Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS & Google keeps redirecting


  • This topic is locked This topic is locked
23 replies to this topic

#1 sh333

sh333

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brantford, ON
  • Local time:01:46 AM

Posted 30 April 2011 - 01:14 AM

Ugggh. my business year end is tomorrow and my computer is bogged completely :(

Any help you can provide would be massively appreciated.

I am getting google re-directs and also getting fake security alert type attacks like XP Home Security and others. I think I got rid of XP home security using Malwarebytes, but the other stuff keeps coming back. I am going nuts here :( It seems to have taken over and was able to keep MSE from updating. I had to manual update MSE and even then it seems to havew trouble finding and killing off these infections.

Update: Now it appears that WIN32/FakeRean is also on my computer

LOG:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Scott at 1:35:20.84 on Sat 04/30/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1337 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Scott\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/products
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=2071129
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\11.0.696.57\npchrome_frame.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [ConnectionManager] c:\program files\winsim\connectionmanager\Simply.SystemTrayIcon.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\11.0.696.57\npchrome_frame.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MpKslceebd8ab;MpKslceebd8ab;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0047c39-e594-466a-a986-0a77a3f6cddf}\MpKslceebd8ab.sys [2011-4-30 28752]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 DLSDB;Dell Printer Status Database;c:\program files\dell printers\additional color laser software\status monitor\dlsdbnt.exe [2008-11-19 140184]
R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\connectionmanager\SimplyConnectionManager.exe [2009-8-23 29992]
R2 SqueezeMySQL;SqueezeMySQL;c:\progra~1\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\docume~1\alluse~1\applic~1\squeez~1\cache\my.cnf squeezemysql --> c:\progra~1\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\docume~1\alluse~1\applic~1\squeez~1\cache\my.cnf SqueezeMySQL [?]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2011-1-10 376688]
R3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [2007-9-6 44784]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
S1 MpKsl246de02c;MpKsl246de02c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfaa0bb7-e642-4dd7-878b-22258d966d6f}\mpksl246de02c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfaa0bb7-e642-4dd7-878b-22258d966d6f}\MpKsl246de02c.sys [?]
S1 MpKsl2b628da0;MpKsl2b628da0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b220bf23-551f-4c30-bf28-cd2ecc585598}\mpksl2b628da0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b220bf23-551f-4c30-bf28-cd2ecc585598}\MpKsl2b628da0.sys [?]
S1 MpKsl3dd7f176;MpKsl3dd7f176;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7edcc654-5b41-498f-8323-9da004d91564}\mpksl3dd7f176.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7edcc654-5b41-498f-8323-9da004d91564}\MpKsl3dd7f176.sys [?]
S1 MpKsl6e8083b7;MpKsl6e8083b7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8451d8f3-0d7a-4f4f-b952-10851081fee8}\mpksl6e8083b7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8451d8f3-0d7a-4f4f-b952-10851081fee8}\MpKsl6e8083b7.sys [?]
S1 MpKsl871e12c5;MpKsl871e12c5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfaa0bb7-e642-4dd7-878b-22258d966d6f}\mpksl871e12c5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfaa0bb7-e642-4dd7-878b-22258d966d6f}\MpKsl871e12c5.sys [?]
S1 MpKsl94aba819;MpKsl94aba819;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{04009174-4ffd-4838-8e95-d0c73fd223f1}\mpksl94aba819.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{04009174-4ffd-4838-8e95-d0c73fd223f1}\MpKsl94aba819.sys [?]
S1 MpKsl9ad13350;MpKsl9ad13350;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{58730563-c610-4f2e-86c3-02290f55b7ff}\mpksl9ad13350.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{58730563-c610-4f2e-86c3-02290f55b7ff}\MpKsl9ad13350.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-25 133104]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-10-25 133104]
S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [2009-9-28 52656]
S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_x32.sys [2011-4-12 24880]
S3 Simply Accounting Transaction Manager 2010 - CDN;Simply Accounting Transaction Manager 2010 - CDN;c:\program files\winsim\transactionmanager2010 - cdn\Sage_SA.TransactionManager.exe [2010-12-4 42312]
.
=============== File Associations ===============
.
exefile="c:\documents and settings\networkservice\local settings\application data\qgc.exe" -a "%1" %*
.
=============== Created Last 30 ================
.
2011-04-30 05:23:37 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{a0047c39-e594-466a-a986-0a77a3f6cddf}\MpKslceebd8ab.sys
2011-04-30 04:50:11 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{a0047c39-e594-466a-a986-0a77a3f6cddf}\mpengine.dll
2011-04-30 04:26:46 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-04-30 04:14:47 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-30 04:14:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2011-04-29 23:50:47 -------- d-sha-r- C:\cmdcons
2011-04-29 23:45:43 98816 ----a-w- c:\windows\sed.exe
2011-04-29 23:45:43 89088 ----a-w- c:\windows\MBR.exe
2011-04-29 23:45:43 256512 ----a-w- c:\windows\PEV.exe
2011-04-29 23:45:43 161792 ----a-w- c:\windows\SWREG.exe
2011-04-29 02:04:50 0 ----a-w- c:\windows\Xpuvazalebinuri.bin
2011-04-23 19:17:45 -------- d-----w- c:\docume~1\scott\locals~1\applic~1\Nikon
2011-04-23 19:14:56 57344 ----a-r- c:\docume~1\scott\applic~1\microsoft\installer\{87441a59-5e64-4096-a170-14efe67200c3}\ARPPRODUCTICON.exe
2011-04-23 18:41:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVS4YOU
2011-04-23 18:40:37 -------- d-----w- c:\docume~1\scott\applic~1\AVS4YOU
2011-04-23 18:37:24 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
2011-04-23 18:37:24 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
2011-04-23 18:37:14 -------- d-----w- c:\program files\common files\AVSMedia
2011-04-23 18:37:09 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-04-23 18:37:09 -------- d-----w- c:\program files\AVS4YOU
2011-04-23 03:46:50 -------- d-----w- c:\program files\Nikon
2011-04-23 03:46:49 -------- d-----w- c:\program files\common files\Nikon
2011-04-12 18:52:19 -------- d-----w- c:\program files\PLX Technology
2011-04-12 18:52:01 24880 ----a-w- c:\windows\system32\drivers\OXUDIDRV_x32.sys
2011-04-12 18:51:54 -------- d-----w- c:\program files\Iomega
2011-04-12 18:51:45 -------- d-----w- c:\docume~1\scott\locals~1\applic~1\Downloaded Installations
2011-04-05 01:21:57 -------- d-----w- c:\docume~1\scott\locals~1\applic~1\WMTools Downloaded Files
.
==================== Find3M ====================
.
2011-04-23 19:12:40 106496 ----a-w- c:\windows\system32\ATL71.DLL
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-18 20:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25:52 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: FUJITSU_MHW2120BJ_G2 rev.0085001A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8AB4B730]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8ab51a10]; MOV EAX, [0x8ab51a8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AAF9AB8]
3 CLASSPNP[0xBA0F8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8AA9C480]
\Driver\atapi[0x8ABBA8C0] -> IRP_MJ_CREATE -> 0x8AB4B730
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8AB4B57B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 1:37:56.50 ===============

Attached Files


Edited by sh333, 30 April 2011 - 01:37 PM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:46 AM

Posted 05 May 2011 - 06:32 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 sh333

sh333
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brantford, ON
  • Local time:01:46 AM

Posted 05 May 2011 - 10:39 PM

Thanks you so much for replying!!!! I realy appreciate you trying to help me here.

Here is the TDSSKiller report:

2011/05/05 23:22:17.0187 1776 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/05 23:22:17.0609 1776 ================================================================================
2011/05/05 23:22:17.0609 1776 SystemInfo:
2011/05/05 23:22:17.0609 1776
2011/05/05 23:22:17.0609 1776 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/05 23:22:17.0609 1776 Product type: Workstation
2011/05/05 23:22:17.0609 1776 ComputerName: LAPPY386
2011/05/05 23:22:17.0609 1776 UserName: Scott
2011/05/05 23:22:17.0609 1776 Windows directory: C:\WINDOWS
2011/05/05 23:22:17.0609 1776 System windows directory: C:\WINDOWS
2011/05/05 23:22:17.0609 1776 Processor architecture: Intel x86
2011/05/05 23:22:17.0609 1776 Number of processors: 2
2011/05/05 23:22:17.0609 1776 Page size: 0x1000
2011/05/05 23:22:17.0609 1776 Boot type: Normal boot
2011/05/05 23:22:17.0609 1776 ================================================================================
2011/05/05 23:22:18.0218 1776 Initialize success
2011/05/05 23:22:34.0671 3424 ================================================================================
2011/05/05 23:22:34.0671 3424 Scan started
2011/05/05 23:22:34.0671 3424 Mode: Manual;
2011/05/05 23:22:34.0671 3424 ================================================================================
2011/05/05 23:22:34.0953 3424 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/05/05 23:22:35.0031 3424 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/05 23:22:35.0078 3424 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/05 23:22:35.0125 3424 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/05/05 23:22:35.0187 3424 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/05 23:22:35.0265 3424 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2011/05/05 23:22:35.0328 3424 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/05 23:22:35.0406 3424 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/05 23:22:35.0453 3424 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/05/05 23:22:35.0484 3424 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/05/05 23:22:35.0531 3424 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/05/05 23:22:35.0562 3424 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/05/05 23:22:35.0593 3424 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/05 23:22:35.0671 3424 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/05/05 23:22:35.0750 3424 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/05/05 23:22:35.0796 3424 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/05/05 23:22:35.0843 3424 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/05/05 23:22:35.0906 3424 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/05/05 23:22:35.0984 3424 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/05 23:22:36.0078 3424 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/05/05 23:22:36.0125 3424 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/05/05 23:22:36.0171 3424 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/05/05 23:22:36.0234 3424 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/05 23:22:36.0328 3424 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/05 23:22:36.0390 3424 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/05 23:22:36.0453 3424 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/05 23:22:36.0500 3424 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/05/05 23:22:36.0531 3424 BackupReader (3163aa026fe36bad874250ae93187f9d) C:\WINDOWS\system32\DRIVERS\BackupReader.sys
2011/05/05 23:22:36.0593 3424 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
2011/05/05 23:22:36.0718 3424 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/05/05 23:22:36.0812 3424 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/05 23:22:37.0000 3424 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/05/05 23:22:37.0031 3424 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/05 23:22:37.0093 3424 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/05/05 23:22:37.0140 3424 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/05 23:22:37.0218 3424 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/05 23:22:37.0281 3424 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2011/05/05 23:22:37.0375 3424 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/05 23:22:37.0453 3424 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/05 23:22:37.0515 3424 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/05/05 23:22:37.0546 3424 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/05 23:22:37.0609 3424 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/05/05 23:22:37.0656 3424 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/05/05 23:22:37.0718 3424 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/05/05 23:22:37.0765 3424 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/05 23:22:37.0796 3424 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2011/05/05 23:22:37.0812 3424 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/05/05 23:22:37.0843 3424 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/05/05 23:22:37.0859 3424 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
2011/05/05 23:22:37.0890 3424 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/05/05 23:22:37.0906 3424 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/05/05 23:22:37.0937 3424 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/05/05 23:22:37.0953 3424 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/05/05 23:22:37.0968 3424 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/05/05 23:22:37.0984 3424 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/05/05 23:22:38.0078 3424 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/05 23:22:38.0156 3424 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/05 23:22:38.0187 3424 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/05 23:22:38.0250 3424 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/05 23:22:38.0328 3424 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/05/05 23:22:38.0343 3424 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/05 23:22:38.0406 3424 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/05/05 23:22:38.0421 3424 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/05/05 23:22:38.0453 3424 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys
2011/05/05 23:22:38.0484 3424 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/05/05 23:22:38.0546 3424 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/05 23:22:38.0593 3424 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/05 23:22:38.0640 3424 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/05 23:22:38.0687 3424 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/05 23:22:38.0765 3424 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/05 23:22:38.0796 3424 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/05 23:22:38.0812 3424 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/05 23:22:38.0859 3424 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/05/05 23:22:38.0921 3424 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/05 23:22:38.0968 3424 guardian2 (7dadeb7f2215b1f883267cad67f091c1) C:\WINDOWS\system32\Drivers\oz776.sys
2011/05/05 23:22:39.0031 3424 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/05 23:22:39.0093 3424 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2011/05/05 23:22:39.0187 3424 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/05 23:22:39.0250 3424 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/05/05 23:22:39.0328 3424 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/05/05 23:22:39.0359 3424 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/05/05 23:22:39.0421 3424 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/05/05 23:22:39.0500 3424 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/05/05 23:22:39.0562 3424 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/05/05 23:22:39.0640 3424 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/05 23:22:39.0703 3424 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/05 23:22:39.0781 3424 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/05/05 23:22:39.0828 3424 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/05 23:22:39.0875 3424 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/05 23:22:39.0937 3424 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/05/05 23:22:40.0015 3424 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/05 23:22:40.0078 3424 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/05 23:22:40.0125 3424 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/05 23:22:40.0156 3424 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/05 23:22:40.0187 3424 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/05 23:22:40.0234 3424 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/05 23:22:40.0265 3424 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/05 23:22:40.0312 3424 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/05 23:22:40.0359 3424 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/05 23:22:40.0390 3424 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/05 23:22:40.0406 3424 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/05 23:22:40.0437 3424 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/05 23:22:40.0500 3424 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/05 23:22:40.0625 3424 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/05 23:22:40.0671 3424 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/05 23:22:40.0750 3424 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/05 23:22:40.0796 3424 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/05 23:22:40.0859 3424 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/05 23:22:40.0921 3424 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/05 23:22:40.0984 3424 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/05/05 23:22:41.0218 3424 MpKslf062b6ac (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0047C39-E594-466A-A986-0A77A3F6CDDF}\MpKslf062b6ac.sys
2011/05/05 23:22:41.0296 3424 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/05/05 23:22:41.0375 3424 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/05 23:22:41.0453 3424 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/05 23:22:41.0546 3424 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/05 23:22:41.0609 3424 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/05 23:22:41.0640 3424 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/05 23:22:41.0734 3424 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/05 23:22:41.0781 3424 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/05 23:22:41.0843 3424 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/05 23:22:41.0906 3424 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/05 23:22:41.0937 3424 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/05 23:22:41.0984 3424 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/05 23:22:42.0031 3424 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/05 23:22:42.0062 3424 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/05 23:22:42.0078 3424 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/05 23:22:42.0125 3424 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/05 23:22:42.0218 3424 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/05 23:22:42.0312 3424 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/05 23:22:42.0343 3424 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/05 23:22:42.0390 3424 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/05 23:22:42.0687 3424 nv (77f427e51479c66c09f967d15b639b37) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/05 23:22:43.0015 3424 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/05 23:22:43.0078 3424 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/05 23:22:43.0125 3424 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/05 23:22:43.0218 3424 OXSDIDRV_x32 (257190d58444732b68919c573368b64d) C:\WINDOWS\system32\DRIVERS\OXSDIDRV_x32.sys
2011/05/05 23:22:43.0328 3424 OXUDIDRV (8f534a8630f6baba92e14531f96906cd) C:\WINDOWS\system32\Drivers\OXUDIDRV_X32.sys
2011/05/05 23:22:43.0437 3424 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/05 23:22:43.0468 3424 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/05 23:22:43.0515 3424 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/05 23:22:43.0531 3424 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/05 23:22:43.0593 3424 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/05 23:22:43.0625 3424 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/05/05 23:22:43.0718 3424 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/05/05 23:22:43.0750 3424 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/05/05 23:22:43.0781 3424 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/05 23:22:43.0796 3424 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/05 23:22:43.0796 3424 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/05 23:22:43.0828 3424 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/05 23:22:43.0843 3424 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/05/05 23:22:43.0859 3424 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/05/05 23:22:43.0875 3424 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/05/05 23:22:43.0890 3424 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/05/05 23:22:43.0906 3424 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/05/05 23:22:43.0968 3424 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/05 23:22:44.0000 3424 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/05 23:22:44.0046 3424 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/05 23:22:44.0078 3424 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/05 23:22:44.0109 3424 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/05 23:22:44.0140 3424 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/05 23:22:44.0187 3424 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/05 23:22:44.0265 3424 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/05 23:22:44.0359 3424 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/05 23:22:44.0406 3424 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/05/05 23:22:44.0468 3424 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/05/05 23:22:44.0484 3424 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/05 23:22:44.0640 3424 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/05 23:22:44.0656 3424 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/05 23:22:44.0750 3424 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/05 23:22:44.0843 3424 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/05 23:22:44.0859 3424 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/05 23:22:44.0906 3424 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/05 23:22:44.0984 3424 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/05 23:22:45.0015 3424 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/05/05 23:22:45.0031 3424 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/05 23:22:45.0062 3424 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/05 23:22:45.0109 3424 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/05 23:22:45.0203 3424 STHDA (31ba85e1cff39a57f702a2a0877bb8e1) C:\WINDOWS\system32\drivers\sthda.sys
2011/05/05 23:22:45.0265 3424 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/05 23:22:45.0328 3424 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/05 23:22:45.0375 3424 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/05/05 23:22:45.0390 3424 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/05/05 23:22:45.0421 3424 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/05/05 23:22:45.0437 3424 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/05/05 23:22:45.0500 3424 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/05 23:22:45.0546 3424 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/05 23:22:45.0593 3424 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/05 23:22:45.0625 3424 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/05 23:22:45.0640 3424 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/05 23:22:45.0687 3424 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/05/05 23:22:45.0734 3424 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/05 23:22:45.0796 3424 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/05/05 23:22:45.0859 3424 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/05 23:22:45.0937 3424 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/05 23:22:46.0031 3424 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/05 23:22:46.0078 3424 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/05 23:22:46.0093 3424 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/05 23:22:46.0140 3424 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/05 23:22:46.0187 3424 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/05 23:22:46.0234 3424 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/05 23:22:46.0312 3424 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/05 23:22:46.0343 3424 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/05 23:22:46.0359 3424 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/05 23:22:46.0406 3424 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/05/05 23:22:46.0468 3424 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/05 23:22:46.0562 3424 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/05 23:22:46.0609 3424 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/05 23:22:46.0687 3424 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/05 23:22:46.0781 3424 winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/05 23:22:46.0937 3424 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/05 23:22:47.0062 3424 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/05 23:22:47.0140 3424 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/05 23:22:47.0234 3424 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/05 23:22:47.0328 3424 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/05 23:22:47.0390 3424 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/05 23:22:47.0390 3424 ================================================================================
2011/05/05 23:22:47.0390 3424 Scan finished
2011/05/05 23:22:47.0390 3424 ================================================================================
2011/05/05 23:22:47.0421 2244 Detected object count: 1
2011/05/05 23:22:59.0031 2244 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/05 23:22:59.0031 2244 \HardDisk0 - ok
2011/05/05 23:22:59.0031 2244 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/05 23:24:16.0765 4064 Deinitialize success

Edited by sh333, 05 May 2011 - 10:40 PM.


#4 sh333

sh333
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brantford, ON
  • Local time:01:46 AM

Posted 05 May 2011 - 10:47 PM

OTL logfile created on: 5/5/2011 11:42:13 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Scott\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 51.71 Gb Free Space | 46.29% Space Free | Partition Type: NTFS

Computer Name: LAPPY386 | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/05 23:41:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
PRC - [2011/01/10 13:28:54 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSConnector.exe
PRC - [2011/01/10 13:28:52 | 000,603,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSTrayApp.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/05/25 19:16:16 | 000,619,008 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe
PRC - [2009/08/23 00:00:00 | 000,029,992 | ---- | M] (Sage) -- C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe
PRC - [2008/12/19 18:56:54 | 004,149,248 | ---- | M] () -- C:\Program Files\SqueezeCenter\server\Bin\MSWin32-x86-multi-thread\mysqld.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/11 09:45:56 | 000,051,712 | ---- | M] (ArcSoft) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2007/06/15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2007/05/14 16:21:40 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/04/15 23:49:16 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2007/04/15 23:49:08 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/04/15 23:49:08 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/04/15 23:49:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2007/03/09 12:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2007/02/19 01:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2007/02/19 01:26:32 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/02/01 11:21:22 | 001,466,368 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
PRC - [2006/12/19 16:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/12/07 17:52:14 | 000,140,184 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
PRC - [2006/12/07 17:52:10 | 000,095,128 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
PRC - [2005/12/12 15:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2011/05/05 23:41:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/01/10 13:28:54 | 000,376,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\WHSConnector.exe -- (WHSConnector)
SRV - [2010/12/04 00:00:00 | 000,042,312 | ---- | M] (Sage) [On_Demand | Stopped] -- C:\Program Files\winsim\TransactionManager2010 - CDN\Sage_SA.TransactionManager.exe -- (Simply Accounting Transaction Manager 2010 - CDN)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/08/23 00:00:00 | 000,029,992 | ---- | M] (Sage) [Auto | Running] -- C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe -- (Simply Accounting Database Connection Manager)
SRV - [2008/12/19 18:56:54 | 004,149,248 | ---- | M] () [Auto | Running] -- C:\Program Files\SqueezeCenter\server\Bin\MSWin32-x86-multi-thread\mysqld.exe -- (SqueezeMySQL)
SRV - [2007/12/14 11:37:59 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2007/10/11 09:45:56 | 000,051,712 | ---- | M] (ArcSoft) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2007/06/15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/05/14 16:21:40 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/02/19 01:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/02/01 11:21:22 | 001,466,368 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2006/12/19 16:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2006/12/07 17:52:14 | 000,140,184 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)
SRV - [2006/12/07 17:52:10 | 000,095,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/05/05 23:26:19 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0047C39-E594-466A-A986-0A77A3F6CDDF}\MpKsl2c7b39a5.sys -- (MpKsl2c7b39a5)
DRV - [2011/01/10 13:29:18 | 000,044,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BackupReader.sys -- (BackupReader)
DRV - [2010/05/25 08:14:34 | 000,024,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OXUDIDRV_x32.sys -- (OXUDIDRV)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/28 09:55:38 | 000,052,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OXSDIDRV_x32.sys -- (OXSDIDRV_x32) Oxford Semi eSATA Filter (x32)
DRV - [2007/10/09 19:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/04/15 23:49:08 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/03/18 17:44:38 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/19 01:27:34 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/01/31 20:19:04 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/01/31 20:19:02 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/01/31 20:19:02 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/01/30 19:37:18 | 000,056,320 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2006/12/19 16:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/11/02 14:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
DRV - [2006/08/18 15:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 15:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 15:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 15:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 15:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 15:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 15:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 15:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 12:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 12:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/02/20 20:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2005/08/12 19:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=2071129
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=2071129


