Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus infection


  • This topic is locked This topic is locked
30 replies to this topic

#1 tonybiker

tonybiker

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 15 January 2011 - 06:22 AM

Hi.

Firstly I followed the instructions up to installing the GMER but it froze the laptop several times. I read that at this point it would be best to detail the problem and attach the two logs.

The laptop is a Demm Inspiron Mini 10 with XP Home. It belongs to my 12 year old neice and I got the call after my sister shouted out that the browser was going to pon sites. I thought it would be a simple task. How wrong I was.

My neice had received a warning that she needed to install some software to get rid of a problem. Thats when the problem started. I was unable to install any form of antispy without a warning saying it was blocked or even go to control panel to remove programmes without the box saying that was blocked. repeated pop up's saying did I want to install software. I managed to boot to safe mode and install superantispy which found over 700 infections, i then came across Malwarebytes and installed that via USB . The PC was a bit better but no way would it connect to the internet. I did find a fix for this, however i can go to facebook, ebay etc but if I try to go to any site like windows update, Mcafee etc IE or Firefox both say unable to connect.

I then decided to do a full recovery. The laptop does not have a CD rom so I used the suggested F11 and every other combination to no avail. Its as if the recovery option has vanished into mid air.

After 20 plus scans with Malwarebytes it finds the same two trojans everytime. It then came up nothing found and i thought it was sorted. But no.

The Laptop then failed to boot up. One flash of the screen and nothing. On safe mode 3 lines of script and it hung.

I was today able to use a USB flash to boot from that. I again ran Malwarebytes and it found the same infections again. And since then it has booted up normally despite me not doing anything else.

I can not download Mcafee which I was going to install due to having it free via BT. The intall says unable to connect to internet.
I can not connect to windows update, it says the same, unable to conect to internet.
If i enter anything in google like 'how to get rid of a virus', the browser redirects to a porn site or some odd looking site asking me to download antispy.

A few hours ago i could not even connect to the internet due to Firefox saying the 'proxy server not available'. I found a quick fix on the net to sort that one out.

Its as if this virus is alive and always one step ahead.

Your assitance would be fully appreciated.

I have copied both the text files below.

Kind regards,

Tony


DDS (Ver_10-12-12.02) - NTFSx86
Run by Liam Crank at 9:56:02.14 on 15/01/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.489 [GMT 0:00]

AV: Antivirus *Enabled/Outdated* {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OA012Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\WSED\WSED.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\Program Files\CapsLKNotify\CapsLKNotify.exe
C:\Program Files\Dell\Dell Datasafe Online\NOBuClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Liam Crank\My Documents\PC SET UP FILES\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8075
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\vopynyga‹üm™ëcldxggvs.exe\cldxggvs.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Messenger Plus Live Toolbar: {9b339f6e-ddcd-401b-8764-230adbd01761} - c:\program files\messenger_plus_live\tbMes2.dll
BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - AVG Security Toolbar BHO
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Messenger Plus Live Toolbar: {9b339f6e-ddcd-401b-8764-230adbd01761} - c:\program files\messenger_plus_live\tbMes2.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} -
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {51D37496-C262-4D13-A8C1-C93E59BF50B9} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [SUPERAntiSpyware.exe] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OA012Mon] c:\windows\OA012Mon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [WSED] c:\program files\wsed\WSED.exe
mRun: [BTMeter] c:\program files\battery meter\BTMeter.exe
mRun: [CapsLKNotify] c:\program files\capslknotify\CapsLKNotify.exe
mRun: [Dell DataSafe Online] c:\program files\dell\dell datasafe online\NOBuClient.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: facebook.com\www
Trusted Zone: google.co.uk\www
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\liamcr~1\applic~1\mozilla\firefox\profiles\efio1grz.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-10-22 14248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 NOBU;Dell DataSafe Online;c:\program files\dell\dell datasafe online\NOBuAgent.exe [2010-10-20 2075480]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-10-22 143840]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [2009-10-22 135168]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [2009-10-22 133632]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [2009-10-22 272032]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-10-22 162816]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-10-22 1684736]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]

