings\User\Desktop\msconfig.docx
[2010/11/08 03:17:59 | 000,000,378 | ---- | C] () -- C:\WINDOWS\NJCOM.INI
[2010/11/08 03:17:55 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\ NJStar Communicator .LNK
[2010/11/08 03:17:55 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\User\Desktop\NJStar Communicator.LNK
[2010/11/07 20:03:35 | 000,009,662 | ---- | C] () -- C:\WINDOWS\EPISME00.SWB
[2010/11/06 19:18:58 | 000,000,090 | ---- | C] () -- C:\WINDOWS\PCDNSetting.ini
[2010/11/05 17:49:03 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to LoginPatch.lnk
[2010/11/05 15:17:36 | 000,089,430 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/11/05 15:17:36 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/11/05 15:17:36 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/11/05 15:17:36 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/11/05 15:17:36 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/11/05 15:17:36 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/11/05 15:17:36 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/11/05 15:17:36 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/11/05 15:17:36 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/11/05 15:17:36 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/11/05 15:17:36 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/11/05 15:17:36 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/11/05 15:17:36 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/11/05 15:17:36 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/11/05 15:17:35 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/11/05 15:17:35 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/11/05 15:17:35 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/11/05 15:17:35 | 000,013,732 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_EN.cfg
[2010/11/05 15:17:35 | 000,006,442 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_IT.cfg
[2010/11/05 15:17:35 | 000,006,347 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_PT.cfg
[2010/11/05 15:17:35 | 000,006,347 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_BP.cfg
[2010/11/05 15:17:35 | 000,006,335 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_GE.cfg
[2010/11/05 15:17:35 | 000,006,195 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_FR.cfg
[2010/11/05 15:17:35 | 000,006,195 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_CF.cfg
[2010/11/05 15:17:35 | 000,006,122 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_DU.cfg
[2010/11/05 15:17:35 | 000,006,103 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_ES.cfg
[2010/11/05 15:17:35 | 000,005,817 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_KO.cfg
[2010/11/05 15:17:35 | 000,005,436 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_SC.cfg
[2010/11/05 15:17:35 | 000,002,889 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_RU.cfg
[2010/11/05 15:17:35 | 000,002,426 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_TC.cfg
[2010/11/05 15:14:28 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX4100EC.ini
[2010/11/05 14:27:29 | 000,000,060 | ---- | C] () -- C:\WINDOWS\MediaList.ini
[2010/11/05 14:27:17 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PPStream.lnk
[2010/11/05 14:27:09 | 000,001,370 | ---- | C] () -- C:\WINDOWS\Powerlist.ini
[2010/11/05 14:27:06 | 000,001,283 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2010/11/05 14:27:02 | 000,001,821 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2010/11/05 01:13:33 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2010/11/04 18:40:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/04 18:40:05 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/04 12:16:30 | 000,000,850 | ---- | C] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2010/11/04 12:16:30 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2010/11/04 11:59:30 | 000,000,289 | ---- | C] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2010/11/04 11:29:11 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2010/11/03 21:14:05 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/03 21:14:04 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/18 00:07:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/12/17 17:23:18 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/17 17:23:18 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/12/17 17:23:16 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/12/17 17:23:16 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/17 17:23:16 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/17 17:23:16 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/12/17 16:58:15 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/12/17 16:50:08 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2008/10/09 16:31:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 20:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 20:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 20:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 20:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 20:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cryptdll.dll
[2008/04/14 20:00:00 | 000,094,720 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iphlpapi.dll
[2008/04/14 20:00:00 | 000,071,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msacm32.dll
[2008/04/14 20:00:00 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvcrt40.dll
[2008/04/14 20:00:00 | 000,237,056 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasapi32.dll
[2008/04/14 20:00:00 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasman.dll
[2008/04/14 20:00:00 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rtutils.dll
[2008/04/14 20:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sensapi.dll
[2008/04/14 20:00:00 | 000,713,216 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sxs.dll
[2008/04/14 20:00:00 | 000,181,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\tapi32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/09/18 12:09:12 | 000,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfm.sys
[2010/11/04 11:29:01 | 000,104,456 | ---- | M] (BitDefender LLC) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfndisf.sys
[2008/12/10 20:42:46 | 000,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\bdfsfltr.sys

