Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CSC.exe Infected


  • This topic is locked This topic is locked
16 replies to this topic

#1 thomaus

thomaus

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 26 October 2010 - 12:39 PM

Hi,

A co-worker brought his infected PC to me.
He's seeing the Security Warning application going, and a bunch of bogus alerts going. Warnings, and messages about viruses popping up from the system tray.
I logged into another user to run dds.scr and gmer.exe. When logged on as his user, I got 'infected' warnings trying to run any of the utilities, even with changed filenames. The utility would then disappear. I tried running msconfig while on that user, and it too got shut down.
Apparently the guy who uses this machine did click some of the boxes to 'fix' the problems, and was taken to the websites wanting credit cards.

I'm pasting the logs as described in the procedure.


DDS (Ver_10-10-21.02) - NTFSx86
Run by Administrator at 16:19:41.84 on 10/25/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1156 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\VisualCron\VisualCronService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\VisualCron\VCTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\KatMouse\KatMouse.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
E:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070118
uSearch Page = hxxp://www.google.ca/hws/sb/dell-row-rel/en/side.html?channel=ca
uSearch Bar = hxxp://www.google.ca/hws/sb/dell-row-rel/en/side.html?channel=ca
uDefault_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070118
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\alot.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DiskeeperSystray] "c:\program files\executive software\diskeeper\DkIcon.exe"
mRun: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [VisualCron Tray ClientV5] c:\program files\visualcron\VCTray.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\documents and settings\administrator.ntdomain\start menu\programs\startup\del_temp.bat
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~2.lnk - c:\katmouse\KatMouse.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - c:\windows\system32\taskmgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {3269A168-A467-4236-9D77-FF36D8DFB20F} - hxxps://bis.na.blackberry.com/html/web/client_tools/RIM-PwpClient.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169652058425
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169653830965
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} - hxxps://bis.na.blackberry.com/html/web/client_tools/TOImport.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://xmpie.webex.com/client/T26L/webex/ieatgpc.cab
TCP: {1916A43D-9F34-4E2A-B1A7-CE644479E84F} = 172.21.1.55,172.21.3.10
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
Hosts: 172.21.3.2 Docutech-2
Hosts: 172.21.3.3 Docucolour-6060
Hosts: 172.21.3.7 NV-340
Hosts: 172.21.3.8 iGen
Hosts: 172.21.3.8 iGen-271

============= SERVICES / DRIVERS ===============

R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2003-10-23 16984]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2003-11-17 11165]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2008-5-28 337280]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2008-5-28 54656]
R2 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2004-11-1 106496]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2008-6-24 191848]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2008-6-24 169320]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2008-9-30 116664]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2008-9-30 1980856]
R2 VisualCron;VisualCron;c:\program files\visualcron\VisualCronService.exe [2010-5-20 1912072]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-31 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101025.002\naveng.sys [2010-10-25 86064]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101025.002\navex15.sys [2010-10-25 1371184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

============== File Associations ===============

.txt=

=============== Created Last 30 ================

2010-10-22 05:50:42 6146896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{3abd4316-1eac-4420-a71b-b1288a244370}\mpengine.dll
2010-10-13 00:52:46 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 00:52:46 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 00:52:41 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

==================== Find3M ====================

2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ------w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 16:19:54.06 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:24 AM

Posted 04 November 2010 - 06:17 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 thomaus

thomaus
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 05 November 2010 - 12:48 PM

Here is the OTL scan, and attached is the new GMER text file ark.txt. I ran them when the network cable was connected. I don't know if that made a difference or not.

A tech guy here got to the machine when he came back from holidays and did run a virus scan when it was in Safe Mode before I could stop him. I don't think it accomplished much. I told him to stay off the machine. Other than that, we haven't done anything to it to my knowledge.

Thanks for helping me with this.


OTL logfile created on: 11/05/2010 1:31:49 PM - Run 2
OTL by OldTimer - Version 3.2.17.2 Folder = C:\bleepingcomputer
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: MM/dd/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.62 Gb Total Space | 110.88 Gb Free Space | 76.14% Space Free | Partition Type: NTFS
Drive I: | 1150.98 Gb Total Space | 481.90 Gb Free Space | 41.87% Space Free | Partition Type: NTFS
Drive K: | 1150.98 Gb Total Space | 481.90 Gb Free Space | 41.87% Space Free | Partition Type: NTFS
Drive M: | 34.25 Gb Total Space | 21.68 Gb Free Space | 63.29% Space Free | Partition Type: NTFS
Drive O: | 34.25 Gb Total Space | 21.68 Gb Free Space | 63.29% Space Free | Partition Type: NTFS
Drive S: | 1150.98 Gb Total Space | 481.90 Gb Free Space | 41.87% Space Free | Partition Type: NTFS

Computer Name: MIS-DANS | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/04 19:23:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\bleepingcomputer\OTL.exe
PRC - [2010/05/20 13:09:56 | 000,215,304 | ---- | M] (neteject.com) -- C:\Program Files\VisualCron\VCTray.exe
PRC - [2010/05/20 13:09:40 | 001,912,072 | ---- | M] (neteject.com) -- C:\Program Files\VisualCron\VisualCronService.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/30 17:41:44 | 001,980,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2008/09/30 17:41:14 | 000,125,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2008/09/30 17:41:08 | 000,116,664 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2008/09/30 17:40:56 | 000,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/14 00:04:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/06/24 18:17:38 | 000,169,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2008/06/24 18:17:36 | 000,191,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2008/06/24 18:17:34 | 000,053,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 20:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/09/01 10:00:00 | 000,122,880 | ---- | M] (WinZip Computing LP) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2006/08/28 23:57:12 | 000,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/07/24 12:20:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 09:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 09:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2005/09/24 04:54:15 | 000,050,176 | ---- | M] () -- C:\KatMouse\KatMouse.exe
PRC - [2005/09/08 07:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/26 18:51:22 | 000,606,316 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe
PRC - [2004/11/01 12:50:00 | 000,106,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe
PRC - [2004/07/27 18:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/11/04 19:23:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\bleepingcomputer\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2005/09/24 04:52:47 | 000,035,328 | ---- | M] () -- C:\KatMouse\KatMouseS.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/05/20 13:09:40 | 001,912,072 | ---- | M] (neteject.com) [Auto | Running] -- C:\Program Files\VisualCron\VisualCronService.exe -- (VisualCron)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/30 17:41:44 | 001,980,856 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/09/30 17:41:08 | 000,116,664 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2008/09/30 17:40:56 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2008/08/20 15:50:30 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/06/24 18:17:38 | 000,169,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2008/06/24 18:17:36 | 000,191,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/07/26 19:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/07/06 09:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2005/07/26 18:51:22 | 000,606,316 | ---- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2004/11/01 12:50:00 | 000,106,496 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - [2010/09/15 07:30:55 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101105.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/09/15 07:30:51 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101105.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/21 18:41:04 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/21 18:41:01 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/04/15 14:19:44 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/08/20 15:50:02 | 000,188,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/20 15:49:56 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/05/28 11:31:24 | 000,337,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2008/05/28 11:31:24 | 000,054,656 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/17 08:07:00 | 006,853,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/07/26 19:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/07/24 12:20:00 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/07/19 17:42:16 | 000,230,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/07/06 08:59:42 | 000,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2006/06/05 05:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/05/07 07:30:00 | 000,033,504 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2006/01/10 13:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/12 05:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 07:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 07:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 07:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 07:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 07:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 07:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 07:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 14:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 14:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 07:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/07/28 08:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005/07/20 19:08:28 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2005/07/20 19:08:26 | 000,327,808 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2004/03/05 13:52:22 | 000,008,368 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\awechomd.sys -- (awecho)
DRV - [2003/11/17 19:06:48 | 000,011,165 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\awlegacy.sys -- (awlegacy)
DRV - [2003/10/23 11:32:20 | 000,016,984 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AW_HOST5.sys -- (AW_HOST)
DRV - [2003/04/21 14:00:32 | 000,013,898 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GERNUWA.sys -- (Gernuwa)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070118
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070118