=============== Created Last 30 ================

2011-01-15 05:24:51 -------- d-----w- c:\windows\pss
2011-01-15 04:46:44 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-01-15 04:46:44 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-12 19:57:14 -------- d-----w- c:\docume~1\liamcr~1\applic~1\Acfie
2011-01-12 14:53:33 -------- d-----w- c:\docume~1\liamcr~1\applic~1\Oldeo
2011-01-12 14:53:33 -------- d-----w- c:\docume~1\liamcr~1\applic~1\Isofov
2011-01-12 03:14:00 -------- d-----w- c:\program files\Visiosonic
2011-01-12 03:00:40 -------- d-----w- c:\program files\uTorrent
2011-01-12 02:59:29 -------- d-----w- c:\docume~1\liamcr~1\applic~1\uTorrent
2011-01-12 02:51:07 -------- d-----w- c:\program files\Dell Support Center
2011-01-11 23:05:20 -------- d-----w- c:\docume~1\liamcr~1\applic~1\Yrbef
2011-01-11 23:05:20 -------- d-----w- c:\docume~1\liamcr~1\applic~1\Wemyyd
2011-01-11 21:14:51 -------- d-----w- c:\docume~1\liamcr~1\applic~1\Uvyx
2011-01-11 21:14:51 -------- d-----w- c:\docume~1\liamcr~1\applic~1\Fehoe
2011-01-11 19:29:42 -------- d-----w- c:\windows\SxsCaPendDel
2011-01-11 16:11:24 -------- d-----w- c:\docume~1\liamcr~1\applic~1\Husy
2011-01-11 16:11:11 -------- d-----w- c:\program files\ertw
2011-01-11 05:04:11 -------- d-----w- c:\docume~1\liamcr~1\applic~1\Malwarebytes
2011-01-11 03:35:44 -------- d-----w- c:\docume~1\liamcr~1\applic~1\PCDr
2011-01-11 02:24:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-11 02:24:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-11 02:24:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-11 02:24:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-11 01:51:16 -------- d--h--w- c:\windows\PIF
2011-01-10 23:09:11 -------- d-----w- c:\docume~1\liamcr~1\applic~1\IObit
2011-01-10 23:07:45 -------- d-----w- c:\docume~1\liamcr~1\applic~1\SUPERAntiSpyware.com
2011-01-10 22:25:19 -------- d-----w- c:\program files\IObit
2011-01-10 22:14:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-01-10 22:13:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-22 20:34:53 -------- d-----w- c:\docume~1\liamcr~1\applic~1\Ulhiz
2010-12-22 20:34:53 -------- d-----w- c:\docume~1\liamcr~1\applic~1\Fopu
2010-12-21 19:56:48 -------- d-----w- c:\docume~1\liamcr~1\applic~1\Obuxo
2010-12-21 19:56:48 -------- d-----w- c:\docume~1\liamcr~1\applic~1\Icteo
2010-12-20 21:06:57 -------- d-----w- c:\docume~1\liamcr~1\applic~1\Yqex
2010-12-20 21:06:57 -------- d-----w- c:\docume~1\liamcr~1\applic~1\Lamoyf
2010-12-20 21:06:50 -------- d-----w- c:\program files\ert
2010-12-17 13:17:16 -------- d-----w- c:\docume~1\liamcr~1\applic~1\Seyz
2010-12-17 13:17:16 -------- d-----w- c:\docume~1\liamcr~1\applic~1\Quoh

==================== Find3M ====================

2010-11-25 21:45:47 0 ----a-w- c:\windows\Fpokamaga.bin

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK1655GSX rev.FG010D -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86AF1446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86af7504]; MOV EAX, [0x86af7580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86B61AB8]
3 CLASSPNP[0xF764DFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000065[0x86B629E8]
5 ACPI[0xF74D4620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86B62D98]
\Driver\atapi[0x86B18270] -> IRP_MJ_CREATE -> 0x86AF1446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskTOSHIBA_MK1655GSX_______________________FG010D__#5&33dc7a75&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x86AF1292
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 9:57:54.56 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:42 AM

Posted 19 January 2011 - 06:39 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 tonybiker

tonybiker
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 19 January 2011 - 10:05 PM

Hi.

Many thanks for the reply.

I have not touched the PC since posting and will await your instructions.

Many thanks.

Tony

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:42 AM

Posted 20 January 2011 - 06:10 PM

You have the TDL4 rootkit showing on DDS so let's run TDSSKiller which should remove that

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 tonybiker

tonybiker
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 20 January 2011 - 07:26 PM

Hi.

Many thanks for the instructions. I will do this tomorrow and report back.

Your help is appreciated.

Tony

#6 tonybiker

tonybiker
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 21 January 2011 - 12:48 PM

Hi.

Copy of report after taking the action.

