Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TROJ_AUTORUN.EWB?


  • This topic is locked This topic is locked
11 replies to this topic

#1 juju_au

juju_au

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 12 November 2010 - 05:49 AM

Hi there - I am hoping someone can assist - as I am a bit clueless on what to do with my machine (Dell M6500 laptop)

I perform virus scans regularly and saw TROJ_AUTORUN.EWB in the results. I have run a hijackthis scan and am posting the log here.

I'm no good at analysing these - I'm concerned that there are a lot of "(file/s missing)" and "unknown owner" entries in it.

Any help anyone could provide is appreciated with much thanks.


**************************************************************************************************

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:53:52 PM, on 12/11/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/USREL/19
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
O4 - Global Startup: vpngui.exe.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dell ControlPoint Button Service (buttonsvc64) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Smith Micro Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\STacSV64.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12933 bytes

Sorry - I didn't note to use DDS instead of HijackThis

DDS Log is as follows - thank you (and sorry!)

**********************************************************************************************


DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by Administrator at 22:15:01.58 on Fri 12/11/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.2036.833 [GMT 11:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrator\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bigpond.com.au/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
uRun: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
uRun: [AdobeBridge]
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLCO~1.LNK - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
LSA: Authentication Packages = msv1_0 wvauth
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
mRun-x64: [DellControlPoint] "c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
mRun-x64: [DellConnectionManager] "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe"
mRun-x64: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
mRun-x64: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
mRun-x64: [nwiz] nwiz.exe /installquiet

============= SERVICES / DRIVERS ===============

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\System32\drivers\tmlwf.sys [2009-7-29 200720]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe [2010-5-13 89600]
R2 buttonsvc64;Dell ControlPoint Button Service;C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-4-27 420432]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2009-6-26 1040232]
R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2009-6-26 31080]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-9-3 507680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-5-12 13336]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-12-9 6810728]
R2 SMManager;Smith Micro Connection Manager Service;C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-10-5 76288]
R2 tmpreflt;tmpreflt;C:\Windows\System32\drivers\tmpreflt.sys [2010-9-30 42576]
R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\System32\drivers\tmwfp.sys [2009-7-29 339984]
R3 cvusbdrv;Dell ControlVault;C:\Windows\System32\drivers\cvusbdrv.sys [2009-6-26 38440]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-5-13 6952960]
R3 TmPfw;Trend Micro Personal Firewall;C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2010-7-15 595960]
R3 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2010-7-15 917768]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-5-13 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-5-13 177152]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-15 1255736]

=============== Created Last 30 ================

2010-11-12 09:50:50 388096 ----a-r- C:\Users\ADMINI~1\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-12 09:50:50 -------- d-----w- C:\Program Files (x86)\Trend Micro
2010-11-12 07:19:54 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{91B16FFF-06B2-48CB-874F-9C127FCAF9F7}\mpengine.dll
2010-10-27 06:58:07 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-10-27 06:58:07 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-10-27 06:58:06 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-10-27 06:58:06 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-10-27 06:58:06 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-10-27 06:58:06 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-10-27 06:58:06 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-10-27 06:57:58 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

==================== Find3M ====================

2010-10-19 00:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-23 11:18:10 5393432 ----a-w- C:\Program Files (x86)\DriverRobot_Setup.exe
2010-09-14 17:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-08 00:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 00:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

============= FINISH: 22:15:40.60 ===============

EDIT: Posts merged ~BP

Edited by Budapest, 12 November 2010 - 05:05 PM.


BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:51 AM

Posted 21 November 2010 - 05:36 AM

Hi juju_au, and welcome to Bleeping Computer.

I perform virus scans regularly and saw TROJ_AUTORUN.EWB in the results.

Where was it detected??.. Please provide a path to the file... Is it still being detected??..

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 juju_au

juju_au
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 24 November 2010 - 05:15 AM

Hi Snemelk! thanks so much for taking a look at the logs for me.

The OTL file reads as:

OTL logfile created on: 11/24/2010 8:51:06 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Administrator\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.16 Gb Total Space | 101.45 Gb Free Space | 68.47% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: BELINDA-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/24 20:48:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/23 14:22:46 | 001,549,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\vpngui.exe
PRC - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010/03/03 23:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 23:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/01/04 18:07:06 | 000,083,280 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
PRC - [2009/10/22 12:50:20 | 000,561,952 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
PRC - [2009/10/05 22:54:10 | 000,076,288 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
PRC - [2009/06/24 21:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


