Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Had system tool trojan and used combo fix


  • This topic is locked This topic is locked
29 replies to this topic

#1 charliescorpio

charliescorpio

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:29 AM

Posted 06 March 2011 - 09:57 PM

EDIT: member had issues trying to post a DDS log,so I advised to post an OTL and will edit and merge this topic~~boopme

To whom it may concern,

I had the system tool Trojan on one of my desktops but i have another desktop i could still use so i googled a fic and came to this site , i used a mixture or rkill mbam and combofix from the post i read but , for what ever reason it keeps coming back again and again , so i figured it was was because i missed out a step by not deleting combofix , but when i try to do that it wont let me . Reading further into combofix i belatedly realized i may just of royally screwed up. BUT my computer for the past day has been working fine . Im' utterly bewildered . Any advice would be much appreciated .

Yours

Charlie

Amendment no actually system tool is baack what is going on im so confused >(cry for help)
*******EDIT 2; Cut most of gibberish DDS log so you could at least see what they were getting

Thank you for you assistance its much appriciated,
bacically i've tried to compile a dds file but after the black box appears, it throws up another box say this pev file annot be open and asks me to choose a programe so when i choose notebook this is what is displayed

MZ   ÿÿ ¸ @ ð º ´ Í!¸LÍ!This program cannot be run in DOS mode.

$ ·‘Ú›óð´Èóð´Èóð´Èúˆ!Èéð´Èúˆ0ȶð´Èúˆ7È]ð´ÈÔ6ÙÈðð´ÈÔ6ÏÈàð´ÈóðµÈ\ð´Èúˆ>ÈÃð´Èúˆ%Èòð´ÈRichóð´È PE L ”éÐK à  
n   0
@     
 âÆ  @      d⠏ à ½
 .text Ð  Ò  PEC2]O à.rsrc à  Ö à.reloc 
 è @ À ¸`ïL Pdÿ5 d‰% 3À‰PECompact2 Õ@š› Ȳ,ÚÚ^ÿЄ?šÛ€nØF˜
ž§“êá 0@.‚t"Ä×͏©2„{¹Kû!Ÿ«ŠÁ¿½¸T¶q໸ujŽ©Óqםr×ç=2ªqñ¡utX”¢Ä¬ï©(I±œï¸QU?va0_„e;h§ˆÎ+@ä(1KEÿ@)ÒªgãÁ¯+ÝdVm`—»P¤ÞÄ{ëìÑãE›¿ØÐÕŸ# ÑO[$ŽÊcÖÙ<šŒ D‡™á3­§ÃšìÕ±hãÆÐÝHß0«„µõfTù¶Ü¤¦’øŒµ~QÐ§Ê eØûqF*Ÿ-‚§Oð`Pü ¿áO#ä ȀÈÞÉÙ?›{«0LCûT²s÷¼ú¦“©ž·H*…›o¼}‰˜ò·òo•R4Fßf„Ñ^r!YV–ù®Û]£àfx bñžŠôÀ¡¹åƒ?w…Èç†Ø‚ßjXÁöÿlãiÏC ÛTÒå#.œ BÒÊ*õÙÒ;äúsãl~qt¦í!ôŽp?PuÚc÷ÙÝkðÞª¨ƒƒ2ͱ€VrRv¨âµ‡Ú
¥!nŠ7 2¯@JÛ•óà…+5Ÿ<©Ã}2³õÿˆ[ Ñù*÷K)R‰Æy=¢Ü•U¯·Â““Z€šX)¤

???

I hope im posting in the write place now
OTL logfile

created on: 07/03/2011 16:48:21 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\sara\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50.00 Gb Total Space | 3.82 Gb Free Space | 7.65% Space Free | Partition Type: NTFS
Drive D: | 248.09 Gb Total Space | 114.29 Gb Free Space | 46.07% Space Free | Partition Type: NTFS
Drive H: | 7.38 Gb Total Space | 6.11 Gb Free Space | 82.79% Space Free | Partition Type: FAT32

Computer Name: RAFE | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/07 16:47:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\sara\Desktop\OTL.exe
PRC - [2011/02/15 14:59:24 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/01 06:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/07/12 16:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/12/02 15:48:32 | 002,521,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
PRC - [2009/11/18 14:42:05 | 000,208,616 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
PRC - [2009/04/30 10:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/23 13:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2009/02/03 13:22:18 | 001,004,544 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe
PRC - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/25 15:56:44 | 001,351,680 | ---- | M] () -- C:\Program Files\Hotkey\Hotkey.exe
PRC - [2008/07/10 14:04:14 | 000,036,864 | ---- | M] () -- C:\Program Files\Hotkey\PowerBiosServer.exe
PRC - [2008/07/04 02:03:18 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2008/07/04 01:44:46 | 000,278,792 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2008/03/26 05:21:30 | 005,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/03/25 15:46:32 | 000,077,824 | ---- | M] (mychat) -- C:\Windows\BisonCam\BisonHK.exe
PRC - [2008/03/18 01:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/03/11 17:08:50 | 000,053,248 | ---- | M] (Bison Inc.) -- C:\Windows\BisonCam\DeLay.exe
PRC - [2008/01/22 17:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/05/28 16:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007/02/22 18:32:12 | 000,118,784 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
PRC - [2007/02/16 19:40:50 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
PRC - [2007/01/17 06:34:00 | 000,634,880 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe


========== Modules (SafeList) ==========

MOD - [2011/03/07 16:47:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\sara\Desktop\OTL.exe
MOD - [2010/08/31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/18 14:42:05 | 000,208,616 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP)
SRV - [2009/04/30 10:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/10 14:04:14 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotkey\PowerBiosServer.exe -- (PowerBiosServer)
SRV - [2008/01/22 17:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/28 16:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/02/16 19:40:50 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) [Auto | Running] -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service)


========== Driver Services (SafeList) ==========

DRV - [2009/11/18 14:42:05 | 000,239,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2009/11/18 14:42:05 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\Windows\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/02/10 14:38:00 | 007,547,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/01/22 22:43:54 | 000,052,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/07/21 17:34:36 | 000,121,872 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2008/07/09 17:28:26 | 000,020,496 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2008/05/23 20:31:28 | 000,869,032 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008/05/20 20:36:12 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/04/11 09:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/03/26 06:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\heci.sys -- (HECI) Intel®
DRV - [2008/03/13 18:02:46 | 000,026,640 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klfltdev.sys -- (KLFLTDEV)
DRV - [2008/02/14 06:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/01/17 06:38:00 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:33440

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.2.5.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/15 14:59:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/15 14:59:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2009/11/18 14:05:25 | 000,000,000 | ---D | M]