Tony


2011/01/21 17:33:20.0156 TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51
2011/01/21 17:33:20.0156 ================================================================================
2011/01/21 17:33:20.0156 SystemInfo:
2011/01/21 17:33:20.0156
2011/01/21 17:33:20.0156 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/21 17:33:20.0156 Product type: Workstation
2011/01/21 17:33:20.0156 ComputerName: D9DYBRK1
2011/01/21 17:33:20.0156 UserName: Liam Crank
2011/01/21 17:33:20.0156 Windows directory: C:\WINDOWS
2011/01/21 17:33:20.0156 System windows directory: C:\WINDOWS
2011/01/21 17:33:20.0156 Processor architecture: Intel x86
2011/01/21 17:33:20.0156 Number of processors: 2
2011/01/21 17:33:20.0156 Page size: 0x1000
2011/01/21 17:33:20.0156 Boot type: Normal boot
2011/01/21 17:33:20.0156 ================================================================================
2011/01/21 17:33:20.0734 Initialize success
2011/01/21 17:33:22.0875 ================================================================================
2011/01/21 17:33:22.0875 Scan started
2011/01/21 17:33:22.0875 Mode: Manual;
2011/01/21 17:33:22.0875 ================================================================================
2011/01/21 17:33:24.0000 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/01/21 17:33:24.0125 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/21 17:33:24.0171 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/01/21 17:33:24.0312 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/01/21 17:33:24.0375 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/21 17:33:24.0453 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/21 17:33:24.0593 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/01/21 17:33:24.0640 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/01/21 17:33:24.0671 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/01/21 17:33:24.0843 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/01/21 17:33:24.0859 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/01/21 17:33:24.0937 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/01/21 17:33:25.0093 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/01/21 17:33:25.0187 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/01/21 17:33:25.0375 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/01/21 17:33:25.0390 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/01/21 17:33:25.0546 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/01/21 17:33:25.0609 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/01/21 17:33:25.0718 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/01/21 17:33:25.0828 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/21 17:33:26.0109 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/21 17:33:26.0250 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/21 17:33:26.0296 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/21 17:33:26.0453 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/01/21 17:33:26.0625 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/21 17:33:26.0703 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/01/21 17:33:26.0734 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/21 17:33:26.0781 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/01/21 17:33:26.0906 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/01/21 17:33:26.0968 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/21 17:33:27.0000 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/21 17:33:27.0109 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/21 17:33:27.0203 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/01/21 17:33:27.0265 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/01/21 17:33:27.0296 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/01/21 17:33:27.0437 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/01/21 17:33:27.0515 CtClsFlt (b27d15c551a6678137c6b751b160756d) C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys
2011/01/21 17:33:27.0687 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/01/21 17:33:27.0718 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/01/21 17:33:27.0843 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/21 17:33:27.0906 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/21 17:33:28.0062 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/21 17:33:28.0093 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/21 17:33:28.0156 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/21 17:33:28.0296 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/01/21 17:33:28.0343 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/21 17:33:28.0484 EMSC (a6da3468ffafbdce403ef2973ff03865) C:\WINDOWS\system32\DRIVERS\EMSC.SYS
2011/01/21 17:33:28.0562 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/21 17:33:28.0703 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/01/21 17:33:28.0750 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/21 17:33:28.0781 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/01/21 17:33:28.0890 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/01/21 17:33:28.0937 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/21 17:33:29.0062 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/21 17:33:29.0109 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/01/21 17:33:29.0250 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/21 17:33:29.0312 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/21 17:33:29.0375 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/21 17:33:29.0484 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/01/21 17:33:29.0546 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/21 17:33:29.0703 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/01/21 17:33:29.0734 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/01/21 17:33:29.0843 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/21 17:33:30.0093 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/01/21 17:33:30.0437 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/21 17:33:30.0500 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/01/21 17:33:30.0796 IntcAzAudAddService (cb1113029fae50c685198eabd9885161) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/01/21 17:33:30.0968 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/01/21 17:33:31.0015 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/21 17:33:31.0093 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/01/21 17:33:31.0171 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/21 17:33:31.0218 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/21 17:33:31.0328 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/21 17:33:31.0406 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/21 17:33:31.0453 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/21 17:33:31.0531 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/21 17:33:31.0640 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/21 17:33:31.0734 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/21 17:33:31.0812 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/21 17:33:31.0937 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/21 17:33:32.0046 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/21 17:33:32.0171 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/21 17:33:32.0265 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/01/21 17:33:32.0421 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/21 17:33:32.0484 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/21 17:33:32.0593 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/21 17:33:32.0687 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/01/21 17:33:32.0828 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/21 17:33:32.0921 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/21 17:33:33.0031 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/21 17:33:33.0125 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/21 17:33:33.0203 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/21 17:33:33.0281 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/21 17:33:33.0390 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/21 17:33:33.0468 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/01/21 17:33:33.0546 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/21 17:33:33.0625 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/01/21 17:33:33.0750 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/21 17:33:33.0828 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/01/21 17:33:33.0921 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/21 17:33:33.0968 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/21 17:33:34.0046 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/21 17:33:34.0093 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/21 17:33:34.0187 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/21 17:33:34.0234 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/21 17:33:34.0406 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/21 17:33:34.0468 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/21 17:33:34.0578 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/21 17:33:34.0625 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/21 17:33:34.0718 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/21 17:33:34.0828 OA012Afx (aff089842ba83be89e51d7ea0aa09e53) C:\WINDOWS\system32\Drivers\OA012Afx.sys
2011/01/21 17:33:34.0906 OA012Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\WINDOWS\system32\DRIVERS\OA012Ufd.sys
2011/01/21 17:33:34.0984 OA012Vid (71346423b584daa06ea26e0bd2cb67c2) C:\WINDOWS\system32\DRIVERS\OA012Vid.sys
2011/01/21 17:33:35.0156 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/01/21 17:33:35.0187 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/21 17:33:35.0234 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/21 17:33:35.0406 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/21 17:33:35.0656 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/21 17:33:35.0734 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/21 17:33:36.0000 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/01/21 17:33:36.0109 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/01/21 17:33:36.0203 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/21 17:33:36.0375 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/21 17:33:36.0421 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/21 17:33:36.0484 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/01/21 17:33:36.0593 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/01/21 17:33:36.0640 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/01/21 17:33:36.0671 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/01/21 17:33:36.0796 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/01/21 17:33:36.0843 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/21 17:33:36.0953 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/21 17:33:36.0984 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/21 17:33:37.0031 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/21 17:33:37.0140 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/21 17:33:37.0203 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/21 17:33:37.0359 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/21 17:33:37.0421 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/21 17:33:37.0500 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/21 17:33:37.0609 RSUSBSTOR (7ffa9821b1c5e0e0667e0a2685cfb89f) C:\WINDOWS\system32\Drivers\RtsUStor.sys
2011/01/21 17:33:37.0656 RTLE8023xp (6e7470477d08f6e47e91016d6a1c5a5f) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/01/21 17:33:37.0750 s217bus (0266151de3f36429f6ac3c4b28085061) C:\WINDOWS\system32\DRIVERS\s217bus.sys
2011/01/21 17:33:37.0859 s217mdfl (a43c0af0e46be7ef0c7e8ccf0f058600) C:\WINDOWS\system32\DRIVERS\s217mdfl.sys
2011/01/21 17:33:37.0921 s217mdm (005f5ded1ed8f8a9d2399d765ead20f1) C:\WINDOWS\system32\DRIVERS\s217mdm.sys
2011/01/21 17:33:38.0031 s217obex (0f9f4045799afb66b85eef999d0609ec) C:\WINDOWS\system32\DRIVERS\s217obex.sys
2011/01/21 17:33:38.0125 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/01/21 17:33:38.0156 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/01/21 17:33:38.0281 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/21 17:33:38.0375 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/01/21 17:33:38.0515 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/21 17:33:38.0671 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/01/21 17:33:38.0734 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/01/21 17:33:38.0906 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/01/21 17:33:38.0953 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/21 17:33:39.0078 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/21 17:33:39.0156 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/21 17:33:39.0328 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/01/21 17:33:39.0375 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/21 17:33:39.0421 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/21 17:33:39.0546 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/01/21 17:33:39.0593 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/01/21 17:33:39.0625 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/01/21 17:33:39.0656 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/01/21 17:33:39.0703 SynTP (a10d781153bb23036b474ffedb448266) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/01/21 17:33:39.0843 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/21 17:33:39.0937 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/21 17:33:40.0062 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/21 17:33:40.0093 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/21 17:33:40.0234 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/21 17:33:40.0296 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/01/21 17:33:40.0406 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/21 17:33:40.0500 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/01/21 17:33:40.0640 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/21 17:33:40.0859 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/21 17:33:40.0921 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/21 17:33:41.0031 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/21 17:33:41.0093 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/21 17:33:41.0140 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/21 17:33:41.0296 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/21 17:33:41.0375 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/01/21 17:33:41.0453 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/21 17:33:41.0640 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/01/21 17:33:41.0703 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/01/21 17:33:41.0750 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/21 17:33:41.0890 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/21 17:33:41.0968 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/01/21 17:33:42.0125 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/21 17:33:42.0375 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/01/21 17:33:42.0453 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/01/21 17:33:42.0578 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/21 17:33:42.0625 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/21 17:33:42.0734 ================================================================================
2011/01/21 17:33:42.0734 Scan finished
2011/01/21 17:33:42.0734 ================================================================================
2011/01/21 17:34:24.0593 Deinitialize success