========== Modules (SafeList) ==========

MOD - [2010/11/24 20:48:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
MOD - [2010/08/21 16:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/06 21:00:40 | 000,836,504 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2010/01/15 03:58:30 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/01/15 03:57:24 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2009/12/09 01:14:26 | 006,810,728 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV:64bit: - [2009/10/05 22:54:10 | 000,076,288 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV:64bit: - [2009/09/03 14:33:16 | 000,507,680 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV:64bit: - [2009/07/29 18:06:08 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2009/07/29 18:06:06 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV:64bit: - [2009/07/29 18:05:42 | 000,595,960 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV:64bit: - [2009/07/14 12:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 12:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/26 12:24:42 | 001,040,232 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV:64bit: - [2009/06/26 12:24:42 | 000,031,080 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV:64bit: - [2009/06/11 22:07:18 | 002,515,968 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV:64bit: - [2009/06/03 15:10:20 | 001,555,456 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV:64bit: - [2009/04/27 16:43:56 | 000,420,432 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc64)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/10 19:21:13 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/03 23:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/11 08:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/11/12 16:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NvtSp50.sys -- (NvtSp50)
DRV:64bit: - [2010/07/31 04:30:26 | 000,309,840 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2010/07/31 04:30:20 | 000,042,576 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2010/07/31 04:24:14 | 001,988,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint)
DRV:64bit: - [2010/05/13 07:05:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/03/23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/03/04 14:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010/01/15 03:58:36 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/12/11 14:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/11/21 14:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/21 14:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/09/16 06:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/07/29 18:07:00 | 000,339,984 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2009/07/29 18:07:00 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2009/07/29 18:06:58 | 000,200,720 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2009/07/14 12:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 12:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 12:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 12:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/26 12:23:46 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2009/06/20 11:44:56 | 000,319,488 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tifm21.sys -- (tifm21)
DRV:64bit: - [2009/06/11 07:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 07:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/31 20:43:44 | 000,305,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/11 14:56:10 | 000,102,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
DRV:64bit: - [2008/11/16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/06/04 17:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV64.sys -- (PBADRV)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/USREL/19
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com.au/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension [2010/07/15 20:33:59 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/11 08:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
O4:64bit: - HKLM..\Run: [DellControlPoint] c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (wvauth) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/24 20:48:40 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010/11/19 07:52:36 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2010/11/12 20:50:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/10/30 11:35:08 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/30 11:35:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/30 11:35:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/27 17:58:07 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/10/27 17:58:07 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/10/27 17:58:06 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/10/27 17:58:06 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/10/27 17:58:06 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/10/27 17:58:06 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/10/27 17:58:06 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/10/27 17:57:58 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2010/09/23 22:17:43 | 005,393,432 | ---- | C] (Blitware Technology Inc. ) -- C:\Program Files (x86)\DriverRobot_Setup.exe