[2010/11/07 22:29:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\mozilla\Extensions
[2011/02/28 23:41:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\55zvfs3a.default\extensions
[2010/11/17 20:31:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\55zvfs3a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/02 23:34:21 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\55zvfs3a.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
[2011/01/02 23:34:20 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\55zvfs3a.default\extensions\engine@conduit.com
[2010/11/07 22:28:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/27 05:24:34 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/10/27 05:24:34 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/10/27 05:24:34 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/10/27 05:24:34 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/03/07 02:24:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (BrotherSoft Extreme Toolbar) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - C:\Program Files\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [BisonHK] C:\Windows\BisonCam\BisonHK.exe (mychat)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DeLay] C:\Windows\BisonCam\DeLay.exe (Bison Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [HotkeyOSD Software] C:\Program Files\Hotkey\HotKey.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\RunOnce: [kNfFbDm06300] C:\ProgramData\kNfFbDm06300\kNfFbDm06300.exe (Корпорация Майкрософт)
O4 - Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Colour Explorer 9,0.lnk = C:\Program Files\MicrolinkPC\CXLOADER.exe (MicrolinkPC)
O4 - Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe (Nuance Communications, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Rafe
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/04/27 10:19:02 | 000,000,274 | ---- | M] () - H:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/03/07 13:31:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/03/07 03:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\kNfFbDm06300
[2011/03/07 02:26:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/03/07 02:26:39 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\temp
[2011/03/07 02:17:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/03/07 02:16:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/28 02:00:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/28 02:00:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/28 02:00:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/28 02:00:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/28 02:00:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/26 10:56:03 | 000,368,640 | ---- | C] (Fujitsu Component Ltd.) -- C:\Users\Dave\AppData\Local\ivepofuy.dll
[2011/02/26 03:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\dAhAeJh08200
[3 D:\Users\Dave\Documents\*.tmp files -> D:\Users\Dave\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/07 16:46:59 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2011/03/07 16:10:59 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3665035613-3020346607-1950311316-1000UA.job
[2011/03/07 15:14:53 | 000,643,598 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/07 15:14:53 | 000,121,764 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/07 14:52:03 | 000,097,184 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/03/07 14:51:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/07 14:51:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/07 14:51:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/07 14:50:47 | 009,626,656 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2011/03/07 14:50:47 | 001,089,568 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.dat
[2011/03/07 14:50:47 | 000,081,528 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2011/03/07 14:50:47 | 000,006,900 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.idx
[2011/03/07 13:39:15 | 000,097,184 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/03/07 02:24:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/06 23:10:59 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3665035613-3020346607-1950311316-1000Core.job
[2011/03/02 20:12:14 | 000,002,103 | ---- | M] () -- C:\Users\Dave\Desktop\Google Chrome.lnk
[2011/03/02 20:12:14 | 000,002,065 | ---- | M] () -- C:\Users\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/02 18:09:59 | 000,000,490 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Dave.job
[2011/02/28 01:57:57 | 000,000,155 | ---- | M] () -- C:\Users\Dave\Desktop\fix.reg
[2011/02/28 01:57:36 | 000,000,155 | ---- | M] () -- D:\Users\Dave\Documents\fix.reg
[2011/02/28 01:51:54 | 004,276,140 | R--- | M] () -- C:\Users\Dave\Desktop\ComboFix.exe
[2011/02/27 02:15:59 | 000,000,134 | ---- | M] () -- C:\Users\Dave\Desktop\hosts-perm.bat
[2011/02/26 21:14:36 | 000,721,324 | ---- | M] () -- C:\Users\Dave\Desktop\rkill.com
[2011/02/26 10:56:09 | 000,368,640 | ---- | M] (Fujitsu Component Ltd.) -- C:\Users\Dave\AppData\Local\ivepofuy.dll
[2011/02/16 21:21:45 | 000,000,120 | ---- | M] () -- C:\Users\Dave\AppData\Local\Jnavehamirol.dat
[2011/02/16 12:40:51 | 000,000,000 | ---- | M] () -- C:\Users\Dave\AppData\Local\Txihesagubin.bin
[2011/02/10 10:45:12 | 000,378,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[3 D:\Users\Dave\Documents\*.tmp files -> D:\Users\Dave\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/28 21:23:05 | 000,721,324 | ---- | C] () -- C:\Users\Dave\Desktop\rkill.com
[2011/02/28 02:00:52 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/28 02:00:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/28 02:00:52 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/28 02:00:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/28 02:00:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/28 01:57:57 | 000,000,155 | ---- | C] () -- C:\Users\Dave\Desktop\fix.reg
[2011/02/28 01:57:36 | 000,000,155 | ---- | C] () -- D:\Users\Dave\Documents\fix.reg
[2011/02/28 01:55:50 | 004,276,140 | R--- | C] () -- C:\Users\Dave\Desktop\ComboFix.exe
[2011/02/27 02:16:32 | 000,000,134 | ---- | C] () -- C:\Users\Dave\Desktop\hosts-perm.bat
[2011/01/27 16:12:05 | 000,016,291 | ---- | C] () -- C:\Users\Dave\AppData\Local\edejikap.dll
[2011/01/25 17:29:08 | 000,000,120 | ---- | C] () -- C:\Users\Dave\AppData\Local\Jnavehamirol.dat
[2011/01/25 17:29:08 | 000,000,000 | ---- | C] () -- C:\Users\Dave\AppData\Local\Txihesagubin.bin
[2010/10/11 14:00:56 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/09/08 00:01:58 | 000,163,827 | ---- | C] () -- C:\Windows\Audio Converter Pro Uninstaller.exe
[2010/06/22 23:25:56 | 000,025,773 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\UserTile.png
[2009/12/29 03:40:12 | 000,097,184 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/12/29 03:40:11 | 000,097,184 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/12/29 03:10:50 | 000,000,552 | ---- | C] () -- C:\Users\Dave\AppData\Local\d3d8caps.dat
[2009/12/26 07:42:24 | 000,087,040 | ---- | C] () -- C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/10 22:27:42 | 000,001,994 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\SAS7_000.DAT
[2009/11/19 09:11:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/19 09:11:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/19 09:10:51 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/11/18 19:30:58 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/11/18 14:37:36 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DM1USBAPIVB.dll
[2009/11/18 14:05:43 | 000,114,243 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2009/11/18 14:05:43 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2009/11/18 14:05:13 | 009,626,656 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2009/11/18 14:05:13 | 001,089,568 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox2.dat
[2009/11/18 13:50:26 | 000,000,189 | ---- | C] () -- C:\Windows\OEM.ini
[2009/11/18 13:50:25 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2009/11/18 11:49:16 | 000,000,029 | ---- | C] () -- C:\Windows\System32\GetWord.ini
[2009/11/18 11:19:37 | 000,131,584 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2009/11/18 11:19:37 | 000,000,803 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-Colour Explorer 9,0.dat
[2009/11/18 10:51:09 | 000,001,356 | ---- | C] () -- C:\Users\Dave\AppData\Local\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/11/11 19:58:54 | 000,025,601 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,378,280 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,643,598 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,121,764 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2009/11/18 11:49:16 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Acapela Group
[2009/11/18 11:11:07 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Appinstaller_2
[2011/01/10 22:46:54 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Azureus
[2010/12/27 23:57:28 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/08/20 01:23:13 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\C31485A70853AA7D12D6451E9E95CF9E
[2010/04/07 05:15:12 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Claro Software
[2010/12/13 00:14:50 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Fenrir
[2011/01/02 23:36:09 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\GetRightToGo
[2009/11/18 11:30:13 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Inspiration Software
[2009/11/18 15:07:14 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Nuance
[2009/11/18 13:54:17 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Protector Suite
[2010/09/08 00:01:57 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\River Past G5
[2010/05/23 02:01:53 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Sony
[2010/05/23 01:51:56 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Sony Setup
[2009/12/29 03:10:13 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\SystemRequirementsLab
[2011/03/07 14:50:25 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/03/07 16:46:59 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 09:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 02:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys
[2008/01/21 02:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/21 02:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 02:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 09:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2008/05/07 16:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\drivers\iaStor.sys
[2008/05/07 16:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1ab0331f\iaStor.sys
[2008/05/07 16:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8e717be2\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 02:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 02:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 06:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 06:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 06:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:F35A93AD