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:42 AM

Posted 21 January 2011 - 07:02 PM

The TDSSKiller report shows no infection so let's run DDS again and post the log.
Posted Image
m0le is a proud member of UNITE

#8 tonybiker

tonybiker
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 21 January 2011 - 08:16 PM

DDS (Ver_10-12-12.02) - NTFSx86
Run by Liam Crank at 1:11:37.04 on 22/01/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.577 [GMT 0:00]

AV: Antivirus *Enabled/Outdated* {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OA012Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\WSED\WSED.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\Program Files\CapsLKNotify\CapsLKNotify.exe
C:\Program Files\Dell\Dell Datasafe Online\NOBuClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Liam Crank\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8075
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\vopynyga‹üm™ëcldxggvs.exe\cldxggvs.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Messenger Plus Live Toolbar: {9b339f6e-ddcd-401b-8764-230adbd01761} - c:\program files\messenger_plus_live\tbMes2.dll
BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - AVG Security Toolbar BHO
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Messenger Plus Live Toolbar: {9b339f6e-ddcd-401b-8764-230adbd01761} - c:\program files\messenger_plus_live\tbMes2.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} -
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {51D37496-C262-4D13-A8C1-C93E59BF50B9} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware.exe] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OA012Mon] c:\windows\OA012Mon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [WSED] c:\program files\wsed\WSED.exe
mRun: [BTMeter] c:\program files\battery meter\BTMeter.exe
mRun: [CapsLKNotify] c:\program files\capslknotify\CapsLKNotify.exe
mRun: [Dell DataSafe Online] c:\program files\dell\dell datasafe online\NOBuClient.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: facebook.com\www
Trusted Zone: google.co.uk\www
Trusted Zone: microsoft.com\windowsupdate
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\liamcr~1\applic~1\mozilla\firefox\profiles\efio1grz.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-10-22 14248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 NOBU;Dell DataSafe Online;c:\program files\dell\dell datasafe online\NOBuAgent.exe [2010-10-20 2075480]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-10-22 143840]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [2009-10-22 135168]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [2009-10-22 133632]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [2009-10-22 272032]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-10-22 162816]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-10-22 1684736]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]

=============== Created Last 30 ================

2011-01-22 00:56:35 115727 ----a-w- c:\windows\Explorermgr.exe
2011-01-21 22:57:41 -------- d-----w- c:\docume~1\liamcr~1\applic~1\Uniblue
2011-01-21 22:57:26 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\~0
2011-01-21 22:57:21 -------- d-----w- c:\program files\Uniblue
2011-01-21 22:57:06 -------- d-----w- c:\docume~1\liamcr~1\locals~1\applic~1\PackageAware
2011-01-19 16:16:02 -------- d-----w- C:\spoolerlogs
2011-01-15 05:24:51 -------- d-----w- c:\windows\pss
2011-01-15 04:46:44 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-01-15 04:46:44 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-12 19:57:14 -------- d-----w- c:\docume~1\liamcr~1\applic~1\Acfie
2011-01-12 14:53:33 -------- d-----w- c:\docume~1\liamcr~1\applic~1\Oldeo
2011-01-12 14:53:33 -------- d-----w- c:\docume~1\liamcr~1\applic~1\Isofov
2011-01-12 03:14:00 -------- d-----w- c:\program files\Visiosonic
2011-01-12 03:00:40 -------- d-----w- c:\program files\uTorrent
2011-01-12 02:59:29 -------- d-----w- c:\docume~1\liamcr~1\applic~1\uTorrent
2011-01-12 02:51:07 -------- d-----w- c:\program files\Dell Support Center
2011-01-11 23:05:20 -------- d-----w- c:\docume~1\liamcr~1\applic~1\Yrbef
2011-01-11 23:05:20 -------- d-----w- c:\docume~1\liamcr~1\applic~1\Wemyyd
2011-01-11 21:14:51 -------- d-----w- c:\docume~1\liamcr~1\applic~1\Uvyx
2011-01-11 21:14:51 -------- d-----w- c:\docume~1\liamcr~1\applic~1\Fehoe
2011-01-11 19:29:42 -------- d-----w- c:\windows\SxsCaPendDel
2011-01-11 16:11:24 -------- d-----w- c:\docume~1\liamcr~1\applic~1\Husy
2011-01-11 16:11:11 -------- d-----w- c:\program files\ertw
2011-01-11 05:04:11 -------- d-----w- c:\docume~1\liamcr~1\applic~1\Malwarebytes
2011-01-11 03:35:44 -------- d-----w- c:\docume~1\liamcr~1\applic~1\PCDr
2011-01-11 02:24:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-11 02:24:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-11 02:24:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-11 02:24:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-11 01:51:16 -------- d--h--w- c:\windows\PIF
2011-01-10 23:09:11 -------- d-----w- c:\docume~1\liamcr~1\applic~1\IObit
2011-01-10 23:07:45 -------- d-----w- c:\docume~1\liamcr~1\applic~1\SUPERAntiSpyware.com
2011-01-10 22:25:19 -------- d-----w- c:\program files\IObit
2011-01-10 22:14:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-01-10 22:13:50 -------- d-----w- c:\program files\SUPERAntiSpyware