========== Files - Modified Within 30 Days ==========

[2010/11/24 20:53:30 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2010/11/24 20:52:22 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2010/11/24 20:48:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010/11/24 20:48:06 | 000,002,070 | -H-- | M] () -- C:\Users\Administrator\Documents\Default.rdp
[2010/11/24 18:22:29 | 000,789,770 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/24 18:22:29 | 000,673,396 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/24 18:22:29 | 000,128,102 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/24 17:56:38 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/24 17:56:38 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/24 17:48:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/24 17:48:23 | 1601,310,720 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/21 00:02:43 | 000,179,605 | ---- | M] () -- C:\Users\Administrator\Documents\All sizes _ 1967 _ Flickr - Photo Sharing!.pdf
[2010/11/21 00:02:07 | 000,224,171 | ---- | M] () -- C:\Users\Administrator\Documents\All sizes _ Dior 1952 _ Flickr - Photo Sharing!.pdf
[2010/11/20 23:04:48 | 000,076,544 | ---- | M] () -- C:\Users\Administrator\Documents\All sizes _ 1962 LIFE - photo by Paul Schutzer _ Flickr - Photo Sharing!.pdf
[2010/11/20 22:58:54 | 000,123,332 | ---- | M] () -- C:\Users\Administrator\Documents\All sizes _ 1954 Jonathon Logan _ Flickr - Photo Sharing!.pdf
[2010/11/20 22:53:10 | 000,111,322 | ---- | M] () -- C:\Users\Administrator\Documents\All sizes _ Enka Rayon 1957 _ Flickr - Photo Sharing!.pdf
[2010/11/20 22:50:47 | 000,089,031 | ---- | M] () -- C:\Users\Administrator\Documents\All sizes _ 1967 _ Flickr - Photo Sharingjgjh.PDF
[2010/11/20 22:47:55 | 000,361,081 | ---- | M] () -- C:\Users\Administrator\Documents\All sizes _ Sunny Harnett 1952 _ Flickr - Photo Sharing!.pdf
[2010/11/20 22:42:28 | 000,143,634 | ---- | M] () -- C:\Users\Administrator\Documents\nina ricci All sizes _ 1960 Harper's Bazaar _ Flickr - Photo Sharing!.PDF
[2010/11/20 22:40:23 | 000,130,437 | ---- | M] () -- C:\Users\Administrator\Documents\All sizes _ McCall's Fall _ Winter 1962 _ Flickr - Photo Sharing!.pdf
[2010/11/20 22:37:26 | 000,086,230 | ---- | M] () -- C:\Users\Administrator\Documents\nina ricci All sizes _ VPB Aug -Sept 1964 _ Flickr - Photo Sharing!.PDF
[2010/11/20 22:26:21 | 000,225,892 | ---- | M] () -- C:\Users\Administrator\Documents\All sizes _ Harper's Bazaar Nov 1960 _ Flickr - Photo Sharing!.pdf
[2010/11/20 22:24:41 | 000,118,873 | ---- | M] () -- C:\Users\Administrator\Documents\All sizes _ 1957 _ Flickr - Photo Sharing!.pdf
[2010/11/20 22:21:20 | 000,120,494 | ---- | M] () -- C:\Users\Administrator\Documents\All sizes _ Lana Lobell 1954 _ Flickr - Photo Sharing!.pdf
[2010/11/20 22:19:51 | 000,598,638 | ---- | M] () -- C:\Users\Administrator\Documents\All sizes _ Dorian Leigh 1952 _ Flickr - Photo Sharing!.pdf
[2010/11/20 22:18:29 | 000,107,012 | ---- | M] () -- C:\Users\Administrator\Documents\All sizes _ Rudolf 1957 _ Flickr - Photo Sharing!.pdf
[2010/11/20 22:07:32 | 000,290,495 | ---- | M] () -- C:\Users\Administrator\Documents\All sizes _ 1952 _ Flickr - Photo Sharing!.pdf
[2010/11/20 22:05:05 | 000,160,966 | ---- | M] () -- C:\Users\Administrator\Documents\All sizes _ Anne St. Marie _ Flickr - Photo Sharing!.pdf
[2010/11/20 22:03:40 | 000,611,392 | ---- | M] () -- C:\Users\Administrator\Documents\All sizes _ Warner's - Merry Widow 1955 _ Flickr - Photo Sharing!.pdf
[2010/11/20 22:00:19 | 000,579,575 | ---- | M] () -- C:\Users\Administrator\Documents\All sizes _ 1951 Harry Frechtel _ Flickr - Photo Sharing!.pdf
[2010/11/20 21:58:09 | 000,248,463 | ---- | M] () -- C:\Users\Administrator\Documents\All sizes _ Lilli Ann 1949 _ Flickr - Photo Sharing!.pdf
[2010/11/19 22:27:27 | 000,323,584 | ---- | M] () -- C:\Users\Administrator\Documents\Database1.accdb
[2010/11/18 16:03:27 | 000,009,411 | ---- | M] () -- C:\Users\Administrator\Documents\Book1LJIKGL.xlsx
[2010/11/12 22:23:15 | 000,288,107 | ---- | M] () -- C:\Users\Administrator\Desktop\gmer.zip
[2010/11/12 22:14:27 | 000,050,477 | ---- | M] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2010/11/12 22:12:58 | 000,630,272 | ---- | M] () -- C:\Users\Administrator\Desktop\dds.scr
[2010/11/12 20:50:50 | 000,003,011 | ---- | M] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
[2010/11/12 08:42:44 | 000,001,135 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/11/07 21:36:02 | 004,980,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/11/07 03:13:33 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2010/10/30 20:08:50 | 000,008,453 | ---- | M] () -- C:\Users\Administrator\Documents\Book1.xlsx
[2010/10/30 08:20:24 | 000,010,682 | ---- | M] () -- C:\Users\Administrator\Documents\BH Budget.xlsx