< %systemroot%\System32\config\*.sav >
[2009/12/18 00:06:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/12/18 00:06:00 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/12/18 00:06:00 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/11/04 11:29:01 | 000,104,456 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\system32\drivers\bdfndisf.sys
[2010/08/26 21:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys

< End of report >

---------------------------------------------------------------------------------------------------------------


OTL Extras logfile created on: 11/9/2010 1:39:29 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 437.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 60.27 Gb Free Space | 80.88% Space Free | Partition Type: NTFS
Drive D: | 74.52 Gb Total Space | 70.71 Gb Free Space | 94.89% Space Free | Partition Type: NTFS

Computer Name: USER-74AE817AE6 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-746137067-1637723038-1801674531-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS厙釐萇弝 -- (PPStream Inc.)
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS 厙釐樓厒 -- (PPStream Inc)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 22
"{27148014-3B0A-402B-8130-6B056357D12D}" = BitDefender Internet Security 2009
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{314F6D08-A8B7-11D8-8446-0050BA1D384D}" = EPSON Image Clip Palette
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{7FD7FB8C-2C75-4A8E-A236-EB23C5CD1033}" = Nero 8 Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F19D07BC-6240-49D3-BA5C-59B015DF8916}" = EPSON Easy Photo Print
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESCX4700_4100 User's Guide" = ESCX4700_4100 User's Guide
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.6 (Full)
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"NJStar Communicator" = NJStar Communicator
"PPStream" = PPStream V2.7.0.1150 Final
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/3/2010 6:58:30 AM | Computer Name = USER-74AE817AE6 | Source = Windows Product Activation | ID = 1012
Description = Due to hardware changes on this computer, you will need to reactivate
your Windows product.

Error - 11/3/2010 11:24:28 PM | Computer Name = USER-74AE817AE6 | Source = Arrakis3 | ID = 131073
Description = An error has occurred (StartServiceCtrlDispatcher failed with 997).

Error - 11/4/2010 1:12:43 PM | Computer Name = USER-74AE817AE6 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 11/4/2010 1:12:43 PM | Computer Name = USER-74AE817AE6 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 11/4/2010 1:12:43 PM | Computer Name = USER-74AE817AE6 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module , version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 11/4/2010 9:20:06 AM | Computer Name = USER-74AE817AE6 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.81 for the Network Card with network
address 001D92A9800C has been denied by the DHCP server 172.17.0.47 (The DHCP Server
sent a DHCPNACK message).

Error - 11/6/2010 11:06:36 PM | Computer Name = USER-74AE817AE6 | Source = Service Control Manager | ID = 7034
Description = The BitDefender Virus Shield service terminated unexpectedly. It
has done this 1 time(s).


< End of report >


---------------------------------------------------------------------------------------------------------------
Best Regards,
Shirely

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:30 PM

Posted 08 November 2010 - 01:58 PM

Hi,

the infection is still present. Whatever they did, does not seem to have removed the infection.

We can fix this, however first of all I would like you to backup the MBR:

  • Please download mbr.exe and save it to C:\windows <- (Important!).
  • Open NOTEPAD and copy/paste the text in the quotebox below into it:
    @ECHO OFF
    CD "%~DP0"
    MBR -c 0 1 backup_mbr.zip
    DEL %0
  • Save this as mbrlook.bat. Choose to "Save type as - All Files" and save it to your Desktop.
    It should look like this: Posted Image
  • Double click the mbrlook.bat to run it.
  • A file named mbr.zip will be created on your desktop. Please attach that to your next reply.

Once we have the backup of the file, I'll give you the instructions to replace the MBR.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 shirely

shirely
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:30 AM

Posted 08 November 2010 - 02:13 PM

Hi

I don't really understand the following step what notepad do you mean. Meaning that i need to run the mbr.exe is it?