< End of report >

Extra

OTL Extras logfile created on: 07/03/2011 16:48:21 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\sara\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50.00 Gb Total Space | 3.82 Gb Free Space | 7.65% Space Free | Partition Type: NTFS
Drive D: | 248.09 Gb Total Space | 114.29 Gb Free Space | 46.07% Space Free | Partition Type: NTFS
Drive H: | 7.38 Gb Total Space | 6.11 Gb Free Space | 82.79% Space Free | Partition Type: FAT32

Computer Name: RAFE | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0338196A-C3EF-4128-8BB3-0C2E6FE91FB3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0835D922-A155-46E1-9F50-8E9AA01FE82E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{104296BF-A45C-4FF4-8608-C71FCA5003BD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{30F2DCF1-F705-4082-B601-C85CE79993FC}" = rport=138 | protocol=17 | dir=out | app=system |
"{3552841E-68FC-4202-84BF-9871D5C2A074}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3D83E21C-AEBC-4C17-98CD-A187A5CA1B47}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{3F176678-FF7E-43DE-B5B7-14FE1B992596}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{56C383E7-94F9-4C08-9BE8-BEC55418A0C2}" = lport=137 | protocol=17 | dir=in | app=system |
"{60FA98B9-4A1F-425B-91E1-4A01A1816D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{63D651BE-63B4-45DD-A22D-D1F814398F24}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{6B642312-641C-4848-A327-6E76C6AAD0BB}" = rport=137 | protocol=17 | dir=out | app=system |
"{754593F6-3A88-4F91-83AA-063E9B863E00}" = rport=139 | protocol=6 | dir=out | app=system |
"{87D27232-D4A6-4FE3-9449-B8637AEC4805}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A5A9BEEF-5029-4678-A4CD-734AA72998FA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A6BDD165-0E40-4DB2-8612-5500D397A71C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B4E30D3F-732F-4CB8-A12C-DE4E88B1A528}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{BE3331AF-4F63-4808-91B9-6D3172D99AAE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C4F68C45-F457-4E25-B9D6-F4E5AFEDC424}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CB697165-4645-4D54-90CE-2466E0462AA2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{D9775425-64B9-4E9F-9804-D245295D6B42}" = lport=139 | protocol=6 | dir=in | app=system |
"{EFBC8449-6543-4271-82D9-EFF9A2D29906}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F213F65E-F732-4E52-B095-B6BB04960609}" = lport=138 | protocol=17 | dir=in | app=system |
"{F3B7C04A-8307-4630-B052-95BC4E56FA2F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{F83DDBB6-FF34-4CE9-90BD-C01C6EE193B1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FB16BBD2-B004-4166-BB7D-5E339F806B83}" = rport=445 | protocol=6 | dir=out | app=system |
"{FF1AE6A9-2356-44D7-9EB2-B78766DC4E5D}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0006DC57-FE31-498D-A94E-1768FE0BAC5A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0929B8B3-20C6-4CA2-B565-793BC608A600}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0D41F1AB-7202-40CA-A34B-D27E0F374575}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{14B4B802-D9EE-4969-AFCC-37E193ABF816}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{23D7BDF6-5B99-4024-8F72-A539768502C6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{44F63393-2D06-417E-8442-AB4153881092}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4A3BE3A2-5111-4845-9476-59BF1BEE4674}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{51210351-8610-4AED-AD6E-E627CA29672F}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{56B4AD72-4EA2-4752-9975-939EC83AD530}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{616B23FA-85F2-46E4-B88E-26551E2946B9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{72EB1B8A-F1D2-4723-91C0-C0E36392519F}" = protocol=6 | dir=out | app=system |
"{72FD9AB4-A0A0-43D6-A160-68B2F34D2130}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7AD930E6-B048-4C0C-835F-0B0FF8724F36}" = protocol=6 | dir=out | app=system |
"{7C6F6722-6322-4AF2-ADA7-23EA819F27EE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7E3F1333-B5D3-4A31-91BB-584E01F155B7}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{7E9AC56F-3CF5-471B-9701-A7F8A0770A3F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{86AF0918-F6CC-48D4-972D-22E4E889C929}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{970007C3-92A8-4516-9DAA-457DA93ECAB3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9954721D-D114-4302-BBB8-ED96DCF0D08F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9BDC7454-489E-45C4-A11E-20CFA7FA26D7}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{BABD6C2E-E6C9-40F0-B3D6-1F2B829E55BA}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{BE4BD399-890B-4033-848E-FC81A09CAC4D}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{C7A602C8-B8DD-40B0-B5C6-0B431D21231F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CEB595B6-B54E-4AFF-BA42-65F354C143D6}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{D2D8620D-A208-4118-AF8B-3B5EE43B9818}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{F9923F67-1D1C-4D32-A391-4BE2C8041E24}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{FA751803-A82D-4031-8B23-47B388BCB736}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{FB810515-8CAB-4D08-8E7D-204E963B7702}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{FFDF2859-01C9-44B1-A506-5E7BE2394988}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"TCP Query User{50097652-C6A9-4C53-A8C7-4D2045538A71}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{5B4D1D27-75B1-4983-AFD0-5FF9E8CF17E5}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{7741EC12-8518-4B4C-92EC-5F4DC67B2D73}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{D8676D61-7EB0-4A70-B4BE-7CCBAD75D205}D:\users\Dave\documents\ares\ares.exe" = protocol=6 | dir=in | app=d:\users\Dave\documents\ares\ares.exe |
"TCP Query User{E69D11B4-845A-4620-98E9-A8CDF6722876}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{24AF90CC-ED75-419D-A1C5-EBDAA1506E54}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{7645829D-EFD9-4991-BD2E-6A3131CFF5F9}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{78D87FED-C131-4A24-B302-9C03B0551663}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{EAE2DEDF-0705-473A-8B32-5B4B16BCCB7C}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{FC7AE30C-D16E-4B40-AD72-DAB8782D600E}D:\users\Dave\documents\ares\ares.exe" = protocol=17 | dir=in | app=d:\users\Dave\documents\ares\ares.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{10022850-7236-4D90-9C8C-F837AF4BFF72}" = Save to Video
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey
"{17437F84-76A5-4762-8426-6B416CD87B29}" = ClaroView
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = BisonCam
"{4F208DD9-D567-4E34-A90A-7A1240248745}" = ScreenRuler
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{588DEAD6-D30E-4567-830C-173BEA97F831}" = Accessible PDF
"{5B9C7F21-F3FB-4906-800A-C76F17C7CACF}" = RealSpeak Indian Sangeeta Voice
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E6BBAA-25E6-4BFC-9613-75A5CACE2940}" = Olympus DSS Player
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773C485E-B148-45CB-BF38-84FC208D960A}" = TSR Merlin
"{7C4D3C7C-1631-47FB-B131-5570F8ECD6DC}" = RealSpeak British Daniel Voice
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95BAF701-3FD0-4EC6-8E5F-1357BCC1259A}" = RealSpeak British Emily Voice
"{9C3AEA09-4563-49E2-800B-0F7CF157DEA4}" = ClaroRead PLUS 2008
"{A485EDC0-F7AB-4A18-84BA-4A458E3E2641}" = RealSpeak British-English Serena Voice
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CCF2EC8D-1DCD-4BD5-8059-49F44BF8678C}" = RealSpeak British Jane Voice
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"994713A8C3630E868898BC98DFB676E67FEE967F" = Windows Driver Package - Broadcom Bluetooth (10/24/2006 5.1.2535.0)
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Ares" = Ares 2.1.1
"Audio Converter Pro" = River Past Audio Converter Pro
"BrotherSoft_Extreme Toolbar" = BrotherSoft Extreme Toolbar
"Canon iP3600 series User Registration" = Canon iP3600 series User Registration
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Colour Explorer 9,0" = Colour Explorer 9,0
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"conduitEngine" = Conduit Engine
"Data Doctor Recovery iPod (Demo) 3.0.1.5" = Data Doctor Recovery iPod (Demo) 3.0.1.5
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Inspiration 8 Intl" = Inspiration 8 IE
"InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"Ogg Codecs" = Ogg Codecs 0.81.15562
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Edited by boopme, 07 March 2011 - 02:35 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:29 PM