========== Files Created - No Company Name ==========

[2010/11/24 17:51:55 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20101124.log
[2010/11/21 21:30:38 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20101121.log
[2010/11/20 23:04:46 | 000,076,544 | ---- | C] () -- C:\Users\Administrator\Documents\All sizes _ 1962 LIFE - photo by Paul Schutzer _ Flickr - Photo Sharing!.pdf
[2010/11/20 22:58:52 | 000,123,332 | ---- | C] () -- C:\Users\Administrator\Documents\All sizes _ 1954 Jonathon Logan _ Flickr - Photo Sharing!.pdf
[2010/11/20 22:53:09 | 000,111,322 | ---- | C] () -- C:\Users\Administrator\Documents\All sizes _ Enka Rayon 1957 _ Flickr - Photo Sharing!.pdf
[2010/11/20 22:50:44 | 000,089,031 | ---- | C] () -- C:\Users\Administrator\Documents\All sizes _ 1967 _ Flickr - Photo Sharingjgjh.PDF
[2010/11/20 22:47:53 | 000,361,081 | ---- | C] () -- C:\Users\Administrator\Documents\All sizes _ Sunny Harnett 1952 _ Flickr - Photo Sharing!.pdf
[2010/11/20 22:42:27 | 000,143,634 | ---- | C] () -- C:\Users\Administrator\Documents\nina ricci All sizes _ 1960 Harper's Bazaar _ Flickr - Photo Sharing!.PDF
[2010/11/20 22:40:22 | 000,130,437 | ---- | C] () -- C:\Users\Administrator\Documents\All sizes _ McCall's Fall _ Winter 1962 _ Flickr - Photo Sharing!.pdf
[2010/11/20 22:37:24 | 000,086,230 | ---- | C] () -- C:\Users\Administrator\Documents\nina ricci All sizes _ VPB Aug -Sept 1964 _ Flickr - Photo Sharing!.PDF
[2010/11/20 22:35:48 | 000,224,171 | ---- | C] () -- C:\Users\Administrator\Documents\All sizes _ Dior 1952 _ Flickr - Photo Sharing!.pdf
[2010/11/20 22:26:19 | 000,225,892 | ---- | C] () -- C:\Users\Administrator\Documents\All sizes _ Harper's Bazaar Nov 1960 _ Flickr - Photo Sharing!.pdf
[2010/11/20 22:24:40 | 000,118,873 | ---- | C] () -- C:\Users\Administrator\Documents\All sizes _ 1957 _ Flickr - Photo Sharing!.pdf
[2010/11/20 22:22:04 | 000,179,605 | ---- | C] () -- C:\Users\Administrator\Documents\All sizes _ 1967 _ Flickr - Photo Sharing!.pdf
[2010/11/20 22:21:18 | 000,120,494 | ---- | C] () -- C:\Users\Administrator\Documents\All sizes _ Lana Lobell 1954 _ Flickr - Photo Sharing!.pdf
[2010/11/20 22:19:49 | 000,598,638 | ---- | C] () -- C:\Users\Administrator\Documents\All sizes _ Dorian Leigh 1952 _ Flickr - Photo Sharing!.pdf
[2010/11/20 22:18:27 | 000,107,012 | ---- | C] () -- C:\Users\Administrator\Documents\All sizes _ Rudolf 1957 _ Flickr - Photo Sharing!.pdf
[2010/11/20 22:07:30 | 000,290,495 | ---- | C] () -- C:\Users\Administrator\Documents\All sizes _ 1952 _ Flickr - Photo Sharing!.pdf
[2010/11/20 22:05:04 | 000,160,966 | ---- | C] () -- C:\Users\Administrator\Documents\All sizes _ Anne St. Marie _ Flickr - Photo Sharing!.pdf
[2010/11/20 22:03:38 | 000,611,392 | ---- | C] () -- C:\Users\Administrator\Documents\All sizes _ Warner's - Merry Widow 1955 _ Flickr - Photo Sharing!.pdf
[2010/11/20 22:00:17 | 000,579,575 | ---- | C] () -- C:\Users\Administrator\Documents\All sizes _ 1951 Harry Frechtel _ Flickr - Photo Sharing!.pdf
[2010/11/20 21:57:57 | 000,248,463 | ---- | C] () -- C:\Users\Administrator\Documents\All sizes _ Lilli Ann 1949 _ Flickr - Photo Sharing!.pdf
[2010/11/19 22:13:52 | 000,323,584 | ---- | C] () -- C:\Users\Administrator\Documents\Database1.accdb
[2010/11/18 15:23:24 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20101118.log
[2010/11/17 15:10:41 | 000,009,411 | ---- | C] () -- C:\Users\Administrator\Documents\Book1LJIKGL.xlsx
[2010/11/16 13:38:29 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20101116.log
[2010/11/15 10:50:33 | 000,000,350 | ---- | C] () -- C:\ProgramData\OutlookFail.20101115.log
[2010/11/13 19:18:11 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20101113.log
[2010/11/12 22:23:10 | 000,288,107 | ---- | C] () -- C:\Users\Administrator\Desktop\gmer.zip
[2010/11/12 22:14:27 | 000,050,477 | ---- | C] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2010/11/12 22:12:40 | 000,630,272 | ---- | C] () -- C:\Users\Administrator\Desktop\dds.scr
[2010/11/12 20:50:50 | 000,003,011 | ---- | C] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
[2010/11/08 15:37:16 | 002,820,608 | ---- | C] () -- C:\SVPH - Annual Cleaning Refresher Test - 2009.DOC
[2010/11/07 22:01:07 | 000,015,872 | ---- | C] () -- C:\ORACLE 11i.xls