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=2071129
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=2071129
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3050515206-3307044583-2801201446-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3050515206-3307044583-2801201446-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3050515206-3307044583-2801201446-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/products
IE - HKU\S-1-5-21-3050515206-3307044583-2801201446-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3050515206-3307044583-2801201446-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3050515206-3307044583-2801201446-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3050515206-3307044583-2801201446-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========




Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\11.0.696.57\npchrome_frame.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3050515206-3307044583-2801201446-1006\..\Toolbar\ShellBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3050515206-3307044583-2801201446-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-3050515206-3307044583-2801201446-1006\..\Toolbar\WebBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ConnectionManager] C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe (Sage)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Home Server.lnk = C:\WINDOWS\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3050515206-3307044583-2801201446-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3050515206-3307044583-2801201446-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3050515206-3307044583-2801201446-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3050515206-3307044583-2801201446-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DeviceEnum Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\11.0.696.57\npchrome_frame.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qgc.exe" -a "%1" %*
O35 - HKU\S-1-5-21-3050515206-3307044583-2801201446-1006..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qgc.exe" -a "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qgc.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qgc.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/05 23:40:56 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
[2011/05/05 23:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Desktop\tdsskiller
[2011/04/30 21:38:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Scott\Recent
[2011/04/30 18:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com
[2011/04/30 18:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/30 18:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/04/30 18:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/30 18:06:28 | 011,018,296 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Scott\Desktop\SUPERAntiSpyware.exe
[2011/04/30 17:29:59 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Scott\Desktop\funbags.com.exe
[2011/04/30 17:16:19 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\TFC.exe
[2011/04/30 02:06:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/30 01:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Desktop\gmer
[2011/04/30 00:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/04/30 00:14:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/04/29 20:10:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/29 19:50:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/29 19:45:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/29 19:45:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/29 19:45:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/29 19:45:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/29 19:45:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/29 19:44:55 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/04/29 18:55:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/29 00:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/29 00:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/28 22:56:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/04/28 22:18:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/04/28 22:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/28 22:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/28 22:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/24 12:49:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2011/04/23 15:17:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Local Settings\Application Data\Nikon
[2011/04/23 15:17:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Application Data\Nikon
[2011/04/23 15:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nikon Message Center 2
[2011/04/23 15:13:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ViewNX 2
[2011/04/23 15:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2011/04/23 15:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2011/04/23 15:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Link to Nikon
[2011/04/23 14:58:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\My Documents\AVS4YOU
[2011/04/23 14:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2011/04/23 14:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Application Data\AVS4YOU
[2011/04/23 14:39:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Start Menu\Programs\AVS4YOU
[2011/04/23 14:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVS4YOU
[2011/04/23 14:37:24 | 010,915,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\libmfxhw32.dll
[2011/04/23 14:37:24 | 010,833,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\libmfxsw32.dll
[2011/04/23 14:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2011/04/23 14:37:09 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2011/04/23 14:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2011/04/22 23:46:50 | 000,000,000 | ---D | C] -- C:\Program Files\Nikon
[2011/04/22 23:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon
[2011/04/12 16:36:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Application Data\VMware
[2011/04/12 16:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\VMware
[2011/04/12 16:34:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VMware
[2011/04/12 14:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\PLX Technology
[2011/04/12 14:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Iomega
[2011/04/12 14:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Local Settings\Application Data\Downloaded Installations

========== Files - Modified Within 30 Days ==========

[2011/05/05 23:41:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
[2011/05/05 23:31:20 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/05 23:28:47 | 000,000,435 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/05/05 23:28:44 | 000,131,831 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/05/05 23:26:42 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Home Server.lnk
[2011/05/05 23:26:16 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/05 23:26:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/05 23:26:04 | 2145,353,728 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/05 23:20:22 | 001,280,815 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\tdsskiller.zip
[2011/05/05 23:17:55 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{310D5434-C5A0-4D9C-A942-225662CAEDD9}.job
[2011/05/05 23:17:51 | 000,131,831 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/05/05 23:16:01 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\Microsoft Office Word 2003.lnk
[2011/05/05 23:09:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/01 16:09:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/01 16:05:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/01 15:50:24 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\Microsoft Office FrontPage 2003.lnk
[2011/04/30 23:55:49 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/04/30 23:53:30 | 000,000,438 | ---- | M] () -- C:\Documents and Settings\Scott\My Documents\cc_20110430_235326.reg
[2011/04/30 21:53:48 | 000,004,644 | -HS- | M] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\v403h3pv7p3ucy0uwp0r27yv08uwt87ck0o4w1v3e4
[2011/04/30 21:53:48 | 000,004,644 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\v403h3pv7p3ucy0uwp0r27yv08uwt87ck0o4w1v3e4
[2011/04/30 21:37:40 | 000,001,244 | ---- | M] () -- C:\Documents and Settings\Scott\My Documents\cc_20110430_213735.reg
[2011/04/30 18:07:05 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/30 18:06:32 | 011,018,296 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Scott\Desktop\SUPERAntiSpyware.exe
[2011/04/30 18:02:13 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/04/30 17:16:21 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\TFC.exe
[2011/04/30 14:54:40 | 000,112,640 | ---- | M] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/30 01:34:01 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Scott\defogger_reenable
[2011/04/30 01:31:36 | 000,293,176 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\gmer.zip
[2011/04/30 01:30:34 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\dds.scr
[2011/04/30 01:08:24 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\Defogger.exe
[2011/04/30 01:08:12 | 000,011,586 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\t62826c4cq4ma1km2r7255u1q44bufn1po63n376n
[2011/04/30 00:57:53 | 000,011,428 | -HS- | M] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\1972285880
[2011/04/30 00:57:53 | 000,011,428 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1972285880
[2011/04/30 00:57:41 | 000,011,336 | -HS- | M] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\299683484
[2011/04/30 00:57:41 | 000,011,336 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\299683484
[2011/04/30 00:56:47 | 000,011,940 | -HS- | M] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\t62826c4cq4ma1km2r7255u1q44bufn1po63n376n
[2011/04/30 00:52:40 | 000,057,368 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/30 00:26:49 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/04/29 20:28:47 | 000,003,940 | ---- | M] () -- C:\Documents and Settings\Scott\My Documents\cc_20110429_202844.reg
[2011/04/29 19:50:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/29 18:17:12 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Scott\Desktop\funbags.com.exe
[2011/04/29 12:34:38 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\Microsoft Office Excel 2003.lnk
[2011/04/29 10:57:13 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\Kijiji Brantford Classifieds Free Classified Ads for Brantford, Ontario.url
[2011/04/29 01:48:28 | 000,001,225 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/04/29 01:09:59 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/04/28 23:42:41 | 000,000,426 | ---- | M] () -- C:\Documents and Settings\Scott\My Documents\cc_20110428_234237.reg
[2011/04/28 23:37:31 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\SpywareBlaster.lnk
[2011/04/28 23:19:49 | 000,001,308 | ---- | M] () -- C:\Documents and Settings\Scott\My Documents\cc_20110428_231945.reg
[2011/04/28 22:04:50 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Xyuxayewe.dat
[2011/04/28 22:04:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Xpuvazalebinuri.bin
[2011/04/25 14:46:48 | 000,001,522 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\C-60 Low Noise.url
[2011/04/24 22:08:52 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2011/04/24 21:49:52 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2011/04/24 09:26:12 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/23 17:36:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ViewNX2.INI
[2011/04/23 15:13:23 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ViewNX 2.lnk
[2011/04/23 15:12:54 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\Horns
[2011/04/23 15:12:54 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\Scott\Application Data\Hip Hop
[2011/04/23 15:12:54 | 000,000,012 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\Internet Services
[2011/04/23 15:12:53 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\Horn Section
[2011/04/23 15:12:53 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\HomePageService
[2011/04/23 15:12:53 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\Scott\Application Data\Helper Scripts
[2011/04/23 15:12:53 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2011/04/23 15:12:53 | 000,000,012 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\Instrument Library
[2011/04/23 15:12:53 | 000,000,012 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\InkjetPrinter
[2011/04/23 15:12:40 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ATL71.DLL
[2011/04/23 14:39:32 | 000,000,946 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\AVS4YOU Software Navigator.lnk
[2011/04/22 23:38:47 | 000,008,440 | ---- | M] () -- C:\WINDOWS\lviewpro.ini
[2011/04/18 01:01:02 | 000,000,332 | ---- | M] () -- C:\Documents and Settings\Scott\My Documents\cc_20110418_010059.reg
[2011/04/18 00:59:07 | 000,018,172 | ---- | M] () -- C:\Documents and Settings\Scott\My Documents\cc_20110418_005856.reg
[2011/04/18 00:57:13 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/04/18 00:57:07 | 000,446,424 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/18 00:57:07 | 000,073,464 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/14 08:45:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/13 10:46:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\Microsoft Office Outlook 2003.lnk
[2011/04/12 16:34:37 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/04/09 00:09:22 | 000,000,361 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\Webmaster Tools - Home.url
[2011/04/07 11:25:28 | 000,000,480 | ---- | M] () -- C:\Documents and Settings\Scott\My Documents\cc_20110407_112523.reg