Posted 13 March 2011 - 06:55 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

The problem you had with DDS is due to a modified file extensions, this is not necessarily a sign for malware and can be esaily be fixed should we need DDS in the future.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 charliescorpio

charliescorpio
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:29 AM

Posted 14 March 2011 - 05:10 PM

Hi there only this report poped up im so glad to get a reply btw

OTL logfile created on: 14/03/2011 22:06:16 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\sara\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50.00 Gb Total Space | 4.04 Gb Free Space | 8.09% Space Free | Partition Type: NTFS
Drive D: | 248.09 Gb Total Space | 102.85 Gb Free Space | 41.46% Space Free | Partition Type: NTFS

Computer Name: RAFE | User Name: Laura Akinsanmi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/07 16:47:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\sara\Desktop\OTL.exe
PRC - [2010/09/01 06:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/07/12 16:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/11/20 09:17:12 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2009/11/18 14:42:05 | 000,208,616 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
PRC - [2009/04/30 10:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/23 13:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2009/02/03 13:22:18 | 001,004,544 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe
PRC - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/25 15:56:44 | 001,351,680 | ---- | M] () -- C:\Program Files\Hotkey\Hotkey.exe
PRC - [2008/07/10 14:04:14 | 000,036,864 | ---- | M] () -- C:\Program Files\Hotkey\PowerBiosServer.exe
PRC - [2008/07/04 02:03:18 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2008/07/04 01:44:46 | 000,278,792 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2008/03/26 05:21:30 | 005,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/03/25 15:46:32 | 000,077,824 | ---- | M] (mychat) -- C:\Windows\BisonCam\BisonHK.exe
PRC - [2008/03/18 01:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/03/11 17:08:50 | 000,053,248 | ---- | M] (Bison Inc.) -- C:\Windows\BisonCam\DeLay.exe
PRC - [2008/01/22 17:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/05/28 16:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007/02/22 18:32:12 | 000,118,784 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
PRC - [2007/02/16 19:40:50 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
PRC - [2007/01/17 06:34:00 | 000,634,880 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe


========== Modules (SafeList) ==========

MOD - [2011/03/07 16:47:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\sara\Desktop\OTL.exe
MOD - [2010/08/31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/18 14:42:05 | 000,208,616 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP)
SRV - [2009/04/30 10:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/10 14:04:14 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotkey\PowerBiosServer.exe -- (PowerBiosServer)
SRV - [2008/01/22 17:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/28 16:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/02/16 19:40:50 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) [Auto | Running] -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service)


========== Driver Services (SafeList) ==========

DRV - [2009/11/18 14:42:05 | 000,239,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2009/11/18 14:42:05 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\Windows\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/02/10 14:38:00 | 007,547,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/01/22 22:43:54 | 000,052,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/07/21 17:34:36 | 000,121,872 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2008/07/09 17:28:26 | 000,020,496 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2008/05/23 20:31:28 | 000,869,032 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008/05/20 20:36:12 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/04/11 09:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/03/26 06:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\heci.sys -- (HECI) Intel®
DRV - [2008/03/13 18:02:46 | 000,026,640 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klfltdev.sys -- (KLFLTDEV)
DRV - [2008/02/14 06:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/01/17 06:38:00 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3665035613-3020346607-1950311316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3665035613-3020346607-1950311316-1000\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3665035613-3020346607-1950311316-1000\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-3665035613-3020346607-1950311316-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3665035613-3020346607-1950311316-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3665035613-3020346607-1950311316-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:33440

IE - HKU\S-1-5-21-3665035613-3020346607-1950311316-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
IE - HKU\S-1-5-21-3665035613-3020346607-1950311316-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
IE - HKU\S-1-5-21-3665035613-3020346607-1950311316-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.2.5.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/15 14:59:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/15 14:59:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2009/11/18 14:05:25 | 000,000,000 | ---D | M]