[2010/11/07 13:35:08 | 000,092,672 | ---- | C] () -- C:\25 .11.2009 (2).doc
[2010/11/07 13:35:01 | 000,092,672 | ---- | C] () -- C:\25 .11.2009.doc
[2010/11/03 17:31:55 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20101103.log
[2010/10/30 20:08:48 | 000,008,453 | ---- | C] () -- C:\Users\Administrator\Documents\Book1.xlsx
[2010/10/29 19:40:49 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20101029.log
[2010/10/25 18:44:02 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20101025.log
[2010/10/24 10:49:29 | 000,000,132 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/10/21 17:54:38 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20101021.log
[2010/10/20 17:38:41 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20101020.log
[2010/10/16 17:05:17 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20101016.log
[2010/10/07 17:45:01 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20101007.log
[2010/09/22 18:50:34 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20100922.log
[2010/09/19 18:43:55 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20100919.log
[2010/09/11 17:26:50 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20100911.log
[2010/09/01 07:55:42 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20100901.log
[2010/08/31 18:29:56 | 000,000,350 | ---- | C] () -- C:\ProgramData\OutlookFail.20100831.log
[2010/08/28 15:16:30 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20100828.log
[2010/08/25 18:37:53 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20100825.log
[2010/08/23 19:14:55 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20100823.log
[2010/08/22 18:42:11 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20100822.log
[2010/08/15 09:32:24 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20100815.log
[2010/08/14 09:30:57 | 000,000,350 | ---- | C] () -- C:\ProgramData\OutlookFail.20100814.log
[2010/08/13 07:45:18 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20100813.log
[2010/08/12 08:13:42 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20100812.log
[2010/08/11 18:55:12 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20100811.log
[2010/08/07 11:48:57 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20100807.log
[2010/08/01 08:26:00 | 000,000,525 | ---- | C] () -- C:\ProgramData\OutlookFail.20100801.log
[2010/07/27 19:05:37 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20100727.log
[2010/07/25 13:35:35 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20100725.log
[2010/07/24 08:35:16 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20100724.log
[2010/07/21 07:34:42 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20100721.log
[2010/07/18 14:02:14 | 000,000,525 | ---- | C] () -- C:\ProgramData\OutlookFail.20100718.log
[2010/07/17 09:36:03 | 000,001,225 | ---- | C] () -- C:\ProgramData\OutlookFail.20100717.log
[2010/07/16 19:40:13 | 000,000,350 | ---- | C] () -- C:\ProgramData\OutlookFail.20100716.log
[2010/07/15 23:59:28 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20100715.log
[2010/06/11 23:34:19 | 000,794,680 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/05/13 06:14:34 | 001,612,392 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2010/05/13 06:14:34 | 001,108,584 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2010/05/12 15:25:57 | 000,377,168 | ---- | C] () -- C:\Windows\SysWow64\brcmbsp.dll
[2010/05/12 15:25:34 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2009/10/05 22:27:16 | 000,143,360 | R--- | C] () -- C:\Windows\SysWow64\preflib.dll
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 08:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/11/25 14:46:48 | 000,092,672 | ---- | M] () -- C:\25 .11.2009 (2).doc
[2009/11/25 14:46:48 | 000,092,672 | ---- | M] () -- C:\25 .11.2009.doc
[2010/05/13 07:09:14 | 000,004,426 | RH-- | M] () -- C:\dell.sdr
[2010/11/24 17:48:23 | 1601,310,720 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 02:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2004/08/12 11:31:44 | 000,015,872 | ---- | M] () -- C:\ORACLE 11i.xls
[2010/11/24 17:48:28 | 2135,080,960 | -HS- | M] () -- C:\pagefile.sys
[2010/08/16 13:48:51 | 000,000,650 | ---- | M] () -- C:\rundll32.txt
[2009/03/31 19:38:50 | 002,820,608 | ---- | M] () -- C:\SVPH - Annual Cleaning Refresher Test - 2009.DOC