========== Files Created - No Company Name ==========

[2011/05/05 23:20:20 | 001,280,815 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\tdsskiller.zip
[2011/04/30 23:53:28 | 000,000,438 | ---- | C] () -- C:\Documents and Settings\Scott\My Documents\cc_20110430_235326.reg
[2011/04/30 21:53:05 | 000,004,644 | -HS- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\v403h3pv7p3ucy0uwp0r27yv08uwt87ck0o4w1v3e4
[2011/04/30 21:53:05 | 000,004,644 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\v403h3pv7p3ucy0uwp0r27yv08uwt87ck0o4w1v3e4
[2011/04/30 21:37:37 | 000,001,244 | ---- | C] () -- C:\Documents and Settings\Scott\My Documents\cc_20110430_213735.reg
[2011/04/30 18:07:05 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/30 17:29:59 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\rkill.com
[2011/04/30 01:40:05 | 000,293,176 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\gmer.zip
[2011/04/30 01:35:10 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\dds.scr
[2011/04/30 01:34:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Scott\defogger_reenable
[2011/04/30 01:33:24 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\Defogger.exe
[2011/04/30 01:08:11 | 000,011,586 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\t62826c4cq4ma1km2r7255u1q44bufn1po63n376n
[2011/04/30 00:55:35 | 000,011,336 | -HS- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\299683484
[2011/04/30 00:55:35 | 000,011,336 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\299683484
[2011/04/30 00:55:25 | 000,011,428 | -HS- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\1972285880
[2011/04/30 00:54:14 | 000,011,940 | -HS- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\t62826c4cq4ma1km2r7255u1q44bufn1po63n376n
[2011/04/30 00:54:14 | 000,011,428 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1972285880
[2011/04/30 00:54:02 | 000,011,590 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\t62826c4cq4ma1km2r7255u1q44bufn1po63n376n
[2011/04/30 00:54:02 | 000,011,586 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\t62826c4cq4ma1km2r7255u1q44bufn1po63n376n
[2011/04/30 00:26:48 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/04/30 00:14:47 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/04/29 20:28:46 | 000,003,940 | ---- | C] () -- C:\Documents and Settings\Scott\My Documents\cc_20110429_202844.reg
[2011/04/29 19:50:52 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/29 19:50:48 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/29 19:45:43 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/29 19:45:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/29 19:45:43 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/29 19:45:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/29 19:45:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/28 23:42:40 | 000,000,426 | ---- | C] () -- C:\Documents and Settings\Scott\My Documents\cc_20110428_234237.reg
[2011/04/28 23:19:47 | 000,001,308 | ---- | C] () -- C:\Documents and Settings\Scott\My Documents\cc_20110428_231945.reg
[2011/04/28 22:04:50 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Xyuxayewe.dat
[2011/04/28 22:04:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xpuvazalebinuri.bin
[2011/04/23 17:36:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2011/04/23 15:13:23 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ViewNX 2.lnk
[2011/04/23 15:12:54 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Horns
[2011/04/23 15:12:54 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Scott\Application Data\Hip Hop
[2011/04/23 15:12:54 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2011/04/23 15:12:54 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Internet Services
[2011/04/23 15:12:53 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Horn Section
[2011/04/23 15:12:53 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\HomePageService
[2011/04/23 15:12:53 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Scott\Application Data\Helper Scripts
[2011/04/23 15:12:53 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2011/04/23 15:12:53 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2011/04/23 15:12:53 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Instrument Library
[2011/04/23 15:12:53 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\InkjetPrinter
[2011/04/23 14:39:32 | 000,000,946 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\AVS4YOU Software Navigator.lnk
[2011/04/18 01:01:00 | 000,000,332 | ---- | C] () -- C:\Documents and Settings\Scott\My Documents\cc_20110418_010059.reg
[2011/04/18 00:59:05 | 000,018,172 | ---- | C] () -- C:\Documents and Settings\Scott\My Documents\cc_20110418_005856.reg
[2011/04/12 16:34:37 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/04/12 14:52:01 | 000,024,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\OXUDIDRV_x32.sys
[2011/04/09 00:09:22 | 000,000,361 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\Webmaster Tools - Home.url
[2011/04/07 11:25:26 | 000,000,480 | ---- | C] () -- C:\Documents and Settings\Scott\My Documents\cc_20110407_112523.reg
[2010/02/17 19:40:35 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/02/17 19:40:33 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/02/17 19:40:33 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/02/17 19:40:33 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/02/17 19:40:33 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/02/17 19:40:33 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/02/17 19:40:33 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/02/17 19:40:33 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/02/17 19:40:33 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/02/17 19:40:33 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/02/17 19:40:33 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/02/17 19:40:33 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/02/17 19:40:33 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/02/17 19:40:33 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/02/17 19:40:33 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/02/17 19:40:33 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/02/17 19:40:33 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/02/17 19:40:33 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/02/17 19:40:33 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/11/15 20:22:02 | 000,057,368 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/30 13:51:40 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/09/28 09:55:38 | 000,052,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\OXSDIDRV_x32.sys
[2009/09/28 09:55:16 | 000,048,688 | ---- | C] () -- C:\WINDOWS\System32\OXSDICIN_x32.dll
[2009/06/02 23:21:43 | 000,000,014 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\AdobeUpdater.rbt
[2009/04/16 11:03:52 | 161,013,024 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/04/16 11:03:52 | 009,775,392 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/12/26 05:16:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/11/21 11:56:27 | 000,000,070 | ---- | C] () -- C:\WINDOWS\polite.ini
[2008/01/17 22:07:58 | 000,002,134 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/16 23:38:24 | 000,008,440 | ---- | C] () -- C:\WINDOWS\lviewpro.ini
[2007/12/16 21:30:51 | 000,112,640 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/14 03:08:41 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\fusioncache.dat
[2007/12/14 02:37:52 | 000,112,396 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2007/12/14 02:37:52 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2007/12/13 18:21:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/12/13 17:05:30 | 000,000,098 | ---- | C] () -- C:\WINDOWS\Simply.ini
[2007/12/13 11:24:04 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2007/12/12 23:29:45 | 000,001,225 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/29 22:04:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/11/29 22:01:32 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/11/29 22:01:32 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/11/29 21:57:46 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/11/29 21:57:45 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/11/29 21:57:45 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2007/11/29 21:53:42 | 001,736,704 | ---- | C] () -- C:\WINDOWS\System32\Tsp1.dll
[2007/11/29 21:51:59 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2007/11/29 21:51:59 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2007/11/29 21:31:24 | 000,131,831 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2007/11/29 21:27:37 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/11/29 21:27:37 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/11/29 21:27:37 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/11/29 21:27:36 | 001,018,748 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/11/29 21:27:36 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/11/29 21:27:35 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/11/29 21:27:35 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/11/29 21:27:33 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/11/29 21:27:32 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/11/29 21:27:07 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2007/11/29 21:26:07 | 000,001,221 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/08/09 14:59:54 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\myodbc3i.exe
[2007/08/09 14:59:54 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\myodbc3m.exe
[2007/01/30 17:30:30 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2006/11/07 06:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/17 01:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 01:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/10 15:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 15:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 14:57:52 | 000,004,328 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 14:57:15 | 000,279,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 14:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 14:51:20 | 000,446,424 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 14:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 14:51:20 | 000,073,464 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 14:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 14:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 14:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 14:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 14:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 14:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 14:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 14:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

#5 sh333

sh333
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brantford, ON
  • Local time:01:46 AM

Posted 05 May 2011 - 10:50 PM

OTL Extras logfile created on: 5/5/2011 11:42:13 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Scott\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 51.71 Gb Free Space | 46.29% Space Free | Partition Type: NTFS

Computer Name: LAPPY386 | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qgc.exe" -a "%1" %*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qgc.exe" -a "%1" %*

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qgc.exe" -a "%1" %*

[HKEY_USERS\S-1-5-21-3050515206-3307044583-2801201446-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qgc.exe" -a "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"9000:TCP" = 9000:TCP:*:Enabled:SqueezeCenter 9000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:SqueezeCenter 9090 tcp (CLI)
"3483:UDP" = 3483:UDP:*:Enabled:SqueezeCenter 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:SqueezeCenter 3483 tcp

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Windows Home Server\Discovery.exe" = C:\Program Files\Windows Home Server\Discovery.exe:*:Enabled:Windows Home Server Connector -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{04FCD5DE-1662-4F99-BDA9-C57212113EF2}" = RemoteComms External Disk Access
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{084AF11D-CF20-4FD3-AE25-BC655B467BEA}" = HP MediaSmart Server
"{089759B6-8B18-4AE5-9350-E132E0C22C01}" = Simply Accounting by Sage 2007
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{105F3CE5-FE55-408E-BF30-E78F85BA0B12}" = Dell Printer Software
"{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}" = HP Driver Diagnostics
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server Connector
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 20
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{316CDA1E-4760-4772-94B0-0FFC56D85700}" = RPS CRT
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51A79BE3-6AF4-4405-AC9A-E5F74FE20299}" = Simply Accounting by Sage 2007
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5BB74B26-8320-4846-951F-84CFFAD671C6}" = Simply Accounting by Sage 2010
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iPhone Explorer 2.100
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9556CFD4-3F7E-4D1C-958B-759703E9CC21}" = O2Micro USB Smart Card Reader
"{982B2A0F-7679-41D6-A584-C8E735F4A8CD}" = Windows Home Server Toolkit 1.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO HD Edition
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A618BB0D-8B88-45FF-83CD-783B4AE59AA0}" = NTRU TCG Software Stack
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AF0A9F3C-E3B0-4105-B981-095BDB90A382}" = Conflict Resolver
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E6095BEA-8C97-4342-B771-13BB72AC1D88}" = biolsp patch
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F929096B-54A0-4C5C-B125-1E7EB1917412}" = MySQL Connector/ODBC 3.51
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"3A5CA951EF665845B5AD1156BD88090C7A4F3E57" = Windows Driver Package - Intel (E1000) Net (08/20/2008 8.10.3.0)
"5FD5E95A18EBF60A056BA7A51A2E794E4216D3DD" = Windows Driver Package - O2Micro (guardian2) SmartCardReader (02/05/2007 1.1.3.7)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 5
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BlackBerry_{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Canon Digital Camera USB WIA Driver" = Canon Digital Camera USB WIA Driver
"CCleaner" = CCleaner
"Chainlove" = Chainlove Desktop Alert
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Defraggler" = Defraggler
"Electronic Shipping Tools" = Electronic Shipping Tools
"Flickr Uploadr" = Flickr Uploadr 3.0.1
"foobar2000" = foobar2000 v1.0.3
"Google Chrome" = Google Chrome
"Google Chrome Frame" = Google Chrome Frame
"GoToAssist" = GoToAssist 8.0.0.480
"HitmanPro35" = Hitman Pro 3.5
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{5BB74B26-8320-4846-951F-84CFFAD671C6}" = Simply Accounting by Sage 2010
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Outlook Email Address Extractor Pro" = Outlook Email Address Extractor Pro
"SearchAssist" = SearchAssist
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SqueezeCenter_is1" = SqueezeCenter 7.3.1
"SteepAndCheap" = SAC Desktop Alert
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3050515206-3307044583-2801201446-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2f8d25aeed0b3ae4" = Sage Download Manager
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/1/2011 8:36:09 AM | Computer Name = LAPPY386 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6316531

Error - 5/1/2011 12:04:47 PM | Computer Name = LAPPY386 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 5/1/2011 12:04:49 PM | Computer Name = LAPPY386 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/1/2011 12:05:03 PM | Computer Name = LAPPY386 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 5/1/2011 12:05:04 PM | Computer Name = LAPPY386 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/1/2011 1:18:04 PM | Computer Name = LAPPY386 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00022235.