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070118
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070118
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070118
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070118
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1200164097-1760575143-10498456-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070118
IE - HKU\S-1-5-21-1200164097-1760575143-10498456-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca/hws/sb/dell-row-rel/en/side.html?channel=ca
IE - HKU\S-1-5-21-1200164097-1760575143-10498456-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070118
IE - HKU\S-1-5-21-1200164097-1760575143-10498456-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2008/10/27 18:07:05 | 000,000,901 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 172.21.3.2 Docutech-2
O1 - Hosts: 172.21.3.3 Docucolour-6060
O1 - Hosts: 172.21.3.7 NV-340
O1 - Hosts: 172.21.3.8 iGen
O1 - Hosts: 172.21.3.8 iGen-271
O1 - Hosts: XXX172.21.1.68 companywebsite.com
O1 - Hosts: XXX172.21.1.68 companywebsite.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\alot.dll (Vertro)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
O3 - HKU\S-1-5-21-1200164097-1760575143-10498456-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Executive Software\Diskeeper\DkIcon.exe (Executive Software International, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Tweak UI] C:\WINDOWS\System32\TWEAKUI.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [VisualCron Tray ClientV5] C:\Program Files\VisualCron\VCTray.exe (neteject.com)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1200164097-1760575143-10498456-500..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1200164097-1760575143-10498456-500..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - Startup: C:\Documents and Settings\administrator.NTDOMAIN\Start Menu\Programs\Startup\del_temp.bat ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to KatMouse.exe.lnk = C:\KatMouse\KatMouse.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O4 - Startup: C:\Documents and Settings\dans\Start Menu\Programs\Startup\del_temp.bat ()
O4 - Startup: C:\Documents and Settings\pdoodnauth\Start Menu\Programs\Startup\del_temp.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1200164097-1760575143-10498456-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O12 - Plugin for: .acu - Reg Error: Value error. File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3269A168-A467-4236-9D77-FF36D8DFB20F} https://bis.na.blackberry.com/html/web/client_tools/RIM-PwpClient.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169652058425 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169653830965 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} https://bis.na.blackberry.com/html/web/client_tools/TOImport.cab (TeamOn Import Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://xmpie.webex.com/client/T26L/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ntdomain.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/01/26 15:15:49 | 000,000,000 | ---D | M] - C:\Autograph Ebooks 9.4 -- [ NTFS ]
O33 - MountPoints2\##Mis688#DVD\Shell - "" = AutoRun
O33 - MountPoints2\##Mis688#DVD\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##Mis688#DVD\Shell\AutoRun\command - "" = Z:\Autoplay.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/03 11:23:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/03 11:12:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\administrator.NTDOMAIN\Recent
[2010/11/03 11:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.NTDOMAIN\Application Data\Xerox
[2010/10/27 01:33:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/10/26 13:22:01 | 000,000,000 | ---D | C] -- C:\bleepingcomputer
[2010/10/26 01:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.NTDOMAIN\Local Settings\Application Data\PCHealth
[2007/01/25 10:19:49 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/05 13:10:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/05 11:25:25 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/05 11:25:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/05 11:24:59 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/05 11:22:28 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
[2010/11/05 11:22:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/05 11:22:10 | 2145,296,384 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/05 08:03:00 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\listjobs.job
[2010/11/03 14:17:18 | 003,166,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/03 11:26:32 | 000,000,105 | ---- | M] () -- C:\Documents and Settings\administrator.NTDOMAIN\xdo1632s.ini
[2010/10/25 16:03:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\administrator.NTDOMAIN\defogger_reenable
[2010/10/25 09:25:23 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/24 13:49:46 | 000,624,154 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/24 13:49:46 | 000,132,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/22 18:30:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (MIS-DANS-dsideen).job
[2010/10/21 11:57:51 | 000,005,204 | ---- | M] () -- C:\WINDOWS\XDOCSUB.INI
[2010/10/20 22:35:01 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/18 10:02:23 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VisualCron 5.lnk
[2010/10/13 09:53:56 | 000,002,331 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EFI-PSI v12.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/03 10:03:02 | 2145,296,384 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/25 16:03:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\administrator.NTDOMAIN\defogger_reenable
[2010/10/25 09:25:23 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/07 13:47:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2009/05/08 10:30:43 | 000,000,014 | ---- | C] () -- C:\WINDOWS\hpmssnpjt.ini
[2008/12/02 10:14:42 | 000,005,204 | ---- | C] () -- C:\WINDOWS\XDOCSUB.INI
[2008/12/02 10:14:06 | 000,147,616 | ---- | C] () -- C:\WINDOWS\System32\nwcalls.dll
[2008/12/02 10:14:06 | 000,124,416 | ---- | C] () -- C:\WINDOWS\System32\tbpro1w.dll
[2008/12/02 10:14:06 | 000,107,920 | ---- | C] () -- C:\WINDOWS\System32\tbpro2w.dll
[2008/12/02 10:14:06 | 000,070,112 | ---- | C] () -- C:\WINDOWS\System32\tbpro5w.dll
[2008/07/30 16:19:43 | 000,000,851 | ---- | C] () -- C:\WINDOWS\OEPIKFRM.INI
[2008/07/21 11:17:52 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\ExportModeller.dll
[2008/07/21 11:17:52 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\Crtslv.dll
[2008/07/21 11:17:52 | 000,001,140 | ---- | C] () -- C:\WINDOWS\FpwU.INI.PROG
[2008/06/25 19:36:54 | 000,009,945 | -H-- | C] () -- C:\Documents and Settings\administrator.NTDOMAIN\Application Data\pp7eskf
[2008/04/12 15:28:40 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/04/12 15:28:40 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/04/12 15:28:21 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/04/12 15:28:21 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/04/12 15:28:20 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/03/03 12:08:35 | 000,214,512 | ---- | C] () -- C:\WINDOWS\System32\pluginhostctrl.dll
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/05/03 08:51:32 | 000,048,210 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02030.dtd
[2007/05/03 08:51:32 | 000,046,977 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02025.dtd
[2007/05/03 08:51:32 | 000,046,891 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02024.dtd
[2007/05/03 08:51:32 | 000,042,018 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02023.dtd
[2007/05/03 08:51:31 | 000,041,788 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02022.dtd
[2007/05/03 08:51:31 | 000,041,363 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02021.dtd
[2007/05/03 08:51:31 | 000,040,636 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02020.dtd
[2007/05/03 08:51:31 | 000,038,307 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02010.dtd
[2007/05/03 08:51:31 | 000,036,381 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02012.dtd
[2007/05/03 08:51:31 | 000,035,275 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v2000.dtd
[2007/04/10 13:58:17 | 000,001,344 | ---- | C] () -- C:\WINDOWS\System32\odbcinst.ini
[2007/02/12 09:40:01 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\142FB99305.sys
[2007/02/12 09:40:00 | 000,003,764 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/02/07 19:13:21 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007/01/25 11:19:31 | 000,048,586 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02030a.dtd
[2007/01/25 10:21:19 | 000,000,065 | ---- | C] () -- C:\WINDOWS\CtlSwtch.ini
[2007/01/25 10:19:50 | 000,001,125 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2007/01/25 10:19:50 | 000,000,835 | ---- | C] () -- C:\WINDOWS\MACOLA7.INI
[2007/01/25 10:19:50 | 000,000,676 | ---- | C] () -- C:\WINDOWS\VTOOLS.INI
[2007/01/25 10:19:49 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\WBTRVC32.DLL
[2007/01/25 10:19:47 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\EVTRN13.DLL
[2007/01/24 18:39:46 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\CWVBSYNC.DLL
[2007/01/24 18:31:21 | 000,000,126 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/01/24 17:18:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/01/24 11:08:36 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/01/18 12:07:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/18 12:01:40 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/01/18 11:58:05 | 000,003,206 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/18 11:36:15 | 000,000,493 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/21 17:57:36 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2005/12/21 17:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2005/12/21 17:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2005/11/10 03:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 19:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 19:07:24 | 000,005,332 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/01/08 09:28:00 | 000,121,344 | ---- | C] () -- C:\WINDOWS\System32\mcw32.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/10/26 04:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\CRInf9.dll
[1999/03/12 04:00:00 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\Crutl14.dll
[1999/03/12 04:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Crsybdtc14.dll
[1996/11/17 01:37:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2008/12/28 19:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2008/12/28 20:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2009/11/18 14:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.NTDOMAIN\Application Data\alot
[2008/06/25 19:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.NTDOMAIN\Application Data\Enfocus Prefs Folder
[2007/01/24 11:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.NTDOMAIN\Application Data\Leadertech
[2008/06/25 11:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.NTDOMAIN\Application Data\PKWARE
[2008/11/14 11:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.NTDOMAIN\Application Data\Windows Desktop Search
[2010/08/27 14:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.NTDOMAIN\Application Data\Windows Search
[2010/11/03 11:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.NTDOMAIN\Application Data\Xerox
[2008/11/14 14:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Altova
[2007/06/25 15:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enfocus Prefs Folder
[2008/09/22 12:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MainType
[2007/10/01 17:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PKWARE
[2008/06/25 18:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/06/08 12:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/15 14:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VisualCron
[2007/01/18 12:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2007/10/30 17:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dans\Application Data\Blackberry Desktop
[2007/06/25 16:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dans\Application Data\Enfocus Prefs Folder
[2007/04/12 11:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dans\Application Data\FileZilla
[2008/03/07 18:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dans\Application Data\Gradual Software
[2007/02/03 12:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dans\Application Data\IsolatedStorage
[2007/02/19 09:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dans\Application Data\Leadertech
[2007/01/26 14:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dans\Application Data\MainType
[2008/08/12 12:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dans\Application Data\PGP
[2008/03/03 12:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dans\Application Data\PictureTalk
[2007/10/01 17:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dans\Application Data\PKWARE
[2008/06/25 12:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dans\Application Data\PrintShop Mail
[2007/10/30 09:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dans\Application Data\Research In Motion
[2007/02/07 14:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dans\Application Data\webex
[2008/08/28 12:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dans\Application Data\Windows Search
[2009/01/02 15:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\digital\Application Data\Windows Desktop Search
[2009/06/11 10:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\docutech\Application Data\Windows Desktop Search
[2010/01/24 17:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pdoodnauth\Application Data\alot
[2009/05/03 16:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pdoodnauth\Application Data\Leadertech
[2009/02/23 13:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pdoodnauth\Application Data\PrintShop Mail
[2008/11/27 15:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pdoodnauth\Application Data\Windows Desktop Search
[2008/11/28 11:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pdoodnauth\Application Data\Windows Search
[2010/01/19 14:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pdoodnauth\Application Data\Xerox
[2010/07/15 08:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pschalkwyk\Application Data\Windows Desktop Search
[2010/11/05 08:03:00 | 000,000,222 | ---- | M] () -- C:\WINDOWS\Tasks\listjobs.job
[2010/11/05 11:25:25 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[2010/08/31 09:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 19:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 19:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 19:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2004/08/11 19:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/10/27 13:58:42 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2004/08/11 19:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/01/18 11:39:44 | 000,006,387 | RH-- | M] () -- C:\dell.sdr
[2009/09/11 17:16:42 | 000,020,716 | ---- | M] () -- C:\eula.1028.txt
[2009/09/11 17:16:42 | 000,020,716 | ---- | M] () -- C:\eula.1031.txt
[2009/09/11 17:16:42 | 000,020,716 | ---- | M] () -- C:\eula.1033.txt
[2009/09/11 17:16:42 | 000,020,716 | ---- | M] () -- C:\eula.1036.txt
[2009/09/11 17:16:42 | 000,020,716 | ---- | M] () -- C:\eula.1040.txt
[2009/09/11 17:16:42 | 000,009,558 | ---- | M] () -- C:\eula.1041.txt
[2009/09/11 17:16:42 | 000,020,716 | ---- | M] () -- C:\eula.1042.txt
[2009/09/11 17:16:42 | 000,020,716 | ---- | M] () -- C:\eula.1049.txt
[2009/09/11 17:16:42 | 000,020,716 | ---- | M] () -- C:\eula.2052.txt
[2009/09/11 17:16:42 | 000,020,716 | ---- | M] () -- C:\eula.3082.txt
[2009/09/11 17:16:42 | 000,000,586 | ---- | M] () -- C:\globdata.ini
[2010/11/05 11:22:10 | 2145,296,384 | -HS- | M] () -- C:\hiberfil.sys
[2008/01/24 14:11:34 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2009/09/11 17:22:34 | 000,592,208 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2009/09/11 17:16:42 | 000,000,659 | ---- | M] () -- C:\install.ini
[2009/09/11 17:22:40 | 000,032,096 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2009/09/11 17:22:40 | 000,053,072 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2009/09/11 17:22:36 | 000,047,456 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2009/09/11 17:22:38 | 000,053,600 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2009/09/11 17:22:38 | 000,052,064 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2009/09/11 17:22:36 | 000,037,728 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2009/09/11 17:22:36 | 000,036,192 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2009/09/11 17:22:40 | 000,049,488 | ---- | M] (Корпорация Майкрософт) -- C:\install.res.1049.dll
[2009/09/11 17:22:40 | 000,031,584 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2009/09/11 17:22:38 | 000,052,576 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2004/08/11 19:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2007/01/18 11:56:13 | 000,001,208 | -H-- | M] () -- C:\IPH.PH
[2008/11/13 09:04:17 | 000,268,825 | ---- | M] () -- C:\log
[2004/08/11 19:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/22 09:08:11 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/05 11:22:08 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008/02/15 18:07:47 | 000,098,304 | ---- | M] () -- C:\xmpie.mdb
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2009/07/09 18:54:52 | 000,281,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpcpp091.dll
[2009/04/30 10:34:34 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpcpp6dn.DLL
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\TWEAKUI.CPL:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\FdfTk.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\FdfAcX.dll:AFP_AfpInfo
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Attached Files