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

#4 juju_au

juju_au
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 24 November 2010 - 05:36 AM

.... and the Extras file reads as:

OTL Extras logfile created on: 11/24/2010 8:51:06 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Administrator\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.16 Gb Total Space | 101.45 Gb Free Space | 68.47% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: BELINDA-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
"{16B452B6-828D-4E93-A97E-B92C76E8E0DD}" = SO64MMWrapper
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{27753668-8F35-4FEE-BE5D-ADCD615D334A}" = Dell ControlPoint Connection Manager 64
"{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{3110A3AD-9890-42DF-8CE5-FBFE4E633ED2}" = Wave Infrastructure Installer
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security Pro
"{736D17CD-0990-4A57-A9FA-E765B6A93EC3}" = Dell ControlPoint System Manager
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{87508272-99AC-47AA-9F65-5F8C09930CA6}" = Dell Control Point 64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security Pro
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A4F53D2C-1FED-4CDF-9D83-4AED82CD0436}" = Gemalto
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{C3B66206-54AC-4A76-8CCF-7FE5670C3581}" = DCP64MMWrapper
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{F161E795-1A75-4DBD-AFAE-4980BA7EABDB}" = Dell ControlVault Host Components Installer 64Bit
"2CA3B8348CD526E9B8928840AC68738C5B5A4F8F" = Windows Driver Package - Thomson (USB_RNDIS) Net (02/15/2007 2.0.0.0)
"5AF8BE22A56B38B1816F36BAC6A71F1277E45440" = Windows Driver Package - NETGEAR Inc. (RTL8187) Net (12/01/2006 6.1258.1201.2006)
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"B090418E214D6BD6EE18A512A8EE609225AC9279" = Windows Driver Package - Atheros Communications Inc. (arusb_lhx) Net (09/25/2008 3.1.0.101)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"SynTPDeinstKey" = Dell Touchpad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 22
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{433A39B0-380C-4634-93FE-12A812954F5B}" = BigPond Broadband ADSL
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9ADE9794-F65D-11BE-051B-B6E52B5CDD04}" = Adobe Community Help
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_941" = Adobe Acrobat 9.4.1 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C34D611A-BB04-49FD-A37A-EDED11ED491D}" = Adobe Creative Suite 5 Design Premium Subscription Edition
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"PROR" = Microsoft Office Professional 2007
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/20/2010 5:13:46 PM | Computer Name = belinda-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/20/2010 5:54:23 PM | Computer Name = belinda-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 11/20/2010 5:55:05 PM | Computer Name = belinda-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 11/20/2010 5:57:59 PM | Computer Name = belinda-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 11/20/2010 8:17:46 PM | Computer Name = belinda-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/21/2010 2:36:21 AM | Computer Name = belinda-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/21/2010 2:37:16 PM | Computer Name = belinda-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/21/2010 2:39:49 PM | Computer Name = belinda-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/24/2010 2:46:53 AM | Computer Name = belinda-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 11/24/2010 2:49:14 AM | Computer Name = belinda-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Media Center Events ]
Error - 8/17/2010 9:03:46 PM | Computer Name = belinda-PC | Source = MCUpdate | ID = 0
Description = 11:03:46 AM - Error connecting to the internet. 11:03:46 AM - Unable
to contact server..

Error - 8/17/2010 9:03:53 PM | Computer Name = belinda-PC | Source = MCUpdate | ID = 0
Description = 11:03:51 AM - Error connecting to the internet. 11:03:51 AM - Unable
to contact server..

Error - 8/17/2010 10:04:01 PM | Computer Name = belinda-PC | Source = MCUpdate | ID = 0
Description = 12:04:01 PM - Error connecting to the internet. 12:04:01 PM - Unable
to contact server..

Error - 8/17/2010 10:04:09 PM | Computer Name = belinda-PC | Source = MCUpdate | ID = 0
Description = 12:04:07 PM - Error connecting to the internet. 12:04:07 PM - Unable
to contact server..

Error - 8/24/2010 11:14:59 PM | Computer Name = belinda-PC | Source = MCUpdate | ID = 0
Description = 1:14:59 PM - Error connecting to the internet. 1:14:59 PM - Unable
to contact server..

Error - 8/24/2010 11:15:11 PM | Computer Name = belinda-PC | Source = MCUpdate | ID = 0
Description = 1:15:04 PM - Error connecting to the internet. 1:15:04 PM - Unable
to contact server..

Error - 8/25/2010 12:15:23 AM | Computer Name = belinda-PC | Source = MCUpdate | ID = 0
Description = 2:15:23 PM - Error connecting to the internet. 2:15:23 PM - Unable
to contact server..

Error - 8/25/2010 12:15:31 AM | Computer Name = belinda-PC | Source = MCUpdate | ID = 0
Description = 2:15:28 PM - Error connecting to the internet. 2:15:28 PM - Unable
to contact server..

Error - 8/25/2010 1:15:43 AM | Computer Name = belinda-PC | Source = MCUpdate | ID = 0
Description = 3:15:43 PM - Error connecting to the internet. 3:15:43 PM - Unable
to contact server..

Error - 8/25/2010 1:15:51 AM | Computer Name = belinda-PC | Source = MCUpdate | ID = 0
Description = 3:15:48 PM - Error connecting to the internet. 3:15:48 PM - Unable
to contact server..

[ OSession Events ]
Error - 8/2/2010 5:09:24 AM | Computer Name = belinda-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 4788 seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/6/2010 9:15:44 PM | Computer Name = belinda-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2454
seconds with 60 seconds of active time. This session ended with a crash.

Error - 11/7/2010 6:17:42 AM | Computer Name = belinda-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23531
seconds with 900 seconds of active time. This session ended with a crash.