Error - 5/5/2011 11:17:41 PM | Computer Name = LAPPY386 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/5/2011 11:17:41 PM | Computer Name = LAPPY386 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18500

Error - 5/5/2011 11:17:41 PM | Computer Name = LAPPY386 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18500

Error - 5/5/2011 11:25:03 PM | Computer Name = LAPPY386 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 5/1/2011 12:03:14 PM | Computer Name = LAPPY386 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Upnp Server 9 service
to connect.

Error - 5/1/2011 12:03:14 PM | Computer Name = LAPPY386 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 5/1/2011 12:03:14 PM | Computer Name = LAPPY386 | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 5/5/2011 11:12:45 PM | Computer Name = LAPPY386 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 5/5/2011 11:12:45 PM | Computer Name = LAPPY386 | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 5/5/2011 11:15:16 PM | Computer Name = LAPPY386 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 5/5/2011 11:15:16 PM | Computer Name = LAPPY386 | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 5/5/2011 11:25:03 PM | Computer Name = LAPPY386 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.103.724.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 5/5/2011 11:27:21 PM | Computer Name = LAPPY386 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 5/5/2011 11:27:21 PM | Computer Name = LAPPY386 | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2


< End of report >

#6 sh333

sh333
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brantford, ON
  • Local time:01:46 AM

Posted 05 May 2011 - 11:11 PM

Well, I can't say for sure how thing are running yet, but Microsoft Security Essentials has finally been able to update and is now running a full scan. whatever virus was running on this computer seems to have blocked MSE from updating along with a bunch of other annoying stuff. The update did not hang up this time, so this is a pretty big improvement already :)

I will wait to hear back for you as to what else you want me to do. Thanks again.

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:46 AM

Posted 06 May 2011 - 11:04 AM

Hi!

We still have some work to do. You still have some malicious files on your computer.

The main infection that you were infected with is called TDL4.

See the snippet of text below:

2011/05/05 23:22:47.0421 2244 Detected object count: 1
2011/05/05 23:22:59.0031 2244 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/05 23:22:59.0031 2244 \HardDisk0 - ok
2011/05/05 23:22:59.0031 2244 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/05 23:24:16.0765 4064 Deinitialize success


You can read more about this infection here:

Special thanks to quietman7 for providing the above links.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\cf - No CLSID value found
    O35 - HKLM\..exefile [open] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qgc.exe" -a "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qgc.exe" -a "%1" %*
    O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qgc.exe" -a "%1" %*
    O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qgc.exe" -a "%1" %*
    [2011/04/30 21:53:48 | 000,004,644 | -HS- | M] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\v403h3pv7p3ucy0uwp0r27yv08uwt87ck0o4w1v3e4
    [2011/04/30 21:53:48 | 000,004,644 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\v403h3pv7p3ucy0uwp0r27yv08uwt87ck0o4w1v3e4
    [2011/04/30 01:08:12 | 000,011,586 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\t62826c4cq4ma1km2r7255u1q44bufn1po63n376n
    [2011/04/30 00:57:53 | 000,011,428 | -HS- | M] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\1972285880
    [2011/04/30 00:57:53 | 000,011,428 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1972285880
    [2011/04/30 00:57:41 | 000,011,336 | -HS- | M] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\299683484
    [2011/04/30 00:57:41 | 000,011,336 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\299683484
    [2011/04/30 00:56:47 | 000,011,940 | -HS- | M] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\t62826c4cq4ma1km2r7255u1q44bufn1po63n376n
    [2011/04/28 22:04:50 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Xyuxayewe.dat
    [2011/04/30 21:53:05 | 000,004,644 | -HS- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\v403h3pv7p3ucy0uwp0r27yv08uwt87ck0o4w1v3e4
    [2011/04/30 21:53:05 | 000,004,644 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\v403h3pv7p3ucy0uwp0r27yv08uwt87ck0o4w1v3e4
    [2011/04/30 01:08:11 | 000,011,586 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\t62826c4cq4ma1km2r7255u1q44bufn1po63n376n
    [2011/04/30 00:55:35 | 000,011,336 | -HS- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\299683484
    [2011/04/30 00:55:35 | 000,011,336 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\299683484
    [2011/04/30 00:55:25 | 000,011,428 | -HS- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\1972285880
    [2011/04/30 00:54:14 | 000,011,940 | -HS- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\t62826c4cq4ma1km2r7255u1q44bufn1po63n376n
    [2011/04/30 00:54:14 | 000,011,428 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1972285880
    [2011/04/30 00:54:02 | 000,011,590 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\t62826c4cq4ma1km2r7255u1q44bufn1po63n376n
    [2011/04/30 00:54:02 | 000,011,586 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\t62826c4cq4ma1km2r7255u1q44bufn1po63n376n
    [2011/04/28 22:04:50 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Xyuxayewe.dat
    [2011/04/28 22:04:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xpuvazalebinuri.bin
    
    :Reg
    
    :Files
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\qgc.exe
    type "C:\ComboFix.txt" /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 sh333

sh333
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brantford, ON
  • Local time:01:46 AM

Posted 06 May 2011 - 09:52 PM

Hi,

Thanks very much!

I followed your instructions but I did end up having run the Fix twice for some reason. It hung up on the first run thru, but it worked on the 2nd try.

Here is the Log as requested:


All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\cf\ not found.
File Protocol\Handler\cf - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\'' updated successfully.
File "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qgc.exe" -a "%1" %* not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\shell\open\command\\|"%1" %* /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Classes\.exe\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
File C:\Documents and Settings\Scott\Local Settings\Application Data\v403h3pv7p3ucy0uwp0r27yv08uwt87ck0o4w1v3e4 not found.
File C:\Documents and Settings\All Users\Application Data\v403h3pv7p3ucy0uwp0r27yv08uwt87ck0o4w1v3e4 not found.
File C:\Documents and Settings\All Users\Application Data\t62826c4cq4ma1km2r7255u1q44bufn1po63n376n not found.
File C:\Documents and Settings\Scott\Local Settings\Application Data\1972285880 not found.
File C:\Documents and Settings\All Users\Application Data\1972285880 not found.
File C:\Documents and Settings\Scott\Local Settings\Application Data\299683484 not found.
File C:\Documents and Settings\All Users\Application Data\299683484 not found.
File C:\Documents and Settings\Scott\Local Settings\Application Data\t62826c4cq4ma1km2r7255u1q44bufn1po63n376n not found.
File C:\WINDOWS\Xyuxayewe.dat not found.
File C:\Documents and Settings\Scott\Local Settings\Application Data\v403h3pv7p3ucy0uwp0r27yv08uwt87ck0o4w1v3e4 not found.
File C:\Documents and Settings\All Users\Application Data\v403h3pv7p3ucy0uwp0r27yv08uwt87ck0o4w1v3e4 not found.
File C:\Documents and Settings\LocalService\Local Settings\Application Data\t62826c4cq4ma1km2r7255u1q44bufn1po63n376n not found.
File C:\Documents and Settings\Scott\Local Settings\Application Data\299683484 not found.
File C:\Documents and Settings\All Users\Application Data\299683484 not found.
File C:\Documents and Settings\Scott\Local Settings\Application Data\1972285880 not found.
File C:\Documents and Settings\Scott\Local Settings\Application Data\t62826c4cq4ma1km2r7255u1q44bufn1po63n376n not found.
File C:\Documents and Settings\All Users\Application Data\1972285880 not found.
File C:\Documents and Settings\NetworkService\Local Settings\Application Data\t62826c4cq4ma1km2r7255u1q44bufn1po63n376n not found.
File C:\Documents and Settings\All Users\Application Data\t62826c4cq4ma1km2r7255u1q44bufn1po63n376n not found.
File C:\WINDOWS\Xyuxayewe.dat not found.
File C:\WINDOWS\Xpuvazalebinuri.bin not found.
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Application Data\qgc.exe not found.
< type "C:\ComboFix.txt" /c >
ComboFix 11-04-29.02 - Scott 04/29/2011 19:55:42.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1460 [GMT -4:00]
Running from: c:\documents and settings\Scott\My Documents\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\Scott\Application Data\Adobe\plugs
c:\documents and settings\Scott\Application Data\Adobe\shed
c:\documents and settings\Scott\Application Data\F397E4C70A42487ED68CEB842D7A551D
c:\documents and settings\Scott\Application Data\F397E4C70A42487ED68CEB842D7A551D\enemies-names.txt
c:\documents and settings\Scott\Application Data\F397E4C70A42487ED68CEB842D7A551D\local.ini
c:\documents and settings\Scott\GoToAssistDownloadHelper.exe
c:\documents and settings\Scott\Local Settings\Application Data\{9518EBDC-D185-406E-87D2-78D3E3A8BE98}
c:\documents and settings\Scott\Local Settings\Application Data\{9518EBDC-D185-406E-87D2-78D3E3A8BE98}\chrome.manifest
c:\documents and settings\Scott\Local Settings\Application Data\{9518EBDC-D185-406E-87D2-78D3E3A8BE98}\chrome\content\_cfg.js
c:\documents and settings\Scott\Local Settings\Application Data\{9518EBDC-D185-406E-87D2-78D3E3A8BE98}\chrome\content\overlay.xul
c:\documents and settings\Scott\Local Settings\Application Data\{9518EBDC-D185-406E-87D2-78D3E3A8BE98}\install.rdf
c:\documents and settings\Scott\WINDOWS
c:\windows\system32\Drivers\vonnppx.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-30 )))))))))))))))))))))))))))))))
.
.
2011-04-29 22:39 . 2011-04-29 22:39 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BFAA0BB7-E642-4DD7-878B-22258D966D6F}\MpKsl933a7a73.sys
2011-04-29 05:53 . 2011-04-29 05:53 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BFAA0BB7-E642-4DD7-878B-22258D966D6F}\MpKsl2f3c6a5b.sys
2011-04-29 05:51 . 2011-04-29 05:51 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BFAA0BB7-E642-4DD7-878B-22258D966D6F}\MpKslfad50434.sys
2011-04-29 04:51 . 2011-04-29 04:51 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-04-29 02:33 . 2011-04-29 02:33 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BFAA0BB7-E642-4DD7-878B-22258D966D6F}\MpKsl28fd74d1.sys
2011-04-29 02:14 . 2011-04-29 02:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-04-29 02:04 . 2011-04-29 02:04 0 ----a-w- c:\windows\Xpuvazalebinuri.bin
2011-04-27 08:46 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BFAA0BB7-E642-4DD7-878B-22258D966D6F}\mpengine.dll
2011-04-24 16:49 . 2011-04-24 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon
2011-04-23 19:17 . 2011-04-25 01:47 -------- d-----w- c:\documents and settings\Scott\Application Data\Nikon
2011-04-23 19:17 . 2011-04-23 19:17 -------- d-----w- c:\documents and settings\Scott\Local Settings\Application Data\Nikon
2011-04-23 19:14 . 2011-04-23 19:14 57344 ----a-r- c:\documents and settings\Scott\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2011-04-23 19:12 . 2011-04-23 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15
2011-04-23 19:12 . 2011-04-23 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp
2011-04-23 18:41 . 2011-04-23 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2011-04-23 18:40 . 2011-04-23 18:40 -------- d-----w- c:\documents and settings\Scott\Application Data\AVS4YOU
2011-04-23 18:37 . 2010-11-19 13:47 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
2011-04-23 18:37 . 2010-11-19 13:47 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
2011-04-23 18:37 . 2011-04-23 18:39 -------- d-----w- c:\program files\Common Files\AVSMedia
2011-04-23 18:37 . 2011-04-23 18:39 -------- d-----w- c:\program files\AVS4YOU
2011-04-23 18:37 . 2010-06-22 13:43 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-04-23 03:46 . 2011-04-23 19:16 -------- d-----w- c:\program files\Nikon
2011-04-23 03:46 . 2011-04-23 19:15 -------- d-----w- c:\program files\Common Files\Nikon
2011-04-12 20:36 . 2011-04-13 15:31 -------- d-----w- c:\documents and settings\Scott\Application Data\VMware
2011-04-12 20:34 . 2011-04-13 15:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VMware
2011-04-12 20:34 . 2011-04-13 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2011-04-12 18:52 . 2011-04-12 18:52 -------- d-----w- c:\program files\PLX Technology
2011-04-12 18:52 . 2010-05-25 12:14 24880 ----a-w- c:\windows\system32\drivers\OXUDIDRV_x32.sys
2011-04-12 18:51 . 2011-04-12 18:51 -------- d-----w- c:\program files\Iomega
2011-04-12 18:51 . 2011-04-12 18:51 -------- d-----w- c:\documents and settings\Scott\Local Settings\Application Data\Downloaded Installations
2011-04-05 01:21 . 2011-04-05 01:21 -------- d-----w- c:\documents and settings\Scott\Local Settings\Application Data\WMTools Downloaded Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-23 19:12 . 2003-03-19 01:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
2011-04-11 07:04 . 2010-12-02 04:30 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-07 05:33 . 2004-08-10 19:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-10 18:51 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-10 18:51 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-10 18:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-10 18:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-10 18:51 385024 ----a-w- c:\windows\system32\html.iec
2011-02-18 20:36 . 2009-05-30 21:19 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-18 20:36 . 2008-09-05 19:58 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-17 13:18 . 2004-08-10 18:51 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-10 18:51 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-15 21:27 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-10 18:50 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2004-08-10 19:01 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53 . 2004-08-10 18:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-10 18:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-10 18:51 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-10 18:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2004-08-10 19:01 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"ConnectionManager"="c:\program files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe" [2009-08-23 91432]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2009-6-30 221247]
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2009-4-19 603504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-12-14 15:37 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Chainlove-Desktop-Alert.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Chainlove-Desktop-Alert.lnk
backup=c:\windows\pss\Chainlove-Desktop-Alert.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Company File Check & Repair.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Company File Check & Repair.lnk
backup=c:\windows\pss\Company File Check & Repair.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office Documents.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office Documents.lnk
backup=c:\windows\pss\Microsoft Office Documents.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^New Business Guide.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\New Business Guide.lnk
backup=c:\windows\pss\New Business Guide.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO HD Edition.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO HD Edition.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SAC-Desktop-Alert.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SAC-Desktop-Alert.lnk
backup=c:\windows\pss\SAC-Desktop-Alert.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Simply Accounting Basic 2007.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Simply Accounting Basic 2007.lnk
backup=c:\windows\pss\Simply Accounting Basic 2007.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Simply Accounting by Sage Help.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Simply Accounting by Sage Help.lnk
backup=c:\windows\pss\Simply Accounting by Sage Help.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SqueezeCenter Tray Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SqueezeCenter Tray Tool.lnk
backup=c:\windows\pss\SqueezeCenter Tray Tool.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Upgrade.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Upgrade.lnk
backup=c:\windows\pss\Upgrade.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 16:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-11-12 20:20 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2007-10-11 13:45 31232 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\basicsmssmenu]
2007-10-09 20:21 169328 ----a-w- c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-08-31 15:25 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLPSP]
2007-07-25 20:25 393944 ----a-w- c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLUPDR]
2007-02-22 05:38 140184 ----a-w- c:\program files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 04:12 49152 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2008-10-24 13:14 206112 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2008-10-24 13:14 79136 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 19:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KADxMain]
2006-11-02 20:05 282624 ----a-w- c:\windows\system32\KADxMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 20:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-11-17 08:03 8495104 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2007-11-17 08:03 86016 ----a-w- c:\windows\system32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-11-17 08:03 81920 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-11-17 08:03 1626112 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 16:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-12-13 01:39 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GoogleDesktopManager"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Home Server\\Discovery.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9000:TCP"= 9000:TCP:SqueezeCenter 9000 tcp (UI)
"9090:TCP"= 9090:TCP:SqueezeCenter 9090 tcp (CLI)
"3483:UDP"= 3483:UDP:SqueezeCenter 3483 udp
"3483:TCP"= 3483:TCP:SqueezeCenter 3483 tcp
.
R1 MpKsl933a7a73;MpKsl933a7a73;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BFAA0BB7-E642-4DD7-878B-22258D966D6F}\MpKsl933a7a73.sys [4/29/2011 6:39 PM 28752]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 4:21 PM 79432]
R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [11/19/2008 6:33 PM 140184]
R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe [8/23/2009 29992]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [1/10/2011 1:28 PM 376688]
R3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [9/6/2007 6:53 PM 44784]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 2:32 PM 97536]
S1 MpKsl246de02c;MpKsl246de02c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BFAA0BB7-E642-4DD7-878B-22258D966D6F}\MpKsl246de02c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BFAA0BB7-E642-4DD7-878B-22258D966D6F}\MpKsl246de02c.sys [?]
S1 MpKsl2b628da0;MpKsl2b628da0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B220BF23-551F-4C30-BF28-CD2ECC585598}\MpKsl2b628da0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B220BF23-551F-4C30-BF28-CD2ECC585598}\MpKsl2b628da0.sys [?]
S1 MpKsl3dd7f176;MpKsl3dd7f176;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EDCC654-5B41-498F-8323-9DA004D91564}\MpKsl3dd7f176.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EDCC654-5B41-498F-8323-9DA004D91564}\MpKsl3dd7f176.sys [?]
S1 MpKsl6e8083b7;MpKsl6e8083b7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8451D8F3-0D7A-4F4F-B952-10851081FEE8}\MpKsl6e8083b7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8451D8F3-0D7A-4F4F-B952-10851081FEE8}\MpKsl6e8083b7.sys [?]
S1 MpKsl871e12c5;MpKsl871e12c5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BFAA0BB7-E642-4DD7-878B-22258D966D6F}\MpKsl871e12c5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BFAA0BB7-E642-4DD7-878B-22258D966D6F}\MpKsl871e12c5.sys [?]
S1 MpKsl94aba819;MpKsl94aba819;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04009174-4FFD-4838-8E95-D0C73FD223F1}\MpKsl94aba819.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04009174-4FFD-4838-8E95-D0C73FD223F1}\MpKsl94aba819.sys [?]
S1 MpKsl9ad13350;MpKsl9ad13350;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{58730563-C610-4F2E-86C3-02290F55B7FF}\MpKsl9ad13350.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{58730563-C610-4F2E-86C3-02290F55B7FF}\MpKsl9ad13350.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/25/2009 8:28 PM 133104]
S2 SqueezeMySQL;SqueezeMySQL;c:\progra~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=c:\docume~1\ALLUSE~1\APPLIC~1\SQUEEZ~1\Cache\my.cnf SqueezeMySQL --> c:\progra~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=c:\docume~1\ALLUSE~1\APPLIC~1\SQUEEZ~1\Cache\my.cnf SqueezeMySQL [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/25/2009 8:28 PM 133104]
S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [9/28/2009 9:55 AM 52656]
S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_x32.sys [4/12/2011 2:52 PM 24880]
S3 Simply Accounting Transaction Manager 2010 - CDN;Simply Accounting Transaction Manager 2010 - CDN;c:\program files\winsim\TransactionManager2010 - CDN\Sage_SA.TransactionManager.exe [12/4/2010 42312]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL933A7A73
*Deregistered* - klmd25
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 00:28]
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 00:28]
.
2011-04-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
.
2011-04-29 c:\windows\Tasks\User_Feed_Synchronization-{310D5434-C5A0-4D9C-A942-225662CAEDD9}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/products
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=2071129
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-Document Manager - c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-SecureUpgrade - c:\program files\Wave Systems Corp\SecureUpgrade.exe
MSConfigStartUp-sysav - c:\documents and settings\Scott\Application Data\winav.exe
MSConfigStartUp-YOP - c:\progra~1\Yahoo!\YOP\yop.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-29 20:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: FUJITSU_MHW2120BJ_G2 rev.0085001A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8AB5557B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3050515206-3307044583-2801201446-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
c:\windows\system32\l3codeca.acm
c:\windows\system32\sirenacm.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
.
- - - - - - - > 'lsass.exe'(948)
c:\windows\system32\WININET.dll
.
Completion time: 2011-04-29 20:10:14
ComboFix-quarantined-files.txt 2011-04-30 00:10
.
Pre-Run: 55,740,760,064 bytes free
Post-Run: 56,068,861,952 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - E7A238E0A3998BF227F18511D58A4E7F
C:\Documents and Settings\Scott\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Scott\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Scott\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Scott\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 78467921 bytes
->Flash cache emptied: 4006 bytes

User: NetworkService
->Temp folder emptied: 1156338 bytes
->Temporary Internet Files folder emptied: 27924736 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 4007 bytes

User: Scott
->Temp folder emptied: 209084873 bytes
->Temporary Internet Files folder emptied: 47233072 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 1905008 bytes
->Apple Safari cache emptied: 5773312 bytes
->Flash cache emptied: 3837 bytes

User: SCOTT H

User: user
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 558694 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 16080 bytes

Total Files Cleaned = 355.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Scott
->Flash cache emptied: 0 bytes

User: SCOTT H

User: user

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05062011_224116

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\F981U82W\page__p__2226992__fromsearch__1[1].htm not found!
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

#9 sh333

sh333
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brantford, ON
  • Local time:01:46 AM

Posted 06 May 2011 - 09:58 PM

I meant to ask. This computer is/was hooked up to a HP mediasmart server that the other computers in the house also access. Are the other computers and/or the Mediasmart server at risk also? they have shown no signs of infection as of yet.