  • Attached File  ark.txt   5.41KB   1 downloads

Edited by etavares, 10 November 2010 - 06:55 PM.


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:24 AM

Posted 05 November 2010 - 06:08 PM

Hello, thomaus.

OK, first a warning. This appears to be a corporate computer. I'm happy to work with you, but I can't speak if we are violating any work policies or procedures so you are taking responsibility for that. If you want to turn it over to IT to work with, that's fine with me. If not, please continue with the steps below.



Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 2

Scan With RKUnHooker

  • Please Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"




Step 3

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 thomaus

thomaus
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 08 November 2010 - 12:52 PM

I can't get the download link for Rootkit Unhooker to work.
Is the version here okay to use?
http://www.antirootkit.com/software/RootKit-Unhooker.htm
RkU3.7.300.509.exe

And the corporate computer thing is fine. The computer is one at the small printing company that I work at. I'm what's know as the Mac guy. But I help with the PCs, too. The Windows IT guy would just rebuild the machine. I'm trying to salvage it.

#6 thomaus

thomaus
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 08 November 2010 - 02:02 PM

Here are the three logs:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5075

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/08/2010 1:13:44 PM
mbam-log-2010-11-08 (13-13-44).txt

Scan type: Quick scan
Objects scanned: 215199
Time elapsed: 9 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\pdoodnauth\Local Settings\Temporary Internet Files\Content.IE5\VJ88WVSK\video[1].exe (Rogue.Antivirus.Action) -> No action taken.
_________________________________________________


RkUnhooker report generator v0.7
==============================================
Rootkit Unhooker kernel version: 3.7.300.509
==============================================
Windows Major Version: 5
Windows Minor Version: 1
Windows Build Number: 2600
==============================================
>Drivers
Driver: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xAD717000
Size: 6856704 bytes

Driver: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF012000
Size: 5783552 bytes

Driver: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000
Size: 2150400 bytes

Driver: PnpManager
Address: 0x804D7000
Size: 2150400 bytes

Driver: RAW
Address: 0x804D7000
Size: 2150400 bytes

Driver: WMIxWDM
Address: 0x804D7000
Size: 2150400 bytes

Driver: Win32k
Address: 0xBF800000
Size: 1855488 bytes

Driver: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000
Size: 1855488 bytes

Driver: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101108.002\navex15.sys
Address: 0xA938C000
Size: 1368064 bytes

Driver: C:\WINDOWS\system32\drivers\sthda.sys
Address: 0xAAED5000
Size: 1114112 bytes

Driver: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xAA9BC000
Size: 749568 bytes

Driver: iaStor.sys
Address: 0xB9E6C000
Size: 749568 bytes

Driver: C:\WINDOWS\system32\drivers\hardlock.sys
Address: 0xAA412000
Size: 688128 bytes

Driver: Ntfs.sys
Address: 0xB9D6D000
Size: 577536 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xAAAEE000
Size: 458752 bytes

Driver: C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Address: 0xAAA90000
Size: 385024 bytes

Driver: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xAD5A5000
Size: 385024 bytes

Driver: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xAAC32000
Size: 364544 bytes

Driver: C:\Program Files\Symantec AntiVirus\savrt.sys
Address: 0xAAE59000
Size: 360448 bytes

Driver: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xAA1DE000
Size: 360448 bytes

Driver: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000
Size: 286720 bytes

Driver: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA9337000
Size: 266240 bytes

Driver: C:\WINDOWS\system32\DRIVERS\e1e5132.sys
Address: 0xAD6CA000
Size: 233472 bytes

Driver: C:\WINDOWS\System32\Drivers\SYMTDI.SYS
Address: 0xAABF9000
Size: 233472 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xAD603000
Size: 196608 bytes

Driver: ACPI.sys
Address: 0xB9F79000
Size: 188416 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xAA5D2000
Size: 184320 bytes

Driver: NDIS.sys
Address: 0xB9D40000
Size: 184320 bytes

Driver: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA80D8000
Size: 176128 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xAAB5E000
Size: 176128 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xAD67E000
Size: 163840 bytes

Driver: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xAABAB000
Size: 163840 bytes

Driver: dmio.sys
Address: 0xB9F23000
Size: 155648 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xAABD3000
Size: 155648 bytes

Driver: C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
Address: 0xAAE34000
Size: 151552 bytes

Driver: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xAA3C6000
Size: 147456 bytes

Driver: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xAAEB1000
Size: 147456 bytes

Driver: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xAD6A6000
Size: 147456 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xAD65B000
Size: 143360 bytes

Driver: C:\WINDOWS\System32\Drivers\RDPWD.SYS
Address: 0xA9BCF000
Size: 143360 bytes

Driver: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xAAB89000
Size: 139264 bytes

Driver: ACPI_HAL
Address: 0x806E4000
Size: 134400 bytes

Driver: C:\WINDOWS\system32\hal.dll
Address: 0x806E4000
Size: 134400 bytes

Driver: fltmgr.sys
Address: 0xB9E4C000
Size: 131072 bytes

Driver: ftdisk.sys
Address: 0xB9F49000
Size: 126976 bytes

Driver: C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Address: 0xAAA73000
Size: 118784 bytes

Driver: Mup.sys
Address: 0xB9D26000
Size: 106496 bytes

Driver: C:\WINDOWS\System32\DLA\DLAUDFAM.SYS
Address: 0xAA72D000
Size: 98304 bytes

Driver: KSecDD.sys
Address: 0xB9E0D000
Size: 94208 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xAD644000
Size: 94208 bytes

Driver: C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
Address: 0xAA745000
Size: 90112 bytes

Driver: C:\WINDOWS\System32\DLA\DLAUDF_M.SYS
Address: 0xAA717000
Size: 90112 bytes