Error - 11/7/2010 6:23:10 AM | Computer Name = belinda-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 313
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/7/2010 6:25:15 AM | Computer Name = belinda-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 113
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/7/2010 6:25:23 AM | Computer Name = belinda-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/7/2010 6:25:39 AM | Computer Name = belinda-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/7/2010 6:38:46 AM | Computer Name = belinda-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/7/2010 6:39:06 AM | Computer Name = belinda-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/21/2010 2:36:09 AM | Computer Name = belinda-PC | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 11/21/2010 2:36:33 PM | Computer Name = belinda-PC | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 11/21/2010 2:39:06 PM | Computer Name = belinda-PC | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 11/24/2010 2:46:09 AM | Computer Name = belinda-PC | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 11/24/2010 2:48:33 AM | Computer Name = belinda-PC | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 11/24/2010 3:21:06 AM | Computer Name = belinda-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 11/24/2010 5:46:25 AM | Computer Name = belinda-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 50.

Error - 11/24/2010 5:46:29 AM | Computer Name = belinda-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 50.

Error - 11/24/2010 5:46:29 AM | Computer Name = belinda-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 50.

Error - 11/24/2010 5:46:30 AM | Computer Name = belinda-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 50.
three

< End of report >



With regard to the path for the .ewb file, sorry if I sound like a dodo...! but I can't find it. Trend Micro has it "quarantined".

In TROJAN QUARANTINE, it says (twice on separate rows):

Name - TROJ_AUTORUN.EWB

Date Quarantined - 2010/09/26 19:21

Status - Trojan Found



In VIRUS QUARANTINE, it has three separate entries:

Name - Data1.cab
Date Quarantined - 2010/10/09 09:31
File Location - C:\Program Files (x86)\Adobe\Acrobat 9.0\Setup Files\{AC76BA86-1033-F400-7760-000000000004}\

Name - autorun.inf
Date Quarantined - 2010/08/08 01:57
File Location - E:\

Name - autorun.inf
Date Quarantined - 2010/09/26 19:20
File Location - E:\


Once again, thank you so much for any help you can offer! :)

#5 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:51 AM

Posted 24 November 2010 - 11:54 AM

Hi again juju_au!!.. :)

Once again, thank you so much for any help you can offer! :)

No problem!.. :)

Your logs look ok to me... I'll ask you to run a script (which will remove some leftovers) and an online scan (to make sure we leave nothing behind)...

Name - autorun.inf
Date Quarantined - 2010/08/08 01:57
File Location - E:\

Name - autorun.inf
Date Quarantined - 2010/09/26 19:20
File Location - E:\

E drive - was it a removable device??.. If yes, it could have been infected, and your antivirus removed an autorun.inf file to prevent your computer from getting infected... In such a case, nothing to worry about...

If you want to get to know more about these infections, read these articles: Flash drive infections, USB/Flash Drive Safety... You can use Panda USB Vaccine if you want to secure your removable drives/devices...

Please do the following (afterwards, please let me know what problem remains):

Firstly,
Please run OTL.exe. (note, I'll be removing two entries related to Adware.Win32.DriverRobot)
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\Run: [AdobeBridge] File not found
    [2010/09/23 22:17:43 | 005,393,432 | ---- | C] (Blitware Technology Inc. ) -- C:\Program Files (x86)\DriverRobot_Setup.exe
    [2010/11/07 03:13:33 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Secondly,
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer (32 bit version - Start --> All programs --> Internet Explorer) for this scan. Internet Explorer must be run as administrator - right click and choose: Run as administrator.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Thirdly, we need to update outdated programs (with security vulnerabilities) on your machine:

- Java

Go to Start -> Control Panel -> Programs and Features, highlight a program to see the available option on the toolbar for it. Choose Uninstall for:
Java™ 6 Update 17 (64-bit)

Then,
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says Java Platform, Standard Edition / "JDK 6 Update 22 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select Windows x64, your Language, check the "agree" box and click Continue.
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u22-windows-x64.exe that you downloaded to install the newest version.

- Adobe Flash Player:

To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger.
3. Double-click on the file you've downloaded to uninstall Flash.
4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).
Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#6 juju_au

juju_au
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 25 November 2010 - 05:08 AM

Hi Snemelk

thanks for those links... looks like i'll be doing a lot of reading! :)

Here is the log for the OTL run:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
C:\Program Files (x86)\DriverRobot_Setup.exe moved successfully.
C:\Windows\Tasks\Driver Robot.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 38911605 bytes
->Temporary Internet Files folder emptied: 63859423 bytes
->Java cache emptied: 270022 bytes
->Flash cache emptied: 83973 bytes