==================== Find3M ====================

2010-11-25 21:45:47 0 ----a-w- c:\windows\Fpokamaga.bin

============= FINISH: 1:12:26.65 ===============

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:42 AM

Posted 21 January 2011 - 08:24 PM

Yeah, that's gone. Please run OTL so we can take a look at what else the infection left behind.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#10 tonybiker

tonybiker
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 21 January 2011 - 08:51 PM

OTL Extras logfile created on: 22/01/2011 01:46:22 - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Documents and Settings\Liam Crank\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 614.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 126.94 Gb Free Space | 85.19% Space Free | Partition Type: NTFS

Computer Name: D9DYBRK1 | User Name: Liam Crank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Dell\Dell Datasafe Online\NOBuClient.exe" = C:\Program Files\Dell\Dell Datasafe Online\NOBuClient.exe:*:Enabled:Dell DataSafe Online Service -- (Dell, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{053E51D3-885D-425C-9586-EA5183C4C688}" = Function Keys
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5AD96CF5-2627-4F29-9D2D-72FCD85F6355}" = AVG 2011
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A23061AF-5361-433C-B7F0-CE5F79A22C49}" = AVG 2011
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6CB6126-D120-4FB5-9D1B-E2E19003E66C}" = WSED
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA012" = Integrated Webcam Driver (1.02.02.0403)
"Dell Support Center" = Dell Support Center
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"InstallShield_{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger_Plus_Live Toolbar" = Messenger_Plus_Live Toolbar
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"PCDJ Red" = PCDJ Red
"Smart Defrag_is1" = Smart Defrag
"SynTPDeinstKey" = Dell Touchpad
"uTorrent" = µTorrent
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/01/2011 13:11:56 | Computer Name = D9DYBRK1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 21/01/2011 13:25:13 | Computer Name = D9DYBRK1 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 21/01/2011 13:28:46 | Computer Name = D9DYBRK1 | Source = Bonjour Service | ID = 100
Description = 280: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 21/01/2011 18:11:55 | Computer Name = D9DYBRK1 | Source = MSDTC | ID = 4163
Description = MS DTC log file not found. After ensuring that all Resource Managers
coordinated by MS DTC have no indoubt transactions, please run msdtc -resetlog
to create the log fil

Error - 21/01/2011 18:11:55 | Computer Name = D9DYBRK1 | Source = MSDTC | ID = 4185
Description = MS DTC Transaction Manager start failed. LogInit returned error 0x

Error - 21/01/2011 18:11:55 | Computer Name = D9DYBRK1 | Source = MSDTC | ID = 4112
Description = Could not start the MS DTC Transaction Manage

Error - 21/01/2011 18:11:55 | Computer Name = D9DYBRK1 | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d01

Error - 21/01/2011 18:33:14 | Computer Name = D9DYBRK1 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 21/01/2011 18:44:12 | Computer Name = D9DYBRK1 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 21/01/2011 20:59:22 | Computer Name = D9DYBRK1 | Source = Application Error | ID = 1000
Description = Faulting application registrybooster.exe, version 0.0.0.0, faulting
module , version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 11/01/2011 15:41:12 | Computer Name = D9DYBRK1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/01/2011 15:41:12 | Computer Name = D9DYBRK1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/01/2011 15:41:12 | Computer Name = D9DYBRK1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/01/2011 15:41:12 | Computer Name = D9DYBRK1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/01/2011 15:41:12 | Computer Name = D9DYBRK1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/01/2011 15:41:12 | Computer Name = D9DYBRK1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/01/2011 15:41:12 | Computer Name = D9DYBRK1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/01/2011 15:41:13 | Computer Name = D9DYBRK1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/01/2011 15:41:13 | Computer Name = D9DYBRK1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/01/2011 15:41:13 | Computer Name = D9DYBRK1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >

OTL logfile created on: 22/01/2011 01:46:22 - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Documents and Settings\Liam Crank\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 614.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 126.94 Gb Free Space | 85.19% Space Free | Partition Type: NTFS

