Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Googke Searches Crash Browser


  • This topic is locked This topic is locked
12 replies to this topic

#1 Kon

Kon

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 01 June 2011 - 05:15 PM

Browsers crash whenever I try to search anything using google or any other search engine.

Attached File  attach.txt   17.79KB   0 downloadsAttached File  ark.txt   6.51KB   1 downloads
Attached File  dds.txt   16.17KB   5 downloads

.
DDS (Ver_2011-06-01.06) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Hope at 13:50:21 on 2011-06-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.622 [GMT -7:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP Wireless Multimedia Keyboard and Mouse\KMaestro.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 1\firefox.exe
C:\Program Files\Secunia\PSI\sua.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z013&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\prxtbTog2.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\prxtbTog2.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [<NO NAME>]
uRun: [ATI Launchpad]
uRun: [ATI Remote Control] c:\program files\ati multimedia\remctrl\ATIRW.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\documents and settings\hope\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [BtcMaestro] "c:\program files\hp wireless multimedia keyboard and mouse\KMaestro.exe"
mRun: [DT HPW] c:\program files\portrait displays\hp my display\DTHtml.exe -startup_folder
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [<NO NAME>]
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {44226DFF-747E-4edc-B30C-78752E50CD0C} - {44226DFF-747E-4edc-B30C-78752E50CD0C} - c:\program files\ati multimedia\dtv\EXPLBAR.DLL
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250406442232
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252830992640
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{35FC259F-B71A-484A-9D16-D03700CB48CD} : DhcpNameServer = 192.168.1.254
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: itlntfy - itlnfw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hope\application data\mozilla\firefox\profiles\jo4gi7v8.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z013&form=ZGAADF&q=
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\hope\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\hope\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 1\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 1\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 1\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 1\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 1\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 1\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 1\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 1\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 1\plugins\npqtplugin7.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\rayv\rayv\plugins\nprayvplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-1-2 11608]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-1-2 249616]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-1-2 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-1-2 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-2 61960]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2011-1-2 160448]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2011-1-2 287024]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-8-15 583640]
R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\system32\svchost.exe -k netsvcs [2001-8-23 14336]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2010-12-21 987704]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2010-12-21 399416]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2011-1-2 89192]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2011-1-2 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2011-1-2 124992]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 st3bus28;st3bus28;c:\windows\system32\drivers\st3bus28.sys [2002-12-28 8416]
R3 st3mp28;st3mp28;c:\windows\system32\drivers\st3mp28.sys [2002-12-28 95328]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-24 135664]
S2 itlperf;Intel CPU;c:\windows\system32\svchost.exe -k itlsvc [2001-8-23 14336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-24 135664]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [2011-3-6 29184]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-2-26 19056]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2011-1-2 57536]
S3 V0510Dev;Rocketfish Webcam VF0510 Driver;c:\windows\system32\drivers\V0510Vid.sys [2009-9-3 254080]
S3 V0510Vfx;Rocketfish Webcam VF0510 Video VFX Driver;c:\windows\system32\drivers\V0510Vfx.sys [2009-9-3 7424]
.
=============== Created Last 30 ================
.
2011-05-30 22:22:43 -------- d-----w- c:\documents and settings\hope\application data\PriceGong
2011-05-29 01:49:17 59888 ------w- c:\windows\system32\pxwma.dll
2011-05-29 01:41:07 -------- d-----w- c:\documents and settings\hope\application data\libimobiledevice
2011-05-29 01:40:58 -------- d-----w- c:\documents and settings\hope\.config
2011-05-28 17:10:13 -------- d-----w- c:\program files\iPod
2011-05-28 17:10:09 -------- d-----w- c:\program files\iTunes
2011-05-28 17:06:56 -------- d-----w- c:\program files\Bonjour
2011-05-28 04:00:36 713312 ----a-w- c:\windows\system32\ijjiSetup.exe
2011-05-28 04:00:36 62048 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2011-05-28 04:00:29 -------- d-----w- c:\program files\REACTOR
.
==================== Find3M ====================
.
2011-04-13 17:54:14 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-06 23:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 23:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 19:44:14 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
2011-03-04 19:44:14 133616 ------w- c:\windows\system32\pxafs.dll
2011-03-04 19:44:12 126448 ------w- c:\windows\system32\pxinsi64.exe
2011-03-04 19:44:12 123888 ------w- c:\windows\system32\pxcpyi64.exe
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6L080L0 rev.BAJ41G20 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A2404D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a2467f0]; MOV EAX, [0x8a24686c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A259AB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000074[0x8A264F18]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E37D5] -> [0x8A28F940]
\Driver\atapi[0x8A208DF0] -> IRP_MJ_CREATE -> 0x8A2404D0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A24031B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 13:53:10.73 ===============

Attached Files


Edited by Noviciate, 02 June 2011 - 02:51 PM.
Added DDS log from attachment.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:03 AM

Posted 02 June 2011 - 02:53 PM

Good evening. :)

Download aswMBR.exe from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Scan button to, well, start the scan - obvious really!
  • Once the scan reports "Scan finished successfully", which takes less than a minute on my system, click Save log.
  • On my system it offers to save it to the Desktop, which may or may not be it's default behaviour, but it's as handy a place as any.
  • You'll also see a file called MBR.dat appear as well - this is a backup that it created, just in case it's needed. Keep it handy for now.