User: All Users

User: belinda
->Temp folder emptied: 17551110 bytes
->Temporary Internet Files folder emptied: 32624795 bytes
->Java cache emptied: 7798222 bytes
->Flash cache emptied: 64433 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33172 bytes
->Flash cache emptied: 56847 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: TEMP
->Temp folder emptied: 636861 bytes
->Temporary Internet Files folder emptied: 944521 bytes
->Java cache emptied: 7140 bytes
->Flash cache emptied: 56504 bytes

User: TEMP.belinda-PC
->Temporary Internet Files folder emptied: 294912 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 147166025 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 21796144 bytes
RecycleBin emptied: 2508248273 bytes

Total Files Cleaned = 2,709.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: belinda
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: TEMP
->Flash cache emptied: 0 bytes

User: TEMP.belinda-PC

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11252010_205309

Files\Folders moved on Reboot...
C:\Users\Administrator\AppData\Local\Temp\TMFBE_4880\.inuse moved successfully.
C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Administrator\AppData\Local\Temp\~DF3011B16612704FEC.TMP not found!
File\Folder C:\Users\Administrator\AppData\Local\Temp\~DF9ACE9DFBF7417CF4.TMP not found!
File\Folder C:\Users\Administrator\AppData\Local\Temp\~DFA82617F14285CCFF.TMP not found!
File\Folder C:\Users\Administrator\AppData\Local\Temp\~DFC4039A209F14A7BB.TMP not found!
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPB1RR5F\topic360022[1].html moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33252IIL\signin[2].htm moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

#7 juju_au

juju_au
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 25 November 2010 - 01:26 PM

and the ESET log!

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=b080e4c67ca6204ea015441e91929361
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-25 11:43:40
# local_time=2010-11-25 10:43:40 (+1000, AUS Eastern Daylight Time)
# country="Australia"
# lang=9
# osver=6.1.7600 NT
# compatibility_mode=516 16774525 100 97 0 41002390 0 0
# compatibility_mode=5893 16776573 100 94 0 42313946 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=212004
# found=0
# cleaned=0
# scan_time=4924

#8 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:51 AM

Posted 25 November 2010 - 01:45 PM

Hi again juju_au!!.. :)

thanks for those links... looks like i'll be doing a lot of reading! :)

If you have any questions, just ask...

If there is no remaining problem (and after updating some outdated programs), you're good to go...

Firstly,
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Secondly,
Please set a new Restore Point to prevent infection from any previous Restore Points.
The easiest and safest way to do this is:
  • Open Control Panel (Start --> Control Panel) and double-click the System icon.
  • Click on the System Protection link on the left. If an UAC (User Account Control) prompt appears, click Continue. Close the System window.
  • Make sure that you have System Protection turned on for your System drive (usually C:\):
    • In Windows 7: On under Protection,
    • In Windows Vista: a box on the left will be checked.
  • Click on the Create button. Give the restore point a name, and click Create. Wait till the new system restore point is created, and click Close.
  • Then go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Click "OK" to select the partition or drive you desire (usually C:\).
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one. More details and screenshots for Disk Cleanup in Windows Vista can be found here and for Windows 7 here.

You can check my site - snemelk.hekko.pl:
A few steps to make your web browsing safer :thumbup2:

Also, I recommend you to read Grinler's excellent article: How did I get infected?, With steps so it does not happen again!
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#9 juju_au

juju_au
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 30 November 2010 - 01:37 AM

Sorry Snemelk! gosh, so busy. I work in a hospital and it is M.A.D.N.E.S.S. coming up to Christmas - same every year!!!!

I think a "mental health" day will be in order soon!

ok - I'm just off to do those last recommended actions..... back in a bit!

:)

#10 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:51 AM

Posted 30 November 2010 - 11:29 AM

Hi again juju_au!!.. :)

Sorry Snemelk! gosh, so busy. I work in a hospital and it is M.A.D.N.E.S.S. coming up to Christmas - same every year!!!!

I can imagine!

ok - I'm just off to do those last recommended actions..... back in a bit!

:)

Ok... :) Just let me know you've performed all of the steps, and if there are no questions or remaining problems, I'll close the topic... ;)
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#11 juju_au

juju_au
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 30 November 2010 - 01:18 PM

!!!! I did it all.... then promptly fell asleep!

all done - and you know, there's even a noticeable increase in the machine's speed as well!

thank you SO much for all of that. I definitely wouldn't have had a clue if not for you and this site - what a service!

:clapping:

#12 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:11:51 AM

Posted 30 November 2010 - 01:37 PM

Hi again juju_au!!.. :)

!!!! I did it all.... then promptly fell asleep!

A good sleep is very important!!.. :thumbup2:

thank you SO much for all of that. I definitely wouldn't have had a clue if not for you and this site - what a service!

Thank you very much for these kind words!!.. B)

Glad we could help. :)

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users