Computer Name: D9DYBRK1 | User Name: Liam Crank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Liam Crank\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
PRC - C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\WINDOWS\OA012Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\WSED\WSED.exe (Dell)
PRC - C:\Program Files\CapsLKNotify\CapsLKNotify.exe (Compal Electronics, Inc)
PRC - C:\Program Files\Battery Meter\BTMeter.exe (Dell)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Liam Crank\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (wltrysvc) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (NOBU) -- C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (PCDSRVC{E9D79540-57D5953E-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (OA012Ufd) -- C:\WINDOWS\system32\drivers\OA012Ufd.sys (Creative Technology Ltd.)
DRV - (OA012Vid) -- C:\WINDOWS\system32\drivers\OA012Vid.sys (Creative Technology Ltd.)
DRV - (OA012Afx) -- C:\WINDOWS\system32\drivers\OA012Afx.sys (Creative Technology Ltd.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (CtClsFlt) -- C:\WINDOWS\system32\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (EMSC) -- C:\WINDOWS\system32\DRIVERS\EMSC.SYS (Windows ® Codename Longhorn DDK provider)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (s217obex) -- C:\WINDOWS\system32\drivers\s217obex.sys (MCCI Corporation)
DRV - (s217mdm) -- C:\WINDOWS\system32\drivers\s217mdm.sys (MCCI Corporation)
DRV - (s217bus) Sony Ericsson Device 217 driver (WDM) -- C:\WINDOWS\system32\drivers\s217bus.sys (MCCI Corporation)
DRV - (s217mdfl) -- C:\WINDOWS\system32\drivers\s217mdfl.sys (MCCI Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.uk.msn.com/USCON/2

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8075

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/11 19:01:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/11 19:01:01 | 000,000,000 | ---D | M]

[2011/01/11 19:01:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Liam Crank\Application Data\Mozilla\Extensions
[2011/01/11 19:01:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Liam Crank\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/01/11 19:01:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Liam Crank\Application Data\Mozilla\Firefox\Profiles\efio1grz.default\extensions
[2011/01/11 19:01:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/11 19:01:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/12/03 19:43:55 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/12/03 19:43:55 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/12/03 19:43:55 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/12/03 17:47:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/03 17:47:02 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/12/03 17:47:02 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/03 17:47:02 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/12/03 17:47:02 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/03 17:47:02 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/12/03 17:47:02 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/12/03 17:47:02 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2008/04/14 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMes2.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Value error. File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMes2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live Toolbar) - {9B339F6E-DDCD-401B-8764-230ADBD01761} - C:\Program Files\Messenger_Plus_Live\tbMes2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe (Dell)
O4 - HKLM..\Run: [CapsLKNotify] C:\Program Files\CapsLKNotify\CapsLKNotify.exe (Compal Electronics, Inc)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [OA012Mon] C:\WINDOWS\OA012Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [WSED] C:\Program Files\WSED\WSED.exe (Dell)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware.exe] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DISABLETASKMGR = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: google.co.uk ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Value error. File not found
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Value error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\voPYNYGA‹üm™Ëcldxggvs.exe\cldxggvs.exe) - C:\Program Files\voPYNYGA‹üm™Ëcldxggvs.exe\cldxggvs.exe File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Liam Crank\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Liam Crank\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/26 01:45:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/22 01:43:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Liam Crank\Desktop\OTL.exe
[2011/01/22 00:56:35 | 000,115,727 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\Explorermgr.exe
[2011/01/21 22:57:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\Application Data\Uniblue
[2011/01/21 22:57:21 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/01/21 22:57:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\Local Settings\Application Data\PackageAware
[2011/01/19 16:16:02 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2011/01/15 05:24:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/01/12 19:57:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\Application Data\Acfie
[2011/01/12 14:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\Application Data\Oldeo
[2011/01/12 14:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\Application Data\Isofov
[2011/01/12 03:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\Start Menu\Programs\Visiosonic
[2011/01/12 03:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\My Documents\PCDJ Recordcase
[2011/01/12 03:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\Visiosonic
[2011/01/12 03:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\My Documents\PC SET UP FILES
[2011/01/12 03:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/01/12 02:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\Application Data\uTorrent
[2011/01/12 02:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Support Center
[2011/01/12 02:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2011/01/12 00:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell DataSafe Online
[2011/01/12 00:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\My Documents\Mcafee serial liam
[2011/01/11 23:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag
[2011/01/11 23:05:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\Application Data\Yrbef
[2011/01/11 23:05:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\Application Data\Wemyyd
[2011/01/11 21:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\Application Data\Uvyx
[2011/01/11 21:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\Application Data\Fehoe
[2011/01/11 19:29:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/01/11 19:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/01/11 19:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\My Documents\Downloads
[2011/01/11 19:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\Local Settings\Application Data\Mozilla
[2011/01/11 19:01:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\Application Data\Mozilla
[2011/01/11 19:01:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/01/11 19:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/01/11 16:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\Application Data\Husy
[2011/01/11 16:11:11 | 000,000,000 | ---D | C] -- C:\Program Files\ertw
[2011/01/11 05:04:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\Application Data\Malwarebytes
[2011/01/11 03:35:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\Application Data\PCDr
[2011/01/11 02:24:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/11 02:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/11 02:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/11 02:24:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/11 02:24:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/11 01:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/01/10 23:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\Application Data\IObit
[2011/01/10 23:07:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\Application Data\SUPERAntiSpyware.com
[2011/01/10 22:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/01/10 22:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/01/10 22:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/01/10 22:13:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

========== Files - Modified Within 30 Days ==========

[2011/01/22 01:42:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/22 01:42:18 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/22 01:41:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Liam Crank\Desktop\OTL.exe
[2011/01/22 00:56:35 | 000,115,727 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\Explorermgr.exe
[2011/01/22 00:01:29 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B80D3811-897E-475E-9CD9-53C6703A5EB8}.job
[2011/01/21 22:44:17 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2011/01/21 22:25:40 | 000,182,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/21 17:27:22 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2011/01/21 17:08:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/18 18:27:54 | 000,464,078 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/18 18:27:54 | 000,079,188 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/15 05:58:40 | 000,000,210 | -HS- | M] () -- C:\boot.ini
[2011/01/12 22:17:35 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2011/01/12 03:14:02 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\Liam Crank\Desktop\PCDJ Red.lnk
[2011/01/12 03:00:40 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2011/01/12 00:41:23 | 000,001,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell DataSafe Online.lnk
[2011/01/11 23:59:28 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag.lnk
[2011/01/11 23:58:19 | 000,234,929 | ---- | M] () -- C:\Documents and Settings\Liam Crank\updater.html
[2011/01/11 22:37:46 | 000,002,052 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/01/11 19:01:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/01/11 19:01:05 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\Liam Crank\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/11 19:01:05 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/01/11 06:51:27 | 000,000,433 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/01/11 03:14:47 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/11 02:24:26 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/10 22:14:19 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