Driver: DRVMCDB.SYS
Address: 0xB9E24000
Size: 90112 bytes

Driver: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA9690000
Size: 86016 bytes

Driver: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101108.002\naveng.sys
Address: 0xA9378000
Size: 81920 bytes

Driver: C:\Program Files\Symantec AntiVirus\Savrtpel.sys
Address: 0xAAE20000
Size: 81920 bytes

Driver: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xAD703000
Size: 81920 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xAAC8B000
Size: 77824 bytes

Driver: WudfPf.sys
Address: 0xB9DFA000
Size: 77824 bytes

Driver: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000
Size: 73728 bytes

Driver: sr.sys
Address: 0xB9E3A000
Size: 73728 bytes

Driver: pci.sys
Address: 0xB9F68000
Size: 69632 bytes

Driver: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xAD633000
Size: 69632 bytes

Driver: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xB04FB000
Size: 65536 bytes

Driver: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xB8EF3000
Size: 65536 bytes

Driver: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xB8E63000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xB8EE3000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA9835000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xB8E83000
Size: 61440 bytes

Driver: adqralfw.sys
Address: 0xBA0A8000
Size: 57344 bytes

Driver: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA0F8000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xB8ED3000
Size: 53248 bytes

Driver: VolSnap.sys
Address: 0xBA0D8000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xB8EB3000
Size: 49152 bytes

Driver: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xB04EB000
Size: 45056 bytes

Driver: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xB925C000
Size: 45056 bytes

Driver: MountMgr.sys
Address: 0xBA0C8000
Size: 45056 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xB8EC3000
Size: 45056 bytes

Driver: C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
Address: 0xB095D000
Size: 40960 bytes

Driver: isapnp.sys
Address: 0xBA0B8000
Size: 40960 bytes

Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xB8E73000
Size: 40960 bytes

Driver: C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
Address: 0xA95F2000
Size: 40960 bytes

Driver: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xB8E93000
Size: 40960 bytes

Driver: disk.sys
Address: 0xBA0E8000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xB092D000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xB926C000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xB8EA3000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xB048B000
Size: 36864 bytes

Driver: PxHelp20.sys
Address: 0xBA108000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xBA298000
Size: 36864 bytes

Driver: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xBA400000
Size: 32768 bytes

Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xBA498000
Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xBA3F8000
Size: 32768 bytes

Driver: C:\WINDOWS\System32\DLA\DLABOIOM.SYS
Address: 0xBA378000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xB010E000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\RimSerial.sys
Address: 0xBA420000
Size: 28672 bytes

Driver: C:\WINDOWS\System32\Drivers\DLARTL_N.SYS
Address: 0xBA460000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBA428000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBA430000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\Drivers\rkhdrv40.SYS
Address: 0xBA3A0000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\Drivers\TDTCP.SYS
Address: 0xB7C70000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xBA3F0000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xB7C90000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xB00EE000
Size: 20480 bytes

Driver: PartMgr.sys
Address: 0xBA328000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBA410000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBA418000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xBA408000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\watchdog.sys
Address: 0xB00F6000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\drivers\aw_host5.sys
Address: 0xB81BA000
Size: 16384 bytes

Driver: C:\WINDOWS\System32\DLA\DLAOPIOM.SYS
Address: 0xB3F6E000
Size: 16384 bytes

Driver: Gernuwa.sys
Address: 0xBA4BC000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xB6F4B000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xB819A000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xAA6FF000
Size: 16384 bytes

Driver: C:\WINDOWS\System32\Drivers\awlegacy.sys
Address: 0xB9CE9000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBA4B8000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xBA570000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xB6F4F000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xB7E77000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xB6F47000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xB81B6000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xB924C000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\drivers\awechomd.sys
Address: 0xBA5C4000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xBA662000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
Address: 0xBA5EA000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\DLA\DLAPoolM.SYS
Address: 0xBA65A000
Size: 8192 bytes

Driver: dmload.sys
Address: 0xBA5AC000
Size: 8192 bytes

Driver: C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
Address: 0xB503F000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBA652000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBA5A8000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBA5D0000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBA5D2000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\RootMdm.sys
Address: 0xBA5EC000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBA5EE000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xBA5F0000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xBA5AA000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBA686000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\DLA\DLADResN.SYS
Address: 0xB0177000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xBA688000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBA766000
Size: 4096 bytes

==============================================
>Stealth

______________________________________

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0304550c

Kernel Drivers (total 136):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xBA0A8000 adqralfw.sys
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0B8000 isapnp.sys
0xBA0C8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA328000 PartMgr.sys
0xBA0D8000 VolSnap.sys
0xB9E6C000 iaStor.sys
0xBA0E8000 disk.sys
0xBA0F8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E4C000 fltmgr.sys
0xB9E3A000 sr.sys
0xB9E24000 DRVMCDB.SYS
0xBA108000 PxHelp20.sys
0xB9E0D000 KSecDD.sys
0xB9DFA000 WudfPf.sys
0xB9D6D000 Ntfs.sys
0xB9D40000 NDIS.sys
0xBA4BC000 Gernuwa.sys
0xB9D26000 Mup.sys
0xB926C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xAD717000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xAD703000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB81BA000 \SystemRoot\system32\drivers\aw_host5.sys
0xAD6CA000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xAD6A6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3F8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xAD67E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB925C000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA5EA000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xB8EF3000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8EE3000 \SystemRoot\system32\DRIVERS\redbook.sys
0xAD65B000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA686000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA5EC000 \SystemRoot\System32\Drivers\RootMdm.sys
0xBA400000 \SystemRoot\System32\Drivers\Modem.SYS
0xB8ED3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB81B6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xAD644000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB8EC3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB8EB3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA408000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xAD633000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8EA3000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA410000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA418000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA420000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xAD603000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8E93000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA428000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA430000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5EE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xAD5A5000 \SystemRoot\system32\DRIVERS\update.sys
0xB819A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8E83000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5F0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB8E73000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAAED5000 \SystemRoot\system32\drivers\sthda.sys
0xAAEB1000 \SystemRoot\system32\drivers\portcls.sys
0xB8E63000 \SystemRoot\system32\drivers\drmk.sys
0xB7E77000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xAAE59000 \??\C:\Program Files\Symantec AntiVirus\savrt.sys
0xAAE34000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xAAE20000 \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
0xB6F4F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB092D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB010E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB6F4B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB6F47000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA652000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA766000 \SystemRoot\System32\Drivers\Null.SYS
0xBA662000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA460000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xB7C90000 \SystemRoot\System32\drivers\vga.sys
0xBA5C4000 \SystemRoot\system32\drivers\awechomd.sys
0xB9CE9000 \SystemRoot\System32\Drivers\awlegacy.sys
0xBA5D0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5D2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB00EE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA498000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB924C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAAC8B000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAAC32000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAABF9000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xAABD3000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA298000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAABAB000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAAB89000 \SystemRoot\System32\drivers\afd.sys
0xB048B000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAAB5E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAAAEE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB04EB000 \SystemRoot\System32\Drivers\Fips.SYS
0xAAA90000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xAAA73000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xB04FB000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAA9BC000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA570000 \SystemRoot\System32\drivers\Dxapi.sys
0xB00F6000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA688000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xB095D000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xB0177000 \SystemRoot\System32\DLA\DLADResN.SYS
0xAA745000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xB3F6E000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xBA65A000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xBA378000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xAA72D000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xAA717000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAA6FF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAA5D2000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAA412000 \??\C:\WINDOWS\system32\drivers\hardlock.sys
0xAA3C6000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xAA1DE000 \SystemRoot\system32\DRIVERS\srv.sys
0xB7C70000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xA9BCF000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA9690000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9835000 \SystemRoot\system32\drivers\sysaudio.sys
0xA938C000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101108.002\navex15.sys
0xA9378000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101108.002\naveng.sys
0xA9337000 \SystemRoot\System32\Drivers\HTTP.sys
0xA95F2000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xB503F000 \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
0xBA3A0000 \SystemRoot\System32\Drivers\rkhdrv40.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 60):
0 System Idle Process
4 System
1104 C:\WINDOWS\system32\smss.exe
1152 csrss.exe
1176 C:\WINDOWS\system32\winlogon.exe
1220 C:\WINDOWS\system32\services.exe
1232 C:\WINDOWS\system32\lsass.exe
1420 C:\WINDOWS\system32\svchost.exe
1488 svchost.exe
1584 C:\Program Files\Windows Defender\MsMpEng.exe
1624 C:\WINDOWS\system32\svchost.exe
1664 C:\WINDOWS\system32\svchost.exe
1828 svchost.exe
1896 svchost.exe
1952 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
1992 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
304 C:\WINDOWS\system32\spoolsv.exe
444 svchost.exe
508 C:\Program Files\Symantec\pcAnywhere\awhost32.exe
568 C:\Program Files\Symantec AntiVirus\DefWatch.exe
612 C:\Program Files\Executive Software\Diskeeper\DkService.exe
832 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
860 C:\WINDOWS\system32\inetsrv\inetinfo.exe
1008 C:\Program Files\Java\jre6\bin\jqs.exe
1124 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1568 sqlservr.exe
1720 C:\WINDOWS\system32\svchost.exe
1880 C:\WINDOWS\system32\nvsvc32.exe
1916 C:\WINDOWS\system32\svchost.exe
364 C:\Program Files\Symantec AntiVirus\SavRoam.exe
856 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
1532 sqlbrowser.exe
1652 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
1840 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
2116 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2272 C:\Program Files\VisualCron\VisualCronService.exe
2508 C:\WINDOWS\system32\searchindexer.exe
3280 alg.exe
1224 C:\WINDOWS\explorer.exe
3152 C:\WINDOWS\stsystra.exe
3164 C:\WINDOWS\system32\wuauclt.exe
3196 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3228 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
3556 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
3824 C:\Program Files\QuickTime\QTTask.exe
4016 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
1576 C:\Program Files\Windows Defender\MSASCui.exe
3916 C:\Program Files\VisualCron\VCTray.exe
356 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
1680 C:\PROGRA~1\SYMANT~1\VPTray.exe
2604 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2488 C:\WINDOWS\system32\ctfmon.exe
3584 C:\Program Files\Dell Support\DSAgnt.exe
2956 C:\KatMouse\KatMouse.exe
2484 C:\WINDOWS\system32\taskmgr.exe
712 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
2712 C:\Program Files\WinZip\WZQKPICK.EXE
2588 rku37300509.exe
5316 MpCmdRun.exe
3524 C:\bleepingcomputer\nov8\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)

PhysicalDrive0 Model Number: ST3160812AS, Rev: 3.ADJ

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E


Done!