[2010/11/07 22:29:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laura Akinsanmi\AppData\Roaming\mozilla\Extensions
[2011/02/28 23:41:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laura Akinsanmi\AppData\Roaming\mozilla\Firefox\Profiles\55zvfs3a.default\extensions
[2010/11/17 20:31:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Laura Akinsanmi\AppData\Roaming\mozilla\Firefox\Profiles\55zvfs3a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/02 23:34:21 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Users\Laura Akinsanmi\AppData\Roaming\mozilla\Firefox\Profiles\55zvfs3a.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
[2011/01/02 23:34:20 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Laura Akinsanmi\AppData\Roaming\mozilla\Firefox\Profiles\55zvfs3a.default\extensions\engine@conduit.com
[2010/11/07 22:28:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/27 05:24:34 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/10/27 05:24:34 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/10/27 05:24:34 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/10/27 05:24:34 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/03/07 02:24:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-3665035613-3020346607-1950311316-1000\..\Toolbar\WebBrowser: (BrotherSoft Extreme Toolbar) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - C:\Program Files\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3665035613-3020346607-1950311316-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-3665035613-3020346607-1950311316-1004\..\Toolbar\WebBrowser: (BrotherSoft Extreme Toolbar) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - C:\Program Files\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3665035613-3020346607-1950311316-1004\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [BisonHK] C:\Windows\BisonCam\BisonHK.exe (mychat)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DeLay] C:\Windows\BisonCam\DeLay.exe (Bison Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [HotkeyOSD Software] C:\Program Files\Hotkey\HotKey.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-3665035613-3020346607-1950311316-1000..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKU\S-1-5-21-3665035613-3020346607-1950311316-1000..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-3665035613-3020346607-1950311316-1004..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKU\S-1-5-21-3665035613-3020346607-1950311316-1004..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKU\S-1-5-21-3665035613-3020346607-1950311316-1000..\RunOnce: [kNfFbDm06300] C:\ProgramData\kNfFbDm06300\kNfFbDm06300.exe (Корпорация Майкрософт)
O4 - Startup: C:\Users\Laura Akinsanmi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Colour Explorer 9,0.lnk = C:\Program Files\MicrolinkPC\CXLOADER.exe (MicrolinkPC)
O4 - Startup: C:\Users\Laura Akinsanmi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe (Nuance Communications, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3665035613-3020346607-1950311316-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3665035613-3020346607-1950311316-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3665035613-3020346607-1950311316-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3665035613-3020346607-1950311316-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3665035613-3020346607-1950311316-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Rafe
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/03/10 12:56:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/09 10:28:25 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/09 10:28:25 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/09 10:28:25 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/09 10:28:25 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/03/07 13:31:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/03/07 03:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\kNfFbDm06300
[2011/03/07 02:26:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/03/07 02:26:39 | 000,000,000 | ---D | C] -- C:\Users\Laura Akinsanmi\AppData\Local\temp
[2011/03/07 02:17:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/03/07 02:16:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/28 02:00:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/28 02:00:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/28 02:00:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/28 02:00:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/28 02:00:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/26 10:56:03 | 000,368,640 | ---- | C] (Fujitsu Component Ltd.) -- C:\Users\Laura Akinsanmi\AppData\Local\ivepofuy.dll
[2011/02/26 03:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\dAhAeJh08200
[3 D:\Users\Laura Akinsanmi\Documents\*.tmp files -> D:\Users\Laura Akinsanmi\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/14 22:07:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3665035613-3020346607-1950311316-1004UA.job
[2011/03/14 22:07:00 | 000,000,850 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3665035613-3020346607-1950311316-1004Core.job
[2011/03/14 22:07:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2011/03/14 21:36:42 | 000,097,184 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/03/14 21:24:30 | 000,643,598 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/14 21:24:30 | 000,121,764 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/14 21:19:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/14 21:19:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/14 21:18:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/14 04:31:51 | 009,626,656 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2011/03/14 04:31:51 | 001,089,568 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.dat
[2011/03/14 04:31:51 | 000,081,528 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2011/03/14 04:31:51 | 000,006,900 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.idx
[2011/03/14 04:10:59 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3665035613-3020346607-1950311316-1000UA.job
[2011/03/13 23:11:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3665035613-3020346607-1950311316-1000Core.job
[2011/03/11 21:40:06 | 000,097,184 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/03/10 15:39:12 | 000,000,490 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Laura Akinsanmi.job
[2011/03/07 02:24:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/02 20:12:14 | 000,002,103 | ---- | M] () -- C:\Users\Laura Akinsanmi\Desktop\Google Chrome.lnk
[2011/03/02 20:12:14 | 000,002,065 | ---- | M] () -- C:\Users\Laura Akinsanmi\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/28 01:57:57 | 000,000,155 | ---- | M] () -- C:\Users\Laura Akinsanmi\Desktop\fix.reg
[2011/02/28 01:57:36 | 000,000,155 | ---- | M] () -- D:\Users\Laura Akinsanmi\Documents\fix.reg
[2011/02/28 01:51:54 | 004,276,140 | R--- | M] () -- C:\Users\Laura Akinsanmi\Desktop\ComboFix.exe
[2011/02/27 02:15:59 | 000,000,134 | ---- | M] () -- C:\Users\Laura Akinsanmi\Desktop\hosts-perm.bat
[2011/02/26 21:14:36 | 000,721,324 | ---- | M] () -- C:\Users\Laura Akinsanmi\Desktop\rkill.com
[2011/02/26 10:56:09 | 000,368,640 | ---- | M] (Fujitsu Component Ltd.) -- C:\Users\Laura Akinsanmi\AppData\Local\ivepofuy.dll
[2011/02/16 21:21:45 | 000,000,120 | ---- | M] () -- C:\Users\Laura Akinsanmi\AppData\Local\Jnavehamirol.dat
[2011/02/16 12:40:51 | 000,000,000 | ---- | M] () -- C:\Users\Laura Akinsanmi\AppData\Local\Txihesagubin.bin
[3 D:\Users\Laura Akinsanmi\Documents\*.tmp files -> D:\Users\Laura Akinsanmi\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/11 22:02:38 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3665035613-3020346607-1950311316-1004UA.job
[2011/03/11 22:02:38 | 000,000,850 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3665035613-3020346607-1950311316-1004Core.job
[2011/02/28 21:23:05 | 000,721,324 | ---- | C] () -- C:\Users\Laura Akinsanmi\Desktop\rkill.com
[2011/02/28 02:00:52 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/28 02:00:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/28 02:00:52 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/28 02:00:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/28 02:00:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/28 01:57:57 | 000,000,155 | ---- | C] () -- C:\Users\Laura Akinsanmi\Desktop\fix.reg
[2011/02/28 01:57:36 | 000,000,155 | ---- | C] () -- D:\Users\Laura Akinsanmi\Documents\fix.reg
[2011/02/28 01:55:50 | 004,276,140 | R--- | C] () -- C:\Users\Laura Akinsanmi\Desktop\ComboFix.exe
[2011/02/27 02:16:32 | 000,000,134 | ---- | C] () -- C:\Users\Laura Akinsanmi\Desktop\hosts-perm.bat
[2011/01/27 16:12:05 | 000,016,291 | ---- | C] () -- C:\Users\Laura Akinsanmi\AppData\Local\edejikap.dll
[2011/01/25 17:29:08 | 000,000,120 | ---- | C] () -- C:\Users\Laura Akinsanmi\AppData\Local\Jnavehamirol.dat
[2011/01/25 17:29:08 | 000,000,000 | ---- | C] () -- C:\Users\Laura Akinsanmi\AppData\Local\Txihesagubin.bin
[2010/10/11 14:00:56 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/09/08 00:01:58 | 000,163,827 | ---- | C] () -- C:\Windows\Audio Converter Pro Uninstaller.exe
[2010/06/22 23:25:56 | 000,025,773 | ---- | C] () -- C:\Users\Laura Akinsanmi\AppData\Roaming\UserTile.png
[2009/12/29 03:40:12 | 000,097,184 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/12/29 03:40:11 | 000,097,184 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/12/29 03:10:50 | 000,000,552 | ---- | C] () -- C:\Users\Laura Akinsanmi\AppData\Local\d3d8caps.dat
[2009/12/26 07:42:24 | 000,087,040 | ---- | C] () -- C:\Users\Laura Akinsanmi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/10 22:27:42 | 000,001,994 | ---- | C] () -- C:\Users\Laura Akinsanmi\AppData\Roaming\SAS7_000.DAT
[2009/11/19 09:11:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/19 09:11:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/19 09:10:51 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/11/18 19:30:58 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/11/18 14:37:36 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DM1USBAPIVB.dll
[2009/11/18 14:05:43 | 000,114,243 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2009/11/18 14:05:43 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2009/11/18 14:05:13 | 009,626,656 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2009/11/18 14:05:13 | 001,089,568 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox2.dat
[2009/11/18 13:50:26 | 000,000,189 | ---- | C] () -- C:\Windows\OEM.ini
[2009/11/18 13:50:25 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2009/11/18 11:49:16 | 000,000,029 | ---- | C] () -- C:\Windows\System32\GetWord.ini
[2009/11/18 11:19:37 | 000,131,584 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2009/11/18 11:19:37 | 000,000,803 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-Colour Explorer 9,0.dat
[2009/11/18 10:51:09 | 000,001,356 | ---- | C] () -- C:\Users\Laura Akinsanmi\AppData\Local\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/11/11 19:58:54 | 000,025,601 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,378,280 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,643,598 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,121,764 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2009/04/23 14:20:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/04/23 14:20:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/04/23 14:20:10 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/23 14:20:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 02:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: HLP.DAT >
[2009/04/11 06:28:25 | 000,034,699 | ---- | M] () MD5=7542C8FC9F5F38B5A41A996EA1203B63 -- C:\Users\Laura Akinsanmi\AppData\Local\Windows Server\hlp.dat
[2009/04/11 06:28:25 | 000,036,635 | ---- | M] () MD5=D902DEE3098BEF00F45B37ADCF769647 -- C:\Users\Public\Documents\Server\hlp.dat