Have a great weekend!!

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:46 AM

Posted 07 May 2011 - 08:56 AM

It's possible that they may have become infected. I have no way of knowing without seeing logs.

But I'd like to have you run a new ComboFix scan and post the log it produces.

Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 sh333

sh333
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brantford, ON
  • Local time:01:46 AM

Posted 07 May 2011 - 01:46 PM

ComboFix 11-05-06.05 - Scott 05/07/2011 14:31:22.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1461 [GMT -4:00]
Running from: c:\documents and settings\Scott\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))
.
.
2011-05-07 02:44 . 2011-05-07 02:44 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{792649F5-1140-4677-9F68-157C0DA47F1C}\MpKsl7699f99b.sys
2011-05-07 02:37 . 2011-05-07 02:37 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{792649F5-1140-4677-9F68-157C0DA47F1C}\MpKslaf1956d3.sys
2011-05-07 02:27 . 2011-05-07 02:27 -------- d-----w- C:\_OTL
2011-05-06 03:52 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{792649F5-1140-4677-9F68-157C0DA47F1C}\mpengine.dll
2011-04-30 22:07 . 2011-04-30 22:07 -------- d-----w- c:\documents and settings\Scott\Application Data\SUPERAntiSpyware.com
2011-04-30 22:07 . 2011-04-30 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-30 22:07 . 2011-04-30 22:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-30 04:26 . 2011-04-30 04:26 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-04-30 04:14 . 2011-04-30 22:02 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-30 04:14 . 2011-04-30 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-04-29 04:51 . 2011-04-29 04:51 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-04-29 02:14 . 2011-04-29 02:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-04-24 16:49 . 2011-04-24 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon
2011-04-23 19:17 . 2011-04-25 01:47 -------- d-----w- c:\documents and settings\Scott\Application Data\Nikon
2011-04-23 19:17 . 2011-04-23 19:17 -------- d-----w- c:\documents and settings\Scott\Local Settings\Application Data\Nikon
2011-04-23 19:14 . 2011-04-23 19:14 57344 ----a-r- c:\documents and settings\Scott\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2011-04-23 19:12 . 2011-04-23 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15
2011-04-23 19:12 . 2011-04-23 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp
2011-04-23 18:41 . 2011-04-23 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2011-04-23 18:40 . 2011-04-23 18:40 -------- d-----w- c:\documents and settings\Scott\Application Data\AVS4YOU
2011-04-23 18:37 . 2010-11-19 13:47 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
2011-04-23 18:37 . 2010-11-19 13:47 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
2011-04-23 18:37 . 2011-04-23 18:39 -------- d-----w- c:\program files\Common Files\AVSMedia
2011-04-23 18:37 . 2011-04-23 18:39 -------- d-----w- c:\program files\AVS4YOU
2011-04-23 18:37 . 2010-06-22 13:43 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-04-23 03:46 . 2011-04-23 19:16 -------- d-----w- c:\program files\Nikon
2011-04-23 03:46 . 2011-04-23 19:15 -------- d-----w- c:\program files\Common Files\Nikon
2011-04-12 20:36 . 2011-04-13 15:31 -------- d-----w- c:\documents and settings\Scott\Application Data\VMware
2011-04-12 20:34 . 2011-04-13 15:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VMware
2011-04-12 20:34 . 2011-04-13 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2011-04-12 18:52 . 2011-04-12 18:52 -------- d-----w- c:\program files\PLX Technology
2011-04-12 18:52 . 2010-05-25 12:14 24880 ----a-w- c:\windows\system32\drivers\OXUDIDRV_x32.sys
2011-04-12 18:51 . 2011-04-12 18:51 -------- d-----w- c:\program files\Iomega
2011-04-12 18:51 . 2011-04-12 18:51 -------- d-----w- c:\documents and settings\Scott\Local Settings\Application Data\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-23 19:12 . 2003-03-19 01:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
2011-04-11 07:04 . 2010-12-02 04:30 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-07 05:33 . 2004-08-10 19:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-10 18:51 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-10 18:51 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-10 18:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-10 18:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-10 18:51 385024 ----a-w- c:\windows\system32\html.iec
2011-02-18 20:36 . 2009-05-30 21:19 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-18 20:36 . 2008-09-05 19:58 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-17 13:18 . 2004-08-10 18:51 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-10 18:51 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-15 21:27 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-10 18:50 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2004-08-10 19:01 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53 . 2004-08-10 18:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-10 18:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-10 18:51 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-10 18:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-30_00.05.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-16 00:22 . 2011-04-30 04:52 57368 c:\windows\system32\mlfcache.dat
+ 2007-12-12 22:10 . 2011-04-30 04:54 70240 c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
+ 2007-11-30 01:31 . 2011-05-06 03:17 131831 c:\windows\system32\nvModes.dat
+ 2009-10-03 06:09 . 2011-02-02 22:11 222080 c:\windows\system32\MpSigStub.exe
- 2009-10-03 06:09 . 2010-10-19 20:51 222080 c:\windows\system32\MpSigStub.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"ConnectionManager"="c:\program files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe" [2009-08-23 91432]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2009-6-30 221247]
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2009-4-19 603504]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-12-14 15:37 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Chainlove-Desktop-Alert.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Chainlove-Desktop-Alert.lnk
backup=c:\windows\pss\Chainlove-Desktop-Alert.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Company File Check & Repair.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Company File Check & Repair.lnk
backup=c:\windows\pss\Company File Check & Repair.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office Documents.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office Documents.lnk
backup=c:\windows\pss\Microsoft Office Documents.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^New Business Guide.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\New Business Guide.lnk
backup=c:\windows\pss\New Business Guide.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO HD Edition.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO HD Edition.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SAC-Desktop-Alert.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SAC-Desktop-Alert.lnk
backup=c:\windows\pss\SAC-Desktop-Alert.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Simply Accounting Basic 2007.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Simply Accounting Basic 2007.lnk
backup=c:\windows\pss\Simply Accounting Basic 2007.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Simply Accounting by Sage Help.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Simply Accounting by Sage Help.lnk
backup=c:\windows\pss\Simply Accounting by Sage Help.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SqueezeCenter Tray Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SqueezeCenter Tray Tool.lnk
backup=c:\windows\pss\SqueezeCenter Tray Tool.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Upgrade.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Upgrade.lnk
backup=c:\windows\pss\Upgrade.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 16:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-11-12 20:20 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2007-10-11 13:45 31232 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\basicsmssmenu]
2007-10-09 20:21 169328 ----a-w- c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-08-31 15:25 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLPSP]
2007-07-25 20:25 393944 ----a-w- c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLUPDR]
2007-02-22 05:38 140184 ----a-w- c:\program files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 04:12 49152 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2008-10-24 13:14 206112 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2008-10-24 13:14 79136 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 19:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KADxMain]
2006-11-02 20:05 282624 ----a-w- c:\windows\system32\KADxMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 20:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-11-17 08:03 8495104 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2007-11-17 08:03 86016 ----a-w- c:\windows\system32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-11-17 08:03 81920 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-11-17 08:03 1626112 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 16:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-12-13 01:39 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GoogleDesktopManager"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Home Server\\Discovery.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9000:TCP"= 9000:TCP:SqueezeCenter 9000 tcp (UI)
"9090:TCP"= 9090:TCP:SqueezeCenter 9090 tcp (CLI)
"3483:UDP"= 3483:UDP:SqueezeCenter 3483 udp
"3483:TCP"= 3483:TCP:SqueezeCenter 3483 tcp
.
R1 MpKsl7699f99b;MpKsl7699f99b;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{792649F5-1140-4677-9F68-157C0DA47F1C}\MpKsl7699f99b.sys [5/6/2011 10:44 PM 28752]
R1 MpKslaf1956d3;MpKslaf1956d3;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{792649F5-1140-4677-9F68-157C0DA47F1C}\MpKslaf1956d3.sys [5/6/2011 10:37 PM 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 4:21 PM 79432]
R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [11/19/2008 6:33 PM 140184]
R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe [8/23/2009 29992]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [1/10/2011 1:28 PM 376688]
R3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [9/6/2007 6:53 PM 44784]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 2:32 PM 97536]
S1 MpKsl246de02c;MpKsl246de02c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BFAA0BB7-E642-4DD7-878B-22258D966D6F}\MpKsl246de02c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BFAA0BB7-E642-4DD7-878B-22258D966D6F}\MpKsl246de02c.sys [?]
S1 MpKsl2b628da0;MpKsl2b628da0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B220BF23-551F-4C30-BF28-CD2ECC585598}\MpKsl2b628da0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B220BF23-551F-4C30-BF28-CD2ECC585598}\MpKsl2b628da0.sys [?]
S1 MpKsl3dd7f176;MpKsl3dd7f176;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EDCC654-5B41-498F-8323-9DA004D91564}\MpKsl3dd7f176.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EDCC654-5B41-498F-8323-9DA004D91564}\MpKsl3dd7f176.sys [?]
S1 MpKsl6e8083b7;MpKsl6e8083b7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8451D8F3-0D7A-4F4F-B952-10851081FEE8}\MpKsl6e8083b7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8451D8F3-0D7A-4F4F-B952-10851081FEE8}\MpKsl6e8083b7.sys [?]
S1 MpKsl871e12c5;MpKsl871e12c5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BFAA0BB7-E642-4DD7-878B-22258D966D6F}\MpKsl871e12c5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BFAA0BB7-E642-4DD7-878B-22258D966D6F}\MpKsl871e12c5.sys [?]
S1 MpKsl94aba819;MpKsl94aba819;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04009174-4FFD-4838-8E95-D0C73FD223F1}\MpKsl94aba819.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04009174-4FFD-4838-8E95-D0C73FD223F1}\MpKsl94aba819.sys [?]
S1 MpKsl9ad13350;MpKsl9ad13350;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{58730563-C610-4F2E-86C3-02290F55B7FF}\MpKsl9ad13350.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{58730563-C610-4F2E-86C3-02290F55B7FF}\MpKsl9ad13350.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/25/2009 8:28 PM 133104]