========== Files Created - No Company Name ==========

[2011/01/21 21:55:43 | 000,000,432 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B80D3811-897E-475E-9CD9-53C6703A5EB8}.job
[2011/01/17 17:16:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Liam Crank\ebpiscyh.log
[2011/01/16 21:45:23 | 000,031,930 | ---- | C] () -- C:\Documents and Settings\Liam Crank\qjspehky.log
[2011/01/16 21:45:23 | 000,003,936 | ---- | C] () -- C:\Documents and Settings\Liam Crank\vjndpdnj.log
[2011/01/16 21:45:23 | 000,000,472 | ---- | C] () -- C:\Documents and Settings\Liam Crank\pceqxumf.log
[2011/01/12 03:47:56 | 000,216,144 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/12 03:14:02 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\Liam Crank\Desktop\PCDJ Red.lnk
[2011/01/12 03:00:40 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2011/01/12 02:51:45 | 000,000,564 | ---- | C] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2011/01/12 02:51:44 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2011/01/12 00:41:23 | 000,001,713 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dell DataSafe Online.lnk
[2011/01/11 23:59:33 | 000,000,394 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2011/01/11 23:59:28 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag.lnk
[2011/01/11 20:05:15 | 000,002,052 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/01/11 19:01:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/11 19:01:05 | 000,001,622 | ---- | C] () -- C:\Documents and Settings\Liam Crank\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/11 19:01:05 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/01/11 06:57:02 | 000,234,929 | ---- | C] () -- C:\Documents and Settings\Liam Crank\updater.html
[2011/01/11 05:28:47 | 1063,702,528 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/11 02:24:26 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/11 01:03:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/10 22:14:19 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/10/22 22:17:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/10/22 22:13:47 | 000,001,203 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/10/22 20:14:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/10/22 19:47:18 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\EMSC.DLL
[2009/10/22 19:46:15 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/10/22 19:46:13 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/04/26 01:42:57 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 13:39:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/09/27 15:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 15:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 15:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== LOP Check ==========

[2011/01/10 23:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/02 16:23:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/02 16:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/01/12 02:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2009/10/22 19:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista32
[2009/10/22 19:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista64
[2009/10/22 19:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XP32
[2010/09/11 07:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/02 13:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/01/12 19:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Acfie
[2010/11/02 16:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\AVG10
[2011/01/11 23:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Fehoe
[2011/01/12 17:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Fopu
[2011/01/11 16:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Husy
[2010/12/21 22:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Icteo
[2011/01/11 23:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\IObit
[2010/12/20 22:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Ipaha
[2011/01/12 14:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Isofov
[2010/11/02 16:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Iwqi
[2010/12/20 21:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Lamoyf
[2011/01/10 22:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Obuxo
[2011/01/12 15:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Oldeo
[2011/01/12 02:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\PCDr
[2010/12/17 13:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Quoh
[2011/01/10 22:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Seyz
[2011/01/10 22:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Ulhiz
[2011/01/21 22:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Uniblue
[2011/01/17 21:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\uTorrent
[2011/01/12 17:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Uvyx
[2011/01/11 23:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Wemyyd
[2009/10/22 19:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Windows Desktop Search
[2009/12/25 07:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Windows Search
[2011/01/10 22:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Yqex
[2011/01/12 17:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Yrbef
[2010/11/01 16:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Yzvo
[2011/01/11 05:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Zacuo
[2011/01/21 22:44:17 | 000,000,564 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/01/12 22:17:35 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2011/01/21 17:27:22 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job
[2011/01/22 00:01:29 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B80D3811-897E-475E-9CD9-53C6703A5EB8}.job

========== Purity Check ==========



< End of report >

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:42 AM

Posted 22 January 2011 - 09:00 PM

Open OTL

Note: There are a list of folders here which are malware folders. If you recognise any of them as legitimate (some folder names look suspicious but are just funnily named folders) then please remove them before running the script. Please let me know if this happens.

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8075
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: UserInit - (C:\Program Files\voPYNYGA‹üm™Ëcldxggvs.exe\cldxggvs.exe) - C:\Program Files\voPYNYGA‹üm™Ëcldxggvs.exe\cldxggvs.exe File not found
[2011/01/12 19:57:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\Application Data\Acfie
[2011/01/11 21:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\Application Data\Fehoe
[2011/01/12 17:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Fopu
[2010/12/20 22:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Ipaha
[2011/01/12 14:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Isofov
[2010/11/02 16:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Iwqi
[2010/12/20 21:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Lamoyf
[2011/01/10 22:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Obuxo
[2011/01/12 14:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\Application Data\Oldeo
[2011/01/12 02:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\PCDr
[2010/12/17 13:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Quoh
[2011/01/10 22:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Seyz
[2011/01/10 22:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Ulhiz
[2011/01/11 23:05:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\Application Data\Yrbef
[2011/01/11 23:05:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\Application Data\Wemyyd
[2011/01/11 21:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\Application Data\Uvyx
[2011/01/10 22:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Yqex
[2011/01/11 16:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Liam Crank\Application Data\Husy
[2011/01/11 05:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Liam Crank\Application Data\Zacuo
[2011/01/11 16:11:11 | 000,000,000 | ---D | C] -- C:\Program Files\ertw
[2011/01/17 17:16:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Liam Crank\ebpiscyh.log
[2011/01/16 21:45:23 | 000,031,930 | ---- | C] () -- C:\Documents and Settings\Liam Crank\qjspehky.log
[2011/01/16 21:45:23 | 000,003,936 | ---- | C] () -- C:\Documents and Settings\Liam Crank\vjndpdnj.log
[2011/01/16 21:45:23 | 000,000,472 | ---- | C] () -- C:\Documents and Settings\Liam Crank\pceqxumf.log
[2011/01/22 00:01:29 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B80D3811-897E-475E-9CD9-53C6703A5EB8}.job
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Posted Image
m0le is a proud member of UNITE