< MD5 for: WININIT.EXE >
[2008/01/21 02:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008/01/21 02:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/21 02:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 02:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:F35A93AD

< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:29 PM

Posted 17 March 2011 - 08:14 AM

Hi,

sorry for the additional delay. I see you ran ComboFix, could you please post the log from C:\combofix.txt in your next reply?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 charliescorpio

charliescorpio
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:29 AM

Posted 17 March 2011 - 06:13 PM

ComboFix 11-03-06.02 - Dave 07/03/2011 2:19.3.2 - x86
Microsoftฎ Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3066.1888 [GMT 0:00]
Running from: c:\users\sara\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
FW: Kaspersky Internet Security *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
SP: Kaspersky Internet Security *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\bBhMlAl06300
c:\programdata\bBhMlAl06300\bBhMlAl06300
c:\programdata\bBhMlAl06300\bBhMlAl06300.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-07 to 2011-03-07 )))))))))))))))))))))))))))))))
.
.
2011-03-07 02:24 . 2011-03-07 02:24 -------- dc----w- c:\users\Default\AppData\Local\temp
2011-03-07 02:24 . 2011-03-07 02:25 -------- dc----w- c:\users\Dave\AppData\Local\temp
2011-03-07 02:24 . 2011-03-07 02:24 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-03-05 01:04 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF49EDC5-1C76-471C-B894-E0EE89C7C960}\mpengine.dll
2011-02-28 02:24 . 2011-03-07 02:24 -------- dc----w- c:\users\sara\AppData\Local\temp
2011-02-26 10:56 . 2011-02-26 10:56 368640 -c--a-w- c:\users\Dave\AppData\Local\ivepofuy.dll
2011-02-26 03:12 . 2011-02-27 02:08 -------- d-----w- c:\programdata\dAhAeJh08200
2011-02-23 22:56 . 2011-02-23 22:56 -------- dc----w- c:\users\sara\AppData\Roaming\Nuance
2011-02-23 22:56 . 2011-02-23 22:56 -------- dc----w- c:\users\sara\AppData\Roaming\Winamp
2011-02-23 22:51 . 2011-02-23 22:52 -------- dc----w- c:\users\sara\AppData\Local\{888803CF-24CB-4360-955A-9B6EE8BEEDC1}
2011-02-23 22:51 . 2011-02-23 22:51 -------- dc----w- c:\users\sara\AppData\Local\PackageAware
2011-02-23 22:42 . 2011-02-23 22:42 -------- dc----w- c:\users\sara\AppData\Local\Apple Computer
2011-02-23 22:38 . 2011-02-23 22:38 -------- dc----w- c:\users\sara\AppData\Local\Ares
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-16 12:40 . 2011-01-25 17:29 0 -c--a-w- c:\users\Dave\AppData\Local\Txihesagubin.bin
2011-02-02 17:11 . 2009-11-18 16:38 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-27 16:12 . 2011-01-27 16:12 16291 -c--a-w- c:\users\Dave\AppData\Local\edejikap.dll
2010-12-28 15:55 . 2011-01-12 12:30 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-20 18:09 . 2010-12-12 23:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2010-12-12 23:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 14:49 . 2011-01-12 12:29 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files\BrotherSoft_Extreme\tbBrot.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 12:51 3911776 -c--a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
2010-12-09 12:51 3911776 -c--a-w- c:\program files\BrotherSoft_Extreme\tbBrot.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files\BrotherSoft_Extreme\tbBrot.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{51A86BB3-6602-4C85-92A5-130EE4864F13}"= "c:\program files\BrotherSoft_Extreme\tbBrot.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-07-04 02:14 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-07-04 02:14 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"Google Update"="c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-25 135664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-18 149280]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-07-04 49928]
"HotkeyOSD Software"="c:\program files\Hotkey\HotKey.exe" [2008-07-25 1351680]
"BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2008-03-25 77824]
"DeLay"="c:\windows\BisonCam\DeLay.exe" [2008-03-11 53248]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-11-18 208616]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-10 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-10 92704]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
c:\users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Colour Explorer 9,0.lnk - c:\program files\MicrolinkPC\CXLOADER.exe [2009-11-18 72192]
Dragon NaturallySpeaking.lnk - c:\program files\Nuance\NaturallySpeaking10\Program\natspeak.exe [2009-3-16 2835816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-11-18 118784]
Directrec Configuration Tool.lnk - c:\program files\Olympus\DeviceDetector\DirectrecConfig.exe [2009-11-18 122880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-07-04 02:02 96008 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-11-18 33808]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
S2 PowerBiosServer;PowerBiosServer;c:\program files\Hotkey\PowerBiosServer.exe [2008-07-10 36864]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-05-20 3663360]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-01-22 52768]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - KLMDB
*Deregistered* - klmdb
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3665035613-3020346607-1950311316-1000Core.job
- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-25 11:46]
.
2011-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3665035613-3020346607-1950311316-1000UA.job
- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-25 11:46]
.
2011-03-02 c:\windows\Tasks\Norton Security Scan for Dave.job
- c:\program files\Norton Security Scan\Engine\3.0.1.8\Nss.exe [2011-01-25 14:06]
.
2011-03-07 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://uk.yahoo.com
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:33440
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\55zvfs3a.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: BrotherSoft Extreme Community Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - %profile%\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-klmdb.sys
AddRemove-s3pe - d:\users\Dave\Documents\SIMS PROGRAMING\s3pe\uninst-s3pe.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-07 02:24
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3665035613-3020346607-1950311316-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D40484A6-2395-53D1-BB02-E1B509FF1AAF}*]
"haindiaiimngbjoe"=hex:6b,61,64,6c,63,70,68,62,63,6d,6a,6d,68,61,70,61,6c,69,
65,70,6f,6f,00,02
"iacmbghlmkojbcnlck"=hex:6b,61,64,6c,6f,6f,64,70,70,6c,63,70,6d,6e,6c,6c,69,66,
6b,66,68,6e,00,02
.
[HKEY_USERS\S-1-5-21-3665035613-3020346607-1950311316-1000\Software\SecuROM\License information*]
"datasecu"=hex:05,b9,19,ed,98,8c,a7,a5,93,aa,f5,81,25,93,e4,df,73,bd,73,7b,81,
9d,17,b1,a4,e7,2e,4f,c3,e3,d8,1f,91,57,28,61,e3,5f,e4,c6,2a,43,c3,49,be,23,\
"rkeysecu"=hex:6b,9a,89,f7,f1,66,4e,70,66,a0,11,18,e1,18,31,5a
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-03-07 02:26:37
ComboFix-quarantined-files.txt 2011-03-07 02:26
ComboFix2.txt 2011-02-28 23:30
ComboFix3.txt 2011-02-28 02:24
.
Pre-Run: 4,150,784,000 bytes free
Post-Run: 4,372,299,776 bytes free
.
- - End Of File - - 39CA6CFD1523D5BDCFDB164896BF37B9