#7 thomaus

thomaus
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 08 November 2010 - 02:08 PM

That Mbam log must have been before the reboot.

Here is what the log currently shows:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5075

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/08/2010 1:14:15 PM
mbam-log-2010-11-08 (13-14-15).txt

Scan type: Quick scan
Objects scanned: 215199
Time elapsed: 9 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\pdoodnauth\Local Settings\Temporary Internet Files\Content.IE5\VJ88WVSK\video[1].exe (Rogue.Antivirus.Action) -> Quarantined and deleted successfully.

#8 thomaus

thomaus
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 08 November 2010 - 02:40 PM

The problems that were happening for the user appear to have gone away. Is it fixed?

#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:24 AM

Posted 08 November 2010 - 07:18 PM

Hello, thomaus.

It may be gone. Let's get a second opinion.



Step 1

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.



Step 2

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O12 - Plugin for: .acu - Reg Error: Value error. File not found
    O16 - DPF: {3269A168-A467-4236-9D77-FF36D8DFB20F} https://bis.na.blackberry.com/html/web/client_tools/RIM-PwpClient.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\TWEAKUI.CPL:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\FdfTk.dll:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\FdfAcX.dll:AFP_AfpInfo
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    :Commands
    [EmptyTemp]
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 3

Please go to the Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Note: Kaspersky online scan may take time to complete, please be patient.



Step 4

Download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
  • Copy and Paste the content of the following codebox into the main textfield under "File":
    :filefind
    csc.exe
    
  • Please Confirm everything is copied and Pasted as I have provided above
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.


Note: The log can also be found on your Desktop entitled SystemLook.txt
2nd Note: The scan may take a while from several seconds to a minute or more depending on the number of files you have and how fast your computer can perform the task


etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 thomaus

thomaus
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 09 November 2010 - 06:33 PM

I did a couple things late yesterday. I removed the Symantec Antivirus client, and Windows Defender. Then I installed MSE. (I turned off MSE during the Kaspersky scan.) Also, there was a broken installation of Blackberry desktop software that took a bit of installing/removing/registry work to make go away. Sorry if this messes anything up. The Symantec client dogs the machine and doesn't appear to protect. Our IT guy has installed MSE on some PCs here, so I want to leave the machine with something he's familiar with. But if you recommend a different software for protection, I'm all ears.

And I deleted a couple user folders that shouldn't have been on the machine anymore. Dans and pschalkwyk. I also ran a disk optimization.

Here are the logs:
All processes killed
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.> in the current context!
Error: Unable to interpret <O12 - Plugin for: .acu - Reg Error: Value error. File not found> in the current context!
Error: Unable to interpret <O16 - DPF: {3269A168-A467-4236-9D77-FF36D8DFB20F} https://bis.na.blackberry.com/html/web/client_tools/RIM-PwpClient.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\TWEAKUI.CPL:AFP_AfpInfo> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\FdfTk.dll:AFP_AfpInfo> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\FdfAcX.dll:AFP_AfpInfo> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 789 bytes

User: administrator.NTDOMAIN
->Temp folder emptied: 585 bytes
->Temporary Internet Files folder emptied: 16071020 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: dans
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 3399836 bytes
->Flash cache emptied: 3956 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: digital
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 59101 bytes

User: docutech
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 80296 bytes
->Java cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 344358 bytes

User: NetworkService
->Temp folder emptied: 1476516 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: pdoodnauth
->Temp folder emptied: 67202 bytes
->Temporary Internet Files folder emptied: 999672825 bytes
->Java cache emptied: 48624446 bytes
->Flash cache emptied: 17294 bytes

User: pschalkwyk
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 56134 bytes
->Java cache emptied: 0 bytes

%systemdrive% .tmp files removed: 1911 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 252338412 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 53926688 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,313.00 mb


OTL by OldTimer - Version 3.2.17.2 log created on 11092010_094656

Files\Folders moved on Reboot...
C:\Documents and Settings\dans\Local Settings\Temp\JET35CE.tmp moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_4a8.dat not found!

Registry entries deleted on Reboot...

=========================================================================================================
=========================================================================================================

OTL logfile created on: 11/09/2010 9:54:16 AM - Run 3
OTL by OldTimer - Version 3.2.17.2 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: MM/dd/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.62 Gb Total Space | 113.04 Gb Free Space | 77.62% Space Free | Partition Type: NTFS
Drive E: | 3.87 Gb Total Space | 0.95 Gb Free Space | 24.57% Space Free | Partition Type: FAT32
Drive I: | 1150.98 Gb Total Space | 481.82 Gb Free Space | 41.86% Space Free | Partition Type: NTFS
Drive K: | 1150.98 Gb Total Space | 481.82 Gb Free Space | 41.86% Space Free | Partition Type: NTFS
Drive M: | 34.25 Gb Total Space | 29.63 Gb Free Space | 86.51% Space Free | Partition Type: NTFS
Drive O: | 34.25 Gb Total Space | 29.63 Gb Free Space | 86.51% Space Free | Partition Type: NTFS
Drive S: | 1150.98 Gb Total Space | 481.82 Gb Free Space | 41.86% Space Free | Partition Type: NTFS

Computer Name: MIS-DANS | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/04 19:23:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/05/20 12:09:56 | 000,215,304 | ---- | M] (neteject.com) -- C:\Program Files\VisualCron\VCTray.exe
PRC - [2010/05/20 12:09:40 | 001,912,072 | ---- | M] (neteject.com) -- C:\Program Files\VisualCron\VisualCronService.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/13 23:04:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/01 09:00:00 | 000,122,880 | ---- | M] (WinZip Computing LP) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2006/08/28 22:57:12 | 000,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/07/24 11:20:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 08:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 08:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2005/09/24 03:54:15 | 000,050,176 | ---- | M] () -- C:\KatMouse\KatMouse.exe
PRC - [2005/09/08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/26 17:51:22 | 000,606,316 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe
PRC - [2004/11/01 11:50:00 | 000,106,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe
PRC - [2004/07/27 17:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/11/04 19:23:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2005/09/24 03:52:47 | 000,035,328 | ---- | M] () -- C:\KatMouse\KatMouseS.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/05/20 12:09:40 | 001,912,072 | ---- | M] (neteject.com) [Auto | Running] -- C:\Program Files\VisualCron\VisualCronService.exe -- (VisualCron)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/09/12 17:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/07/06 08:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2005/07/26 17:51:22 | 000,606,316 | ---- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2004/11/01 11:50:00 | 000,106,496 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\cmcantirootkit.sys -- (CMC AntiRootkit Service)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/17 07:07:00 | 006,853,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/07/24 11:20:00 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/07/19 16:42:16 | 000,230,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/07/06 07:59:42 | 000,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2006/06/05 04:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/05/07 06:30:00 | 000,033,504 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/07/28 07:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005/07/20 18:08:28 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2005/07/20 18:08:26 | 000,327,808 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2004/03/05 12:52:22 | 000,008,368 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\awechomd.sys -- (awecho)
DRV - [2003/10/23 10:32:20 | 000,016,984 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AW_HOST5.sys -- (AW_HOST)
DRV - [2003/04/21 13:00:32 | 000,013,898 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GERNUWA.sys -- (Gernuwa)
DRV - [2003/01/10 15:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070118
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070118