S2 SqueezeMySQL;SqueezeMySQL;c:\progra~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=c:\docume~1\ALLUSE~1\APPLIC~1\SQUEEZ~1\Cache\my.cnf SqueezeMySQL --> c:\progra~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=c:\docume~1\ALLUSE~1\APPLIC~1\SQUEEZ~1\Cache\my.cnf SqueezeMySQL [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/25/2009 8:28 PM 133104]
S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [9/28/2009 9:55 AM 52656]
S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_x32.sys [4/12/2011 2:52 PM 24880]
S3 Simply Accounting Transaction Manager 2010 - CDN;Simply Accounting Transaction Manager 2010 - CDN;c:\program files\winsim\TransactionManager2010 - CDN\Sage_SA.TransactionManager.exe [12/4/2010 42312]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL7699F99B
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]
.
2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 00:28]
.
2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 00:28]
.
2011-05-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
.
2011-05-07 c:\windows\Tasks\User_Feed_Synchronization-{310D5434-C5A0-4D9C-A942-225662CAEDD9}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/products
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=2071129
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-07 14:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3050515206-3307044583-2801201446-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components]
@Denied: (Full) (Everyone)
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
@="Internet Explorer Version Update"
"ComponentID"="IEUDINIT"
"DontAsk"=dword:00000002
"IsInstalled"=dword:00000001
"Locale"="*"
"StubPath"="c:\\WINDOWS\\system32\\ieudinit.exe"
"Version"="8,0,6001,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"DontAsk"=dword:00000002
"Version"="11,0,5721,5145"
"IsInstalled"=dword:00000000
"Stubpath"="c:\\WINDOWS\\inf\\unregmp2.exe /ShowWMP"
@="Windows Media Player"
"ComponentID"="WMPACCESS"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
@="Internet Explorer"
"ComponentID"="IEACCESS"
"Dontask"=dword:00000002
"IsInstalled"=dword:00000001
"Locale"="*"
"StubPath"="c:\\WINDOWS\\system32\\ie4uinit.exe -UserIconConfig"
"Version"="8,0,6001,18702"
"LocalizedName"="@c:\\WINDOWS\\system32\\ie4uinit.exe.mui,-21"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"IsInstalled"=dword:00000001
"Locale"="*"
"LocalizedName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3052"
"StubPath"="\"c:\\WINDOWS\\system32\\rundll32.exe\" \"c:\\WINDOWS\\system32\\iedkcs32.dll\",BrandIEActiveSetup SIGNUP"
"Version"="8,0,6001,18702"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
@="Browser Customizations"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
"Version"="6,0,2900,2180"
"Locale"="*"
"IsInstalled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
@="Outlook Express"
"ComponentID"="OEACCESS"
"Dontask"=dword:00000002
"IsInstalled"=dword:00000001
"Locale"="*"
"StubPath"=expand:"%systemroot%\\system32\\shmgrate.exe OCInstallUserConfigOE"
"Version"="2,0,0,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
@="Java (Sun)"
"ComponentID"="JAVAVM"
"IsInstalled"=dword:00000001
"KeyFileName"="c:\\Program Files\\Java\\jre6\\bin\\regutils.dll"
"Version"="5,0,5000,0"
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
@="Vector Graphics Rendering (VML)"
"ComponentID"="MSVML"
"Version"="6,0,2462,0001"
"IsInstalled"=hex:01,00,00,00
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
@=""
"ComponentID"="NetShow"
"IsInstalled"=dword:00000001
"DontAsk"=dword:00000002
"Locale"="EN"
"StubPath"=""
"Version"="11,0,5721,5145"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"ComponentID"="Microsoft Windows Media Player"
"DontAsk"=dword:00000002
"Locale"="ENU"
"StubPath"=""
"IsInstalled"=dword:00000001
@="Microsoft Windows Media Player 6.4"
"Version"="11,0,5721,5145"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
@="DirectAnimation"
"IsInstalled"=dword:00000001
"Version"="6,0,3,531"
"Locale"="EN"
"ComponentID"="DirectAnimation"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2A3320D6-C805-4280-B423-B665BDE33D8F}]
"ComponentID"="M979906"
@="Microsoft .NET Framework 1.1 Security Update (KB979906)"
"Version"="1,1,4322"
"Locale"="*"
"IsInstalled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
@="Themes Setup"
"ComponentID"="Theme Component"
"IsInstalled"=dword:00000001
"Locale"="EN"
"StubPath"=expand:"%SystemRoot%\\system32\\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\\system32\\themeui.dll"
"Version"="1,1,1,7"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}]
"IsInstalled"=dword:00000001
"Version"="1,1,4322"
"Locale"="*"
"ComponentID"="M2416447"
@="Microsoft .NET Framework 1.1 Security Update (KB2416447)"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
@="Dynamic HTML Data Binding for Java"
"ComponentID"="TridataJava"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,7,0,0320"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"Version"="8,0,6001,18702"
@="Offline Browsing Pack"
"ComponentID"="MobilePk"
"IsInstalled"=dword:00000001
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
@="Uniscribe"
"ComponentID"="USP10"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="1,397,2406,1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="1,1,4322"
"ComponentID"="S867460"
@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
@="Advanced Authoring"
"ComponentID"="AdvAuth"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,0,2900,2180"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"Version"="6,0,2900,5512"
@="Microsoft Outlook Express 6"
"IsInstalled"=dword:00000001
"Locale"="EN"
"ComponentID"="MailNews"
"CloneUser"=dword:00000001
"StubPath"=expand:"\"%ProgramFiles%\\Outlook Express\\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"IsInstalled"=hex:01,00,00,00
"Version"="4,4,0,3400"
"Locale"="EN"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\msnetmtg.inf,NetMtg.Install.PerUser.NT"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
@="DirectShow"
"ComponentID"="activemovie"
"IsInstalled"=dword:00000001
"DontAsk"=dword:00000002
"Locale"="EN"
"Version"="11,0,5721,5145"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,71,1113,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
@="Internet Explorer Help"
"ComponentID"="HelpCont"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="8,0,6001,18702"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
@="DirectAnimation Java Classes"
"ComponentID"="DAJava"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,00,01,0223"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
@="Microsoft Windows Script 5.8"
"ComponentID"="MSVBScript"
"IsInstalled"=dword:00000001
"Locale"="EN"
"Version"="5,8,6001,23141"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
@="Security Update for Windows XP (KB923789)"
"IsInstalled"=dword:00000001
"Version"="6,0,88,0"
"ComponentID"="KB923789"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\msmsgs.inf,BLC.QuietInstall.PerUser"
"Locale"="EN"
"Version"="4,7,0,3000"
"IsInstalled"=dword:00000001
"KeyFileName"="c:\\Program Files\\Messenger\\msmsgs.exe"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="5,00,2918,1900"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="8,0,6001,18702"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"Version"="8,0,6001,18702"
@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"IsInstalled"=dword:00000001
"Locale"="*"
"KeyFileName"="c:\\WINDOWS\\system32\\msieftp.dll"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"DontAsk"=dword:00000002
"Locale"="ENU"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\wmp11.inf,PerUserStub"
"IsInstalled"=dword:00000001
"Version"="11,0,5721,5145"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
@="MSN Site Access"
"ComponentID"="MSN_Auth"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,9,9,2"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"ComponentID"=".NETFramework"
@=".NET Framework"
"Locale"=""
"Version"="2,0,50727,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
"Version"="10,0,0,1"
@="Web Folders"
"Locale"="*"
"IsInstalled"=dword:00000001
"ComponentID"="WebFolders"
"StubPath"=""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"Version"="6,0,2900,5512"
@="Address Book 6"
"IsInstalled"=dword:00000001
"Locale"="EN"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\\Outlook Express\\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"Version"="6,0,2900,2180"
@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"IsInstalled"=dword:00000001
"Locale"="en"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"Version"="8,0,6001,18702"
@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"IsInstalled"=dword:00000001
"Locale"="en"
"StubPath"="c:\\WINDOWS\\system32\\ie4uinit.exe -BaseSettings"
"LocalizedName"="@c:\\WINDOWS\\system32\\ie4uinit.exe.mui,-20"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"ComponentID"="DOTNETFRAMEWORKS"
"IsInstalled"=dword:00000001
"StubPath"="c:\\WINDOWS\\system32\\Rundll32.exe c:\\WINDOWS\\system32\\mscories.dll,Install"
"Version"="1,1,0,5000"
"DontAsk"=dword:00000002
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
@="Fax"
"ComponentID"="Fax"
"IsInstalled"=dword:00000001
"DontAsk"=dword:00000002
"Version"="5.1"
"Locale"="EN"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\fxsocm.inf,Fax.Install.PerUser"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="8,0,6001,18702"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
@="Fax Provider"
"ComponentID"="Fax Provider"
"IsInstalled"=dword:00000001
"DontAsk"=dword:00000002
"Version"="5.1"
"Locale"="EN"
"StubPath"=""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
"Locale"=""
"Version"="2,0,50727,0"
"ComponentID"=".NETFramework"
@=".NET Framework"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
"Locale"=""
"Version"="2,0,50727,0"
"ComponentID"=".NETFramework"
@=".NET Framework"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="8,0,6001,18702"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
"Locale"=""
"Version"="1,0,4322,1"
"ComponentID"=".NETFramework"
@=".NET Framework"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
@="Task Scheduler"
"ComponentID"="MSTASK"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,71,1968,1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"
"IsInstalled"=hex:01,00,00,00
"Version"="2,1,4026,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@="Adobe Flash Player"
"ComponentID"="Flash"
"IsInstalled"=hex:01,00,00,00
"Version"="10.0.42.34"
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
@="HTML Help"
"ComponentID"="HTMLHelp"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,0,6001,18702"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
@="Active Directory Service Interface"
"ComponentID"="ADSI"
"IsInstalled"=hex:01,00,00,00
"Locale"="EN"
"Version"="5,0,00,0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(864)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
c:\windows\system32\l3codeca.acm
c:\windows\system32\sirenacm.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
.
- - - - - - - > 'explorer.exe'(3672)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-07 14:42:26
ComboFix-quarantined-files.txt 2011-05-07 18:42
ComboFix2.txt 2011-04-30 00:10
.
Pre-Run: 55,923,392,512 bytes free
Post-Run: 55,905,116,160 bytes free
.
- - End Of File - - DF441395ABA7592A7FDB2573A00B38AC

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:46 AM

Posted 07 May 2011 - 02:13 PM

Hi sh333!

Your ComboFix log looks good!

Lets see what these scans find:


Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:


Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 sh333

sh333
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brantford, ON
  • Local time:01:46 AM

Posted 07 May 2011 - 02:14 PM

The computer seems to be working more consistently now. MSE was able to DL the latest update. Windows firewall has been re-instated also. It would not turn back on previously.

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:46 AM

Posted 07 May 2011 - 02:22 PM

That's great! I'm glad to hear that things are running better for you. :)

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 sh333

sh333
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brantford, ON
  • Local time:01:46 AM

Posted 07 May 2011 - 02:30 PM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6528

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/7/2011 3:23:33 PM
mbam-log-2011-05-07 (15-23-33).txt

Scan type: Quick scan
Objects scanned: 170116
Time elapsed: 5 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users