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:29 PM

Posted 19 March 2011 - 05:39 AM

Hi,

you have a number of toolbars installed that are of mediocre reputation, namely Conduit and Brothersoft. Do you use them or would you rather remove them?

Run this script to remove some leftovers of the infection:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\users\Dave\AppData\Local\ivepofuy.dll
c:\users\Dave\AppData\Local\Txihesagubin.bin
c:\users\Dave\AppData\Local\edejikap.dll
Folder::
c:\programdata\dAhAeJh08200
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:33440


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 charliescorpio

charliescorpio
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:29 AM

Posted 22 March 2011 - 04:05 PM

ComboFix 11-03-22.02 - Dave 22/03/2011 20:48:39.4.2 - x86
Microsoftฎ Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3066.2305 [GMT 0:00]
Running from: d:\users\sara\Downloads\ComboFix.exe
Command switches used :: d:\users\sara\Downloads\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Outdated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
FW: Kaspersky Internet Security *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
SP: Kaspersky Internet Security *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\Dave\AppData\Local\edejikap.dll"
"c:\users\Dave\AppData\Local\ivepofuy.dll"
"c:\users\Dave\AppData\Local\Txihesagubin.bin"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dAhAeJh08200
c:\programdata\dAhAeJh08200\dAhAeJh08200
c:\users\Dave\AppData\Local\edejikap.dll
c:\users\Dave\AppData\Local\ivepofuy.dll
c:\users\Dave\AppData\Local\Txihesagubin.bin
.
.
((((((((((((((((((((((((( Files Created from 2011-02-22 to 2011-03-22 )))))))))))))))))))))))))))))))
.
.
2011-03-22 20:55 . 2011-03-22 20:56 -------- dc----w- c:\users\Dave\AppData\Local\temp
2011-03-22 20:55 . 2011-03-22 20:55 -------- dc----w- c:\users\Default\AppData\Local\temp
2011-03-22 20:55 . 2011-03-22 20:55 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-03-22 16:03 . 2008-01-21 02:23 2730536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{57B3F1FF-3CEE-410D-ABA7-AB3A11FF59D5}\mpengine.dll
2011-03-11 23:47 . 2011-03-11 23:47 -------- dc----w- c:\users\sara\AppData\Local\Peter_L_Jones
2011-03-11 22:02 . 2011-03-11 22:05 -------- dc----w- c:\users\sara\AppData\Local\Google
2011-03-09 10:28 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 10:28 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 10:28 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 10:28 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 10:28 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 10:28 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-08 21:15 . 2011-03-08 21:15 -------- dc----w- c:\users\sara\AppData\Local\Sony Ericsson
2011-03-07 03:00 . 2011-03-19 12:08 -------- d-----w- c:\programdata\kNfFbDm06300
2011-02-28 02:24 . 2011-03-22 20:55 -------- dc----w- c:\users\sara\AppData\Local\temp
2011-02-23 22:56 . 2011-02-23 22:56 -------- dc----w- c:\users\sara\AppData\Roaming\Nuance
2011-02-23 22:56 . 2011-02-23 22:56 -------- dc----w- c:\users\sara\AppData\Roaming\Winamp
2011-02-23 22:51 . 2011-02-23 22:52 -------- dc----w- c:\users\sara\AppData\Local\{888803CF-24CB-4360-955A-9B6EE8BEEDC1}
2011-02-23 22:51 . 2011-02-23 22:51 -------- dc----w- c:\users\sara\AppData\Local\PackageAware
2011-02-23 22:42 . 2011-02-23 22:42 -------- dc----w- c:\users\sara\AppData\Local\Apple Computer
2011-02-23 22:38 . 2011-02-23 22:38 -------- dc----w- c:\users\sara\AppData\Local\Ares
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 17:11 . 2009-11-18 16:38 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-08 08:47 . 2011-02-09 11:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 11:56 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-09 11:56 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-12 12:30 413696 ----a-w- c:\windows\system32\odbc32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-07-04 02:14 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-07-04 02:14 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"Google Update"="c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-25 135664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-18 149280]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-07-04 49928]
"HotkeyOSD Software"="c:\program files\Hotkey\HotKey.exe" [2008-07-25 1351680]
"BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2008-03-25 77824]
"DeLay"="c:\windows\BisonCam\DeLay.exe" [2008-03-11 53248]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-11-18 208616]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-10 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-10 92704]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
c:\users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Colour Explorer 9,0.lnk - c:\program files\MicrolinkPC\CXLOADER.exe [2009-11-18 72192]
Dragon NaturallySpeaking.lnk - c:\program files\Nuance\NaturallySpeaking10\Program\natspeak.exe [2009-3-16 2835816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-11-18 118784]
Directrec Configuration Tool.lnk - c:\program files\Olympus\DeviceDetector\DirectrecConfig.exe [2009-11-18 122880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-07-04 02:02 96008 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-11-18 33808]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
S2 PowerBiosServer;PowerBiosServer;c:\program files\Hotkey\PowerBiosServer.exe [2008-07-10 36864]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-05-20 3663360]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-01-22 52768]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3665035613-3020346607-1950311316-1000Core.job
- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-25 11:46]
.
2011-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3665035613-3020346607-1950311316-1000UA.job
- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-25 11:46]
.
2011-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3665035613-3020346607-1950311316-1004Core.job
- c:\users\sara\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11 22:02]
.
2011-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3665035613-3020346607-1950311316-1004UA.job
- c:\users\sara\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11 22:02]
.
2011-03-21 c:\windows\Tasks\Norton Security Scan for Dave.job
- c:\program files\Norton Security Scan\Engine\3.0.1.8\Nss.exe [2011-01-25 14:06]
.
2011-03-22 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://uk.yahoo.com
uInternet Settings,ProxyOverride = <local>
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\55zvfs3a.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: BrotherSoft Extreme Community Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} - %profile%\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
WebBrowser-{51A86BB3-6602-4C85-92A5-130EE4864F13} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-22 20:56
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3665035613-3020346607-1950311316-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D40484A6-2395-53D1-BB02-E1B509FF1AAF}*]
"haindiaiimngbjoe"=hex:6b,61,64,6c,63,70,68,62,63,6d,6a,6d,68,61,70,61,6c,69,
65,70,6f,6f,00,02
"iacmbghlmkojbcnlck"=hex:6b,61,64,6c,6f,6f,64,70,70,6c,63,70,6d,6e,6c,6c,69,66,
6b,66,68,6e,00,02
.
[HKEY_USERS\S-1-5-21-3665035613-3020346607-1950311316-1000\Software\SecuROM\License information*]
"datasecu"=hex:05,b9,19,ed,98,8c,a7,a5,93,aa,f5,81,25,93,e4,df,73,bd,73,7b,81,
9d,17,b1,a4,e7,2e,4f,c3,e3,d8,1f,91,57,28,61,e3,5f,e4,c6,2a,43,c3,49,be,23,\
"rkeysecu"=hex:6b,9a,89,f7,f1,66,4e,70,66,a0,11,18,e1,18,31,5a
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-03-22 20:58:08
ComboFix-quarantined-files.txt 2011-03-22 20:58
ComboFix2.txt 2011-03-07 02:26
ComboFix3.txt 2011-02-28 23:30
ComboFix4.txt 2011-02-28 02:24
.
Pre-Run: 5,014,568,960 bytes free
Post-Run: 5,248,757,760 bytes free
.
- - End Of File - - 33B9BA74D1959A94C3E2C37FEE7B6E76