#12 tonybiker

tonybiker
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 23 January 2011 - 10:39 PM

Hi.

Many thanks for your continued help. I have followed the instructions. It did not ask for a reboot and just said successful. Log as requested.

Regards,

Tony

========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Program Files\voPYNYGA‹üm™Ëcldxggvs.exe\cldxggvs.exe deleted successfully.
C:\Documents and Settings\Liam Crank\Application Data\Acfie folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\Fehoe folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\Fopu folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\Ipaha folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\Isofov folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\Iwqi folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\Lamoyf folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\Obuxo folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\Oldeo folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\PCDr\Update\Rules\b9452ad1-6f5a-49ba-992e-707527cf3697\DellSignedAppUpdaterRules folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\PCDr\Update\Rules\b9452ad1-6f5a-49ba-992e-707527cf3697 folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\PCDr\Update\Rules\9e2939c6-b7c8-4661-b4b4-f2609c9ded09\DellSignedAppUpdaterRules folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\PCDr\Update\Rules\9e2939c6-b7c8-4661-b4b4-f2609c9ded09 folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\PCDr\Update\Rules\8e08d3b6-bb87-40fe-87c1-150ef236767a\DellSignedAppUpdaterRules folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\PCDr\Update\Rules\8e08d3b6-bb87-40fe-87c1-150ef236767a folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\PCDr\Update\Rules\8ccc7253-b17e-4aaa-a6f2-834a2e55bf0e\DellSignedAppUpdaterRules folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\PCDr\Update\Rules\8ccc7253-b17e-4aaa-a6f2-834a2e55bf0e folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\PCDr\Update\Rules\138c073f-c3cf-4d23-b4fa-af3de86123bf\DellSignedAppUpdaterRules folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\PCDr\Update\Rules\138c073f-c3cf-4d23-b4fa-af3de86123bf folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\PCDr\Update\Rules\09f08f3b-c398-4f96-acb5-f7400f2c54d9\DellSignedAppUpdaterRules folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\PCDr\Update\Rules\09f08f3b-c398-4f96-acb5-f7400f2c54d9 folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\PCDr\Update\Rules folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\PCDr\Update\Logs folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\PCDr\Update\Binaries folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\PCDr\Update folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\PCDr\Installer\Logs folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\PCDr\Installer folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\PCDr folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\Quoh folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\Seyz folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\Ulhiz folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\Yrbef folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\Wemyyd folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\Uvyx folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\Yqex folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\Husy folder moved successfully.
C:\Documents and Settings\Liam Crank\Application Data\Zacuo folder moved successfully.
C:\Program Files\ertw folder moved successfully.
C:\Documents and Settings\Liam Crank\ebpiscyh.log moved successfully.
C:\Documents and Settings\Liam Crank\qjspehky.log moved successfully.
C:\Documents and Settings\Liam Crank\vjndpdnj.log moved successfully.
C:\Documents and Settings\Liam Crank\pceqxumf.log moved successfully.
C:\WINDOWS\Tasks\User_Feed_Synchronization-{B80D3811-897E-475E-9CD9-53C6703A5EB8}.job moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.20.3 log created on 01242011_033536

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:42 AM

Posted 24 January 2011 - 02:10 PM

It got everything we wanted. Please run MBAM next

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#14 tonybiker

tonybiker
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 24 January 2011 - 05:01 PM

Hi.

Thank you for your continued help with this. I have followed the instructions and ran Malwarebytes 3 times and 3 issues come up each time. I have copied both reports for your thoughts. I have updated the software as instructed.

Regards,

Tony

FIRST SCAN

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5590

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24/01/2011 19:09:16
mbam-log-2011-01-24 (19-09-16).txt

Scan type: Full scan (C:\|)
Objects scanned: 204269
Time elapsed: 33 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\liam crank\start menu\programs\startup\cldxggvs.exe (Spyware.Passwords.XGen) -> Delete on reboot.
c:\program files\vopynyga‹üm™ëcldxggvs.exe\cldxggvs.exe (Spyware.Passwords.XGen) -> Delete on reboot.
c:\WINDOWS\explorermgr.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

2ND SCAN

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5591

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24/01/2011 21:56:06
mbam-log-2011-01-24 (21-56-06).txt

Scan type: Full scan (C:\|)
Objects scanned: 204354
Time elapsed: 34 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\liam crank\start menu\programs\startup\cldxggvs.exe (Spyware.Passwords.XGen) -> Delete on reboot.
c:\program files\vopynyga‹üm™ëcldxggvs.exe\cldxggvs.exe (Spyware.Passwords.XGen) -> Delete on reboot.
c:\WINDOWS\explorermgr.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:42 AM

Posted 24 January 2011 - 07:21 PM

We'd better go in harder then.

Please run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users