Open NOTEPAD and copy/paste the text in the quotebox below into it:

@ECHO OFF
CD "%~DP0"
MBR -c 0 1 backup_mbr.zip
DEL %0
Best Regards,
Shirely

#10 shirely

shirely
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:30 AM

Posted 08 November 2010 - 03:26 PM

Hi

attach hereby the back_up mbr. zip. Not sure i do the it correct or not.

Attached Files


Best Regards,
Shirely

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:30 PM

Posted 09 November 2010 - 02:31 AM

Hi,

it's looking good! :)

Please do the following:
  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter your choice: enter 2 and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter 1 for Windows XP, and then press Enter.
  • The program will prompt for confirmation. Type 'YES' and hit Enter.
  • Left click on the title bar (where program name and path is written).
  • From menu chose Edit -> Select All
  • Hit the Enter key on your keyboard to copy selected text.
  • Paste that text into Notepad, save it to your desktop as "MBRCheck results.txt"
  • Restart your PC.
  • Post the text in "MBRCheck results.txt" here, please.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 shirely

shirely
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:30 AM

Posted 09 November 2010 - 03:37 AM

Hi

Can i know after all done beside seeing the MBRcheck results.txt, is it that it will also have another icon on my desktop call MBRCheck_MBR_Backup 11-0 BAK File. I had that on my desktop. 'Black Internet' beside infecting the MBR can i know any other infection it will had, eg will the computer detail or any password etc to be disclose. Today is the 5th day after my computer being reformat and re-install except the 1st day my IE8 close by itself and playing the strange music, till now everything seem fine.

Anyway hereby the MBRCheck result.txt

-----------------------------------------------------------------------------------------------------------------