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070118
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070118
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070118
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070118
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1200164097-1760575143-10498456-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070118
IE - HKU\S-1-5-21-1200164097-1760575143-10498456-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca/hws/sb/dell-row-rel/en/side.html?channel=ca
IE - HKU\S-1-5-21-1200164097-1760575143-10498456-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070118
IE - HKU\S-1-5-21-1200164097-1760575143-10498456-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2008/10/27 17:07:05 | 000,000,901 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 172.21.3.2 Docutech-2
O1 - Hosts: 172.21.3.3 Docucolour-6060
O1 - Hosts: 172.21.3.7 NV-340
O1 - Hosts: 172.21.3.8 iGen
O1 - Hosts: 172.21.3.8 iGen-271
O1 - Hosts: XXX172.21.1.68 companywebsite1.com
O1 - Hosts: XXX172.21.1.68 companywebsite2.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\alot.dll (Vertro)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
O3 - HKU\S-1-5-21-1200164097-1760575143-10498456-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Executive Software\Diskeeper\DkIcon.exe (Executive Software International, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Tweak UI] C:\WINDOWS\System32\TWEAKUI.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [VisualCron Tray ClientV5] C:\Program Files\VisualCron\VCTray.exe (neteject.com)
O4 - HKU\S-1-5-21-1200164097-1760575143-10498456-500..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1200164097-1760575143-10498456-500..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - Startup: C:\Documents and Settings\administrator.NTDOMAIN\Start Menu\Programs\Startup\del_temp.bat ()
O4 - Startup: C:\Documents and Settings\administrator.NTDOMAIN\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to KatMouse.exe.lnk = C:\KatMouse\KatMouse.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O4 - Startup: C:\Documents and Settings\dans\Start Menu\Programs\Startup\del_temp.bat ()
O4 - Startup: C:\Documents and Settings\pdoodnauth\Start Menu\Programs\Startup\del_temp.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1200164097-1760575143-10498456-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O12 - Plugin for: .acu - Reg Error: Value error. File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169652058425 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169653830965 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://xmpie.webex.com/client/T26L/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ntdomain.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/01/26 14:15:49 | 000,000,000 | ---D | M] - C:\Autograph Ebooks 9.4 -- [ NTFS ]
O33 - MountPoints2\##Mis688#DVD\Shell - "" = AutoRun
O33 - MountPoints2\##Mis688#DVD\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##Mis688#DVD\Shell\AutoRun\command - "" = Z:\Autoplay.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/09 09:46:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/09 09:46:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/09 09:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/08 16:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/11/08 16:15:24 | 000,104,144 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/11/08 16:15:23 | 000,083,168 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/11/08 15:13:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/08 14:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/11/08 12:58:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.NTDOMAIN\Application Data\Malwarebytes
[2010/11/08 12:58:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/08 12:58:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/08 12:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/08 12:58:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/03 10:12:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\administrator.NTDOMAIN\Recent
[2010/11/03 10:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.NTDOMAIN\Application Data\Xerox
[2010/10/27 00:33:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/10/26 12:22:01 | 000,000,000 | ---D | C] -- C:\bleepingcomputer
[2010/10/26 00:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.NTDOMAIN\Local Settings\Application Data\PCHealth
[2010/10/12 19:52:46 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/12 19:52:46 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/12 19:52:41 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2007/01/25 09:19:49 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL

========== Files - Modified Within 30 Days ==========

[2010/11/09 09:53:47 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/09 09:49:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/09 09:49:13 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/09 09:48:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TempFile
[2010/11/09 09:48:37 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\listjobs.job
[2010/11/09 09:48:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/09 09:48:30 | 2145,296,384 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/09 09:45:28 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\administrator.NTDOMAIN\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/09 09:10:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/08 16:40:52 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/11/08 16:15:22 | 000,104,144 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/11/08 16:15:22 | 000,083,168 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/11/08 15:19:53 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/11/08 13:20:43 | 000,624,154 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/08 13:20:43 | 000,132,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/08 12:58:24 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/03 13:17:18 | 003,166,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/03 10:26:32 | 000,000,105 | ---- | M] () -- C:\Documents and Settings\administrator.NTDOMAIN\xdo1632s.ini
[2010/10/25 15:03:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\administrator.NTDOMAIN\defogger_reenable
[2010/10/25 08:25:23 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/22 17:30:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (MIS-DANS-dsideen).job
[2010/10/21 10:57:51 | 000,005,204 | ---- | M] () -- C:\WINDOWS\XDOCSUB.INI
[2010/10/20 21:35:01 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/19 15:51:33 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/10/18 09:02:23 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VisualCron 5.lnk
[2010/10/13 08:53:56 | 000,002,331 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EFI-PSI v12.lnk

========== Files Created - No Company Name ==========

[2010/11/09 09:45:28 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\administrator.NTDOMAIN\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/08 16:46:38 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/08 16:40:52 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/11/08 15:14:48 | 047,735,320 | ---- | C] () -- C:\Documents and Settings\administrator.NTDOMAIN\Desktop\BlackBerry_Desktop_Software_v4.2_Service_Pack_1__(English).exe
[2010/11/08 12:58:24 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/03 09:03:02 | 2145,296,384 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/25 15:03:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\administrator.NTDOMAIN\defogger_reenable
[2010/10/25 08:25:23 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/07 12:47:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2009/05/08 09:30:43 | 000,000,014 | ---- | C] () -- C:\WINDOWS\hpmssnpjt.ini
[2008/12/02 09:14:42 | 000,005,204 | ---- | C] () -- C:\WINDOWS\XDOCSUB.INI
[2008/12/02 09:14:06 | 000,147,616 | ---- | C] () -- C:\WINDOWS\System32\nwcalls.dll
[2008/12/02 09:14:06 | 000,124,416 | ---- | C] () -- C:\WINDOWS\System32\tbpro1w.dll
[2008/12/02 09:14:06 | 000,107,920 | ---- | C] () -- C:\WINDOWS\System32\tbpro2w.dll
[2008/12/02 09:14:06 | 000,070,112 | ---- | C] () -- C:\WINDOWS\System32\tbpro5w.dll
[2008/07/30 15:19:43 | 000,000,851 | ---- | C] () -- C:\WINDOWS\OEPIKFRM.INI
[2008/07/21 10:17:52 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\ExportModeller.dll
[2008/07/21 10:17:52 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\Crtslv.dll
[2008/07/21 10:17:52 | 000,001,140 | ---- | C] () -- C:\WINDOWS\FpwU.INI.PROG
[2008/06/25 18:36:54 | 000,009,945 | -H-- | C] () -- C:\Documents and Settings\administrator.NTDOMAIN\Application Data\pp7eskf
[2008/04/12 14:28:40 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/04/12 14:28:40 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/04/12 14:28:21 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/04/12 14:28:21 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/04/12 14:28:20 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/03/03 11:08:35 | 000,214,512 | ---- | C] () -- C:\WINDOWS\System32\pluginhostctrl.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/05/03 07:51:32 | 000,048,210 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02030.dtd
[2007/05/03 07:51:32 | 000,046,977 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02025.dtd
[2007/05/03 07:51:32 | 000,046,891 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02024.dtd
[2007/05/03 07:51:32 | 000,042,018 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02023.dtd
[2007/05/03 07:51:31 | 000,041,788 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02022.dtd
[2007/05/03 07:51:31 | 000,041,363 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02021.dtd
[2007/05/03 07:51:31 | 000,040,636 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02020.dtd
[2007/05/03 07:51:31 | 000,038,307 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02010.dtd
[2007/05/03 07:51:31 | 000,036,381 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02012.dtd
[2007/05/03 07:51:31 | 000,035,275 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v2000.dtd
[2007/04/10 12:58:17 | 000,001,344 | ---- | C] () -- C:\WINDOWS\System32\odbcinst.ini
[2007/02/12 08:40:01 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\142FB99305.sys
[2007/02/12 08:40:00 | 000,003,764 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/02/07 18:13:21 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007/01/25 10:19:31 | 000,048,586 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02030a.dtd
[2007/01/25 09:21:19 | 000,000,065 | ---- | C] () -- C:\WINDOWS\CtlSwtch.ini
[2007/01/25 09:19:50 | 000,001,125 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2007/01/25 09:19:50 | 000,000,835 | ---- | C] () -- C:\WINDOWS\MACOLA7.INI
[2007/01/25 09:19:50 | 000,000,676 | ---- | C] () -- C:\WINDOWS\VTOOLS.INI
[2007/01/25 09:19:49 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\WBTRVC32.DLL
[2007/01/25 09:19:47 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\EVTRN13.DLL
[2007/01/24 17:39:46 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\CWVBSYNC.DLL
[2007/01/24 17:31:21 | 000,000,126 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/01/24 16:18:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/01/24 10:08:36 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/01/18 11:07:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/18 11:01:40 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/01/18 10:58:05 | 000,003,206 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/18 10:36:15 | 000,000,493 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/21 16:57:36 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2005/12/21 16:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2005/12/21 16:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2005/11/10 02:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:07:24 | 000,005,332 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/01/08 08:28:00 | 000,121,344 | ---- | C] () -- C:\WINDOWS\System32\mcw32.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/10/26 03:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\CRInf9.dll
[1999/03/12 03:00:00 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\Crutl14.dll
[1999/03/12 03:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Crsybdtc14.dll
[1996/11/17 00:37:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\TWEAKUI.CPL:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\FdfTk.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\FdfAcX.dll:AFP_AfpInfo
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

=========================================================================================================
=========================================================================================================

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, November 9, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, November 09, 2010 10:34:25
Records in database: 4243138
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
I:\
K:\
M:\
O:\
S:\
Y:\
Z:\

Scan statistics:
Objects scanned: 195494
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 05:21:18