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:29 PM

Posted 23 March 2011 - 06:46 AM

Hi,

how is the PC doing?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 charliescorpio

charliescorpio
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:29 AM

Posted 23 March 2011 - 07:15 AM

Seems okay , my temp file in c:/windows was deleted in the process and im having some issues with authorization but it is system tool free , which gets a yay , thanks for that i really appreciate your assistance.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:29 PM

Posted 24 March 2011 - 01:08 AM

Hi,

who deleted that file?

Please run a scan with Eset to check for lefotvers:

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

What's the problem with authorization?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 charliescorpio

charliescorpio
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:29 AM

Posted 29 March 2011 - 07:44 AM

sorry for the delay I'm running that scan as i type this, i don't know who or what deleted it mate?

#12 charliescorpio

charliescorpio
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:29 AM

Posted 29 March 2011 - 03:58 PM

I saved the txt file but it says i dont have the authorization to open it , thats what i mean somethings deny me authorization

#13 charliescorpio

charliescorpio
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:29 AM

Posted 29 March 2011 - 04:06 PM

Every time i try to open the file my access is denied

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:29 PM

Posted 30 March 2011 - 06:04 AM

Hi,

where did you save that file? Can you move it to your desktop and try to open it again?

  • Please download Junction.zip and save it.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Go to Start => Run... => Copy and paste the following command in the run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

    A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 charliescorpio

charliescorpio
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:29 AM

Posted 30 March 2011 - 06:59 AM

Awesome , the desktop thing worked , heres the first report you asked for


C:\Qoobox\Quarantine\C\ProgramData\bBhMlAl06300\bBhMlAl06300.exe.vir a variant of Win32/Kryptik.LIW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Dave\AppData\Local\ivepofuy.dll.vir a variant of Win32/Kryptik.KNA trojan cleaned by deleting - quarantined
C:\Users\Dave\AppData\Local\Windows Server\hlp.dat Win32/Bamital.DT trojan cleaned by deleting - quarantined
C:\Users\Dave\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\6b90f4c0-5e945857 a variant of Java/TrojanDownloader.OpenStream.NBI trojan deleted - quarantined
C:\Users\Dave\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6d0f390c-628f50a3 a variant of Java/Agent.AF trojan deleted - quarantined
C:\Users\Dave\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\31e9954e-5a47995e multiple threats deleted - quarantined
C:\Users\Dave\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\5bbefb11-37095aeb multiple threats deleted - quarantined
C:\Users\Dave\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\59861997-585b416f multiple threats deleted - quarantined
C:\Users\Dave\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\2d843c9b-52eae5cf a variant of Win32/Kryptik.LII trojan cleaned by deleting - quarantined
C:\Users\Dave\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7061701b-67b00662 multiple threats deleted - quarantined
C:\Users\Dave\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\5e6f56a0-4168c338 a variant of Java/TrojanDownloader.OpenStream.NBI trojan deleted - quarantined
C:\Users\Dave\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\30feb821-1deb41c7 Java/TrojanDownloader.Agent.NBK trojan deleted - quarantined
C:\Users\Dave\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7361f21-793b113b a variant of Java/TrojanDownloader.OpenStream.NBI trojan deleted - quarantined
C:\Users\Dave\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\ece84e3-5e481d0b probably a variant of Win32/Agent.RPSVWU trojan cleaned by deleting - quarantined
C:\Users\Dave\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\5541aec4-1a1411ec Java/TrojanDownloader.Agent.NBM trojan deleted - quarantined
C:\Users\Dave\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\22f07fe8-40588674 a variant of Java/Exploit.CVE-2010-0844.A trojan deleted - quarantined
C:\Users\Dave\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\1ba685a9-22534696 multiple threats deleted - quarantined
C:\Users\Dave\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\334c786f-524041a7 multiple threats deleted - quarantined
C:\Users\Dave\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\3384a96f-3f50dc92 a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined
C:\Users\Dave\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\7b24633-6a0c2c1e a variant of Win32/Kryptik.LIW trojan cleaned by deleting - quarantined
C:\Users\Dave\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\31bba1f4-46ba0a53 Java/TrojanDownloader.Agent.NBL trojan deleted - quarantined
C:\Users\Dave\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4661f1f9-160f0dc7 probably a variant of Win32/Agent.RPSVWU trojan cleaned by deleting - quarantined
C:\Users\Dave\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\6a34e5c9-1016250e a variant of Java/TrojanDownloader.OpenStream.NBI trojan deleted - quarantined
C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.EK trojan cleaned by deleting - quarantined




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users