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 118):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7AD7000 \WINDOWS\system32\KDCOM.DLL
0xF79E7000 \WINDOWS\system32\BOOTVID.dll
0xF7588000 ACPI.sys
0xF7AD9000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7577000 pci.sys
0xF75D7000 isapnp.sys
0xF7B9F000 pciide.sys
0xF7857000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF75E7000 MountMgr.sys
0xF7558000 ftdisk.sys
0xF785F000 PartMgr.sys
0xF75F7000 VolSnap.sys
0xF7540000 atapi.sys
0xF7607000 disk.sys
0xF7617000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7520000 fltMgr.sys
0xF750E000 sr.sys
0xF74F7000 KSecDD.sys
0xF746A000 Ntfs.sys
0xF743D000 NDIS.sys
0xF7423000 Mup.sys
0xF7677000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6E45000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF6E31000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6E09000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6DE6000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF78D7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6DC2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78DF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7687000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7A6F000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF78E7000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF6DAE000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7697000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78EF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF78F7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6D8B000 \SystemRoot\system32\DRIVERS\ks.sys
0xF76D7000 \SystemRoot\system32\drivers\InCDPass.sys
0xF76E7000 \SystemRoot\system32\drivers\InCDRm.sys
0xF7A7F000 \SystemRoot\system32\DRIVERS\fsvga.sys
0xF7CB9000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A83000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6D74000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7707000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7717000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78FF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6D63000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7727000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7907000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF790F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7737000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF6D4B000 \SystemRoot\system32\DRIVERS\bdfndisf.sys
0xF7AE1000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6CED000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A93000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7747000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA20B000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA1E7000 \SystemRoot\system32\drivers\portcls.sys
0xF7767000 \SystemRoot\system32\drivers\drmk.sys
0xF7787000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AE5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF791F000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7AE7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C0F000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AE9000 \SystemRoot\System32\Drivers\Beep.SYS
0xF792F000 \SystemRoot\System32\drivers\vga.sys
0xF7AEB000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AED000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A63000 \SystemRoot\system32\drivers\InCDRec.sys
0xAA158000 \SystemRoot\system32\drivers\InCDFs.sys
0xF7937000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF793F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A67000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA145000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA0EC000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA0CC000 \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
0xAA0A6000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAA07E000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA05C000 \SystemRoot\System32\drivers\afd.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA031000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA9FC1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF77D7000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7647000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA9F81000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AF9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA1D3000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7977000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C79000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xF7827000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xA9E65000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9AE4000 \SystemRoot\system32\drivers\wdmaud.sys
0xF6CDD000 \SystemRoot\system32\drivers\sysaudio.sys
0xA97E7000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7B9B000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA97AC000 \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys
0xA963C000 \SystemRoot\system32\DRIVERS\srv.sys
0xA90D3000 \SystemRoot\System32\Drivers\HTTP.sys
0xA8F81000 \SystemRoot\system32\drivers\bdfsfltr.sys
0xA9220000 \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys
0xA8E4F000 \SystemRoot\system32\drivers\bdfm.sys
0xA9414000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA892D000 \SystemRoot\system32\drivers\kmixer.sys
0xF79BF000 \??\C:\DOCUME~1\User\LOCALS~1\Temp\mbr.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 41):
0 System Idle Process
4 System
912 C:\WINDOWS\system32\smss.exe
964 csrss.exe
988 C:\WINDOWS\system32\winlogon.exe
1032 C:\WINDOWS\system32\services.exe
1044 C:\WINDOWS\system32\lsass.exe
1232 C:\WINDOWS\system32\svchost.exe
1296 svchost.exe
1420 C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
1468 C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
1536 C:\WINDOWS\system32\svchost.exe
1580 C:\WINDOWS\system32\svchost.exe
1680 svchost.exe
1880 svchost.exe
2036 C:\WINDOWS\system32\spoolsv.exe
240 C:\WINDOWS\explorer.exe
712 C:\WINDOWS\system32\svchost.exe
740 svchost.exe
852 C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
888 C:\Program Files\Java\jre6\bin\jqs.exe
1188 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
1344 C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
1356 C:\Program Files\Nero\Nero8\InCD\InCD.exe
1776 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1780 C:\WINDOWS\RTHDCPL.EXE
1828 C:\WINDOWS\system32\igfxsrvc.exe
124 C:\WINDOWS\system32\hkcmd.exe
168 C:\WINDOWS\system32\igfxpers.exe
200 C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
1800 C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
472 C:\WINDOWS\system32\IoctlSvc.exe
184 C:\WINDOWS\system32\svchost.exe
2104 wdfmgr.exe
2124 C:\WINDOWS\system32\ctfmon.exe
2312 C:\Program Files\PPStream\PPSAP.exe
3424 alg.exe
1612 C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
880 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAMTAEP.EXE
1176 C:\Documents and Settings\User\Desktop\MBRCheck.exe
3716 C:\WINDOWS\system32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000012`a14c7e00 (NTFS)

PhysicalDrive0 Model Number: ST3160215AS, Rev: 3.AAD

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 7DC9B85FB6C93BA3C73988A26F436FED0329D1D9


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
Best Regards,
Shirely

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:30 PM

Posted 09 November 2010 - 07:06 AM

Hi,

Whistler normally doesn't come with any other infections and up til now did not steal passwords either.

The icon you see is a back up from MBRCheck, we will remove it once we are sure that eveyrthing is fine.

Is your PC doing better?

Edited by myrti, 09 November 2010 - 07:07 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 shirely

shirely
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:30 AM

Posted 09 November 2010 - 12:23 PM

Hi,

My pc so far so good, IE8 normal, no strange music, only when i use bit defender do deep system scan today found out 2 threat but was deleted. Can i know is this type of threat normal or not.


Object Name
[System]=]C:\Documents and Settings\User\Cookies\user@overture[2].txt

Threat Name
Cookie.Overture

Final Status
Deleted
------------------------------------------------------------------
Object Name
[System]=]C:\Documents and Settings\User\Cookies\user@bs.serving-sys[1].txt

Threat Name
Cookie.BS.Serving-Sys

Final Status
Deleted
Best Regards,
Shirely

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:30 PM

Posted 10 November 2010 - 04:40 AM

Hi,

those are cookies. They get created whenever you visit a site and are normal detections.

Please run a scan with Kaspersky to check for leftover:
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users