File name / Threat / Threats count
C:\Documents and Settings\pdoodnauth\Desktop\2010_xerox_printer info\INFO\PopularScreensaversSetup2.3.50.19.ZRfox000.exe Infected: not-a-virus:WebToolbar.Win32.Agent.g 1

Scanning stopped by the user.
[[[[NOTE: When Kaspersky started scanning the network drives, I stopped it. It ran for hours just doing C: and a USB stick E:]]]]]]]

==================================================================================================================
==================================================================================================================

SystemLook 04.09.10 by jpshortstuff
Log created at 16:13 on 09/11/2010 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "csc.exe"
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe --a--c- 49152 bytes [17:23 15/07/2004] [17:23 15/07/2004] 99EB84256BFA43C3A2A32341EDB8189E
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe --a---- 80376 bytes [15:16 25/07/2008] [15:16 25/07/2008] 51301ACC5E5FDA65CFA1968395E5D951
C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe --a--c- 1548280 bytes [03:40 30/07/2008] [03:40 30/07/2008] 1952D4CE2D20E37ED9B7BF68AAB767A2
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\csc.exe --a---- 1972552 bytes [17:16 18/03/2010] [17:16 18/03/2010] EBD345E154827DBFC6A77E3F07F63835
C:\WINDOWS\ServicePackFiles\i386\csc.exe -----c- 49152 bytes [23:18 18/08/2008] [16:10 13/04/2008] 51C6A8FCAF5AF4DA9C02817DEE571922

-= EOF =-

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:24 AM

Posted 09 November 2010 - 07:32 PM

Hello, thomaus.

I had an error in that script. We'll have to rerun. I'm sorry about that.



Step 1

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O12 - Plugin for: .acu - Reg Error: Value error. File not found
    O16 - DPF: {3269A168-A467-4236-9D77-FF36D8DFB20F} https://bis.na.blackberry.com/html/web/client_tools/RIM-PwpClient.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\TWEAKUI.CPL:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\FdfTk.dll:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\FdfAcX.dll:AFP_AfpInfo
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 3

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\csc.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 thomaus

thomaus
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 09 November 2010 - 08:01 PM

The new OTL script didn't reboot. I got this after:

========== OTL ==========
Error: No service named RimUsb was found to stop!
Service\Driver key RimUsb not found.
File C:\WINDOWS\System32\Drivers\RimUsb.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\.acu\ deleted successfully.
Starting removal of ActiveX control {3269A168-A467-4236-9D77-FF36D8DFB20F}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3269A168-A467-4236-9D77-FF36D8DFB20F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3269A168-A467-4236-9D77-FF36D8DFB20F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3269A168-A467-4236-9D77-FF36D8DFB20F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3269A168-A467-4236-9D77-FF36D8DFB20F}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
ADS C:\WINDOWS\System32\TWEAKUI.CPL:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\FdfTk.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\FdfAcX.dll:AFP_AfpInfo deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.

OTL by OldTimer - Version 3.2.17.2 log created on 11092010_195513
==================================================================================================
The Run Scan is going, but I have to leave it for now. I'll send the other bits in the morning.

#13 thomaus

thomaus
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 10 November 2010 - 09:49 AM

OTL logfile created on: 11/09/2010 7:57:18 PM - Run 4
OTL by OldTimer - Version 3.2.17.2 Folder = C:\bleepingcomputer
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: MM/dd/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.62 Gb Total Space | 113.00 Gb Free Space | 77.60% Space Free | Partition Type: NTFS
Drive I: | 1150.98 Gb Total Space | 481.78 Gb Free Space | 41.86% Space Free | Partition Type: NTFS
Drive K: | 1150.98 Gb Total Space | 481.78 Gb Free Space | 41.86% Space Free | Partition Type: NTFS
Drive M: | 34.25 Gb Total Space | 29.63 Gb Free Space | 86.51% Space Free | Partition Type: NTFS
Drive O: | 34.25 Gb Total Space | 29.63 Gb Free Space | 86.51% Space Free | Partition Type: NTFS
Drive S: | 1150.98 Gb Total Space | 481.78 Gb Free Space | 41.86% Space Free | Partition Type: NTFS
Drive Z: | 313.15 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MIS-DANS | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/04 18:23:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\bleepingcomputer\OTL.exe
PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/05/20 12:09:56 | 000,215,304 | ---- | M] (neteject.com) -- C:\Program Files\VisualCron\VCTray.exe
PRC - [2010/05/20 12:09:40 | 001,912,072 | ---- | M] (neteject.com) -- C:\Program Files\VisualCron\VisualCronService.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/13 23:04:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/01 09:00:00 | 000,122,880 | ---- | M] (WinZip Computing LP) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2006/08/28 22:57:12 | 000,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/07/24 11:20:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 08:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 08:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2005/09/24 03:54:15 | 000,050,176 | ---- | M] () -- C:\KatMouse\KatMouse.exe
PRC - [2005/09/08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/26 17:51:22 | 000,606,316 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe
PRC - [2004/11/01 11:50:00 | 000,106,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe
PRC - [2004/07/27 17:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/11/04 18:23:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\bleepingcomputer\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/05/24 21:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
MOD - [2005/09/24 03:52:47 | 000,035,328 | ---- | M] () -- C:\KatMouse\KatMouseS.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/05/20 12:09:40 | 001,912,072 | ---- | M] (neteject.com) [Auto | Running] -- C:\Program Files\VisualCron\VisualCronService.exe -- (VisualCron)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/09/12 17:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/07/06 08:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2005/07/26 17:51:22 | 000,606,316 | ---- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2004/11/01 11:50:00 | 000,106,496 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\cmcantirootkit.sys -- (CMC AntiRootkit Service)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/17 07:07:00 | 006,853,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/07/24 11:20:00 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/07/19 16:42:16 | 000,230,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/07/06 07:59:42 | 000,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2006/06/05 04:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/05/07 06:30:00 | 000,033,504 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/07/28 07:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005/07/20 18:08:28 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2005/07/20 18:08:26 | 000,327,808 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2004/03/05 12:52:22 | 000,008,368 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\awechomd.sys -- (awecho)
DRV - [2003/10/23 10:32:20 | 000,016,984 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AW_HOST5.sys -- (AW_HOST)
DRV - [2003/04/21 13:00:32 | 000,013,898 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GERNUWA.sys -- (Gernuwa)
DRV - [2003/01/10 15:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070118
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070118


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070118
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070118
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070118
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070118
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1200164097-1760575143-10498456-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070118
IE - HKU\S-1-5-21-1200164097-1760575143-10498456-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca/hws/sb/dell-row-rel/en/side.html?channel=ca
IE - HKU\S-1-5-21-1200164097-1760575143-10498456-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070118
IE - HKU\S-1-5-21-1200164097-1760575143-10498456-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2008/10/27 17:07:05 | 000,000,901 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 172.21.3.2 Docutech-2
O1 - Hosts: 172.21.3.3 Docucolour-6060
O1 - Hosts: 172.21.3.7 NV-340
O1 - Hosts: 172.21.3.8 iGen
O1 - Hosts: 172.21.3.8 iGen-271
O1 - Hosts: XXX172.21.1.68 companywebsite.com
O1 - Hosts: XXX172.21.1.68 companywebsite2.com
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\alot.dll (Vertro)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
O3 - HKU\S-1-5-21-1200164097-1760575143-10498456-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Executive Software\Diskeeper\DkIcon.exe (Executive Software International, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Tweak UI] C:\WINDOWS\System32\TWEAKUI.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [VisualCron Tray ClientV5] C:\Program Files\VisualCron\VCTray.exe (neteject.com)
O4 - HKU\S-1-5-21-1200164097-1760575143-10498456-500..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1200164097-1760575143-10498456-500..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - Startup: C:\Documents and Settings\administrator.NTDOMAIN\Start Menu\Programs\Startup\del_temp.bat ()
O4 - Startup: C:\Documents and Settings\administrator.NTDOMAIN\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to KatMouse.exe.lnk = C:\KatMouse\KatMouse.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O4 - Startup: C:\Documents and Settings\pdoodnauth\Start Menu\Programs\Startup\del_temp.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1200164097-1760575143-10498456-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169652058425 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169653830965 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://xmpie.webex.com/client/T26L/webex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ntdomain.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/01/26 14:15:49 | 000,000,000 | ---D | M] - C:\Autograph Ebooks 9.4 -- [ NTFS ]
O32 - AutoRun File - [2000/11/08 13:01:49 | 000,000,100 | R--- | M] () - Z:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\##Mis688#DVD\Shell - "" = AutoRun
O33 - MountPoints2\##Mis688#DVD\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##Mis688#DVD\Shell\AutoRun\command - "" = Z:\Autoplay.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/09 09:46:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/09 09:46:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/09 09:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/08 16:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/11/08 16:15:24 | 000,104,144 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/11/08 16:15:23 | 000,083,168 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/11/08 15:13:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/08 14:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/11/08 12:58:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.NTDOMAIN\Application Data\Malwarebytes
[2010/11/08 12:58:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/08 12:58:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/08 12:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/08 12:58:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/03 10:12:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\administrator.NTDOMAIN\Recent
[2010/11/03 10:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.NTDOMAIN\Application Data\Xerox
[2010/10/27 00:33:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/10/26 12:22:01 | 000,000,000 | ---D | C] -- C:\bleepingcomputer
[2010/10/26 00:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator.NTDOMAIN\Local Settings\Application Data\PCHealth
[2010/10/12 19:52:46 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/12 19:52:46 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/12 19:52:41 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2007/01/25 09:19:49 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL

========== Files - Modified Within 30 Days ==========

[2010/11/09 19:10:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/09 09:49:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/09 09:49:13 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/09 09:48:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TempFile
[2010/11/09 09:48:37 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\listjobs.job
[2010/11/09 09:48:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/09 09:48:30 | 2145,296,384 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/09 09:45:28 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\administrator.NTDOMAIN\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/08 16:40:52 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/11/08 16:15:22 | 000,104,144 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/11/08 16:15:22 | 000,083,168 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/11/08 15:19:53 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/11/08 13:20:43 | 000,624,154 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/08 13:20:43 | 000,132,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/08 12:58:24 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/03 13:17:18 | 003,166,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/03 10:26:32 | 000,000,105 | ---- | M] () -- C:\Documents and Settings\administrator.NTDOMAIN\xdo1632s.ini
[2010/10/25 15:03:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\administrator.NTDOMAIN\defogger_reenable
[2010/10/25 08:25:23 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/22 17:30:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (MIS-DANS-dsideen).job
[2010/10/21 10:57:51 | 000,005,204 | ---- | M] () -- C:\WINDOWS\XDOCSUB.INI
[2010/10/20 21:35:01 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/19 15:51:33 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/10/18 09:02:23 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VisualCron 5.lnk
[2010/10/13 08:53:56 | 000,002,331 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EFI-PSI v12.lnk

========== Files Created - No Company Name ==========

[2010/11/09 09:45:28 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\administrator.NTDOMAIN\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/11/08 16:40:52 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/11/08 15:14:48 | 047,735,320 | ---- | C] () -- C:\Documents and Settings\administrator.NTDOMAIN\Desktop\BlackBerry_Desktop_Software_v4.2_Service_Pack_1__(English).exe
[2010/11/08 12:58:24 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/03 09:03:02 | 2145,296,384 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/25 15:03:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\administrator.NTDOMAIN\defogger_reenable
[2010/10/25 08:25:23 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/07 12:47:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2009/05/08 09:30:43 | 000,000,014 | ---- | C] () -- C:\WINDOWS\hpmssnpjt.ini
[2008/12/02 09:14:42 | 000,005,204 | ---- | C] () -- C:\WINDOWS\XDOCSUB.INI
[2008/12/02 09:14:06 | 000,147,616 | ---- | C] () -- C:\WINDOWS\System32\nwcalls.dll
[2008/12/02 09:14:06 | 000,124,416 | ---- | C] () -- C:\WINDOWS\System32\tbpro1w.dll
[2008/12/02 09:14:06 | 000,107,920 | ---- | C] () -- C:\WINDOWS\System32\tbpro2w.dll
[2008/12/02 09:14:06 | 000,070,112 | ---- | C] () -- C:\WINDOWS\System32\tbpro5w.dll
[2008/07/30 15:19:43 | 000,000,851 | ---- | C] () -- C:\WINDOWS\OEPIKFRM.INI
[2008/07/21 10:17:52 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\ExportModeller.dll
[2008/07/21 10:17:52 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\Crtslv.dll
[2008/07/21 10:17:52 | 000,001,140 | ---- | C] () -- C:\WINDOWS\FpwU.INI.PROG
[2008/06/25 18:36:54 | 000,009,945 | -H-- | C] () -- C:\Documents and Settings\administrator.NTDOMAIN\Application Data\pp7eskf
[2008/04/12 14:28:40 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/04/12 14:28:40 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/04/12 14:28:21 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/04/12 14:28:21 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/04/12 14:28:20 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/03/03 11:08:35 | 000,214,512 | ---- | C] () -- C:\WINDOWS\System32\pluginhostctrl.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/05/03 07:51:32 | 000,048,210 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02030.dtd
[2007/05/03 07:51:32 | 000,046,977 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02025.dtd
[2007/05/03 07:51:32 | 000,046,891 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02024.dtd
[2007/05/03 07:51:32 | 000,042,018 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02023.dtd
[2007/05/03 07:51:31 | 000,041,788 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02022.dtd
[2007/05/03 07:51:31 | 000,041,363 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02021.dtd
[2007/05/03 07:51:31 | 000,040,636 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02020.dtd
[2007/05/03 07:51:31 | 000,038,307 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02010.dtd
[2007/05/03 07:51:31 | 000,036,381 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02012.dtd
[2007/05/03 07:51:31 | 000,035,275 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v2000.dtd
[2007/04/10 12:58:17 | 000,001,344 | ---- | C] () -- C:\WINDOWS\System32\odbcinst.ini
[2007/02/12 08:40:01 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\142FB99305.sys
[2007/02/12 08:40:00 | 000,003,764 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/02/07 18:13:21 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007/01/25 10:19:31 | 000,048,586 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02030a.dtd
[2007/01/25 09:21:19 | 000,000,065 | ---- | C] () -- C:\WINDOWS\CtlSwtch.ini
[2007/01/25 09:19:50 | 000,001,125 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2007/01/25 09:19:50 | 000,000,835 | ---- | C] () -- C:\WINDOWS\MACOLA7.INI
[2007/01/25 09:19:50 | 000,000,676 | ---- | C] () -- C:\WINDOWS\VTOOLS.INI
[2007/01/25 09:19:49 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\WBTRVC32.DLL
[2007/01/25 09:19:47 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\EVTRN13.DLL
[2007/01/24 17:39:46 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\CWVBSYNC.DLL
[2007/01/24 17:31:21 | 000,000,126 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/01/24 16:18:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/01/24 10:08:36 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/01/18 11:07:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/18 11:01:40 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/01/18 10:58:05 | 000,003,206 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/18 10:36:15 | 000,000,493 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/21 16:57:36 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2005/12/21 16:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2005/12/21 16:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2005/11/10 02:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:07:24 | 000,005,332 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/01/08 08:28:00 | 000,121,344 | ---- | C] () -- C:\WINDOWS\System32\mcw32.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/10/26 03:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\CRInf9.dll
[1999/03/12 03:00:00 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\Crutl14.dll
[1999/03/12 03:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Crsybdtc14.dll
[1996/11/17 00:37:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

< End of report >
=========================================================================================

Filename: csc.exe
Status: Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Wed 8 Sep 2010 16:41:36 (CET) Permalink
File size: 1972552 bytes
Filetype: PE32 executable for MS Windows (console) Intel 80386 32-bit
MD5: ebd345e154827dbfc6a77e3f07f63835
SHA1: c8f298b991503bcd9d857857b7261012e0821968

Edited by thomaus, 10 November 2010 - 09:51 AM.


#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:24 AM

Posted 10 November 2010 - 07:25 PM

Hello, thomaus.

The problem appears to be gone. Not that I did anything, but as you noted the symptoms disappeared. The onboard antivirus may have solved it.


Ok, good news. Your log appears clean. Let's clean up our mess. If your computer is running well; please do the steps listed below. At the end, I've also listed a few completely optional things you can do to further secure your computer. Safe surfing!



Step 1

Next, we need to remove the other tools we have used.
  • Please download OTC by OldTimer and save it to you desktop
  • If that link doesn't work, try this one.
  • Doubleclick the Posted Image icon to start the program.
  • Then, click the big Posted Image button.
  • You will get a prompt saying Begin Cleanup Process. Click Yes.
  • Restart your computer when prompted.



Step 2

We need to purge your system restore so malware is not accidently restored. First, let's create a new restore point.
  • Go to Start --> All Programs --> Accessories --> System Tools --> System Restore.
  • Select Create a Restore Point and click Next.
  • Give the restore point a name and press create.
  • You'll see it work, then say that it was created sucessfully. Click Close.


Now, we need to remove the old, infected points using DiskCleanup.
  • Click on Start --> Run.
  • Type in cleanmgr into the run box and hit OK.
  • Select C: and press OK
  • Select the More Options tab.
  • Click on Clean up in the System Restore section..
  • Click OK.
  • You'll get a couple of prompts asking if you're sure you want do to this, select Yes and OK for them.
  • Disk cleanup will remove the old restore points that included the malware.

If you ran Defogger and disabled your emulator, please don't forget to run it again and reenable it. See the instructions here to do so.


Optional Items

Please take the time to read below to secure your machine and take the necessary steps to keep it that way.


System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

Protect yourself from malicious sites

The HOSTS file can protect you from connecting to bad sites. See The Hosts File and what it can do for you for more background.

Please download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  • Double-click the Downloaded installer and install the tool to a location of your choice
  • Via the Startmenu, navigate to HostsMan and run the program.
    • Click "Hosts" in the menu
    • Click "Manage Updates" in the submenu
    • Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    • Click "Add Update." After that you will only need to click on the following button to retrieve updates:
      Posted Image
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Keep Windows Up to Date
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Install an AntiSpyware Program

A highly recommended AntiSpyware program isMalwarebytes Anti-Malware. You can download the free version..

Installing this program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Update all these programs regularly
Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Good luck!

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 thomaus

thomaus
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 10 November 2010 - 07:28 PM

Thanks for your help. I'm pretty sure it was cleared by what Malwarebytes Anti-Malware removed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users