I'd like the contents of aswMBR.txt in your next reply, if you'd be so kind.

So long, and thanks for all the fish.

 

 


#3 Kon

Kon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 02 June 2011 - 03:02 PM

Hello,
aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-06-02 13:01:00
-----------------------------
13:01:00.734 OS Version: Windows 5.1.2600 Service Pack 3
13:01:00.734 Number of processors: 1 586 0x209
13:01:00.734 ComputerName: PERSONAL UserName: Hope
13:01:01.312 Initialize success
13:01:10.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:01:10.531 Disk 0 Vendor: Maxtor_6L080L0 BAJ41G20 Size: 78167MB BusType: 3
13:01:10.531 Device \Driver\atapi -> DriverStartIo 8a24031b
13:01:12.546 Disk 0 MBR read successfully
13:01:12.546 Disk 0 MBR scan
13:01:12.546 Disk 0 TDL4@MBR code has been found
13:01:12.546 Disk 0 Windows XP default MBR code found via API
13:01:12.546 Disk 0 MBR hidden
13:01:12.546 Disk 0 MBR [TDL4] **ROOTKIT**
13:01:12.546 Disk 0 trace - called modules:
13:01:12.562 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a2404d0]<<
13:01:12.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a259ab8]
13:01:12.562 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000074[0x8a264f18]
13:01:12.562 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> [0x8a28f940]
13:01:12.921 \Driver\atapi[0x8a208df0] -> IRP_MJ_CREATE -> 0x8a2404d0
13:01:12.921 Scan finished successfully
13:01:30.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Hope\Desktop\MBR.dat"
13:01:30.937 The log file has been saved successfully to "C:\Documents and Settings\Hope\Desktop\aswMBR.txt"

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:03 AM

Posted 02 June 2011 - 03:32 PM

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.

  • You will then need to extract the file(s) from the zipped folder.
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish

  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
  • If the scan finds nothing, please click the Report button and let me have a copy of the text file that opens.
  • If you reboot your machine, the log, which i'd like to see, will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.
    Please check that you get the one with the right date and time. :)

So long, and thanks for all the fish.

 

 


#5 Kon

Kon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 02 June 2011 - 04:02 PM

2011/06/02 13:56:34.0234 2220 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/02 13:56:35.0734 2220 ================================================================================
2011/06/02 13:56:35.0734 2220 SystemInfo:
2011/06/02 13:56:35.0734 2220
2011/06/02 13:56:35.0734 2220 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/02 13:56:35.0734 2220 Product type: Workstation
2011/06/02 13:56:35.0734 2220 ComputerName: PERSONAL
2011/06/02 13:56:35.0734 2220 UserName: Hope
2011/06/02 13:56:35.0734 2220 Windows directory: C:\WINDOWS
2011/06/02 13:56:35.0734 2220 System windows directory: C:\WINDOWS
2011/06/02 13:56:35.0734 2220 Processor architecture: Intel x86
2011/06/02 13:56:35.0734 2220 Number of processors: 1
2011/06/02 13:56:35.0734 2220 Page size: 0x1000
2011/06/02 13:56:35.0734 2220 Boot type: Normal boot
2011/06/02 13:56:35.0734 2220 ================================================================================
2011/06/02 13:56:38.0218 2220 Initialize success
2011/06/02 13:56:45.0828 3344 ================================================================================
2011/06/02 13:56:45.0828 3344 Scan started
2011/06/02 13:56:45.0828 3344 Mode: Manual;
2011/06/02 13:56:45.0828 3344 ================================================================================
2011/06/02 13:56:48.0312 3344 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/02 13:56:48.0453 3344 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/02 13:56:48.0718 3344 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/02 13:56:48.0890 3344 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/02 13:56:49.0078 3344 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/02 13:56:49.0640 3344 ALCXWDM (35045a23957a71ba649740741e69408c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/06/02 13:56:50.0171 3344 APLMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\WINDOWS\system32\Drivers\APLMp50.sys
2011/06/02 13:56:50.0703 3344 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/02 13:56:50.0843 3344 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/02 13:56:51.0171 3344 ATI Remote Wonder II (368be3db3a6b9621df51216d323cda23) C:\WINDOWS\system32\drivers\ATIRWVD.SYS
2011/06/02 13:56:51.0421 3344 ati2mtag (07ac9a98ea70b5a6655a5797174bd282) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/06/02 13:56:51.0703 3344 atinevxx (355922be5c5f9dce2008e1790bf630ea) C:\WINDOWS\system32\DRIVERS\atinevxx.sys
2011/06/02 13:56:51.0906 3344 ATITUNEP (0f60b783135e96d5941d4f0eba467731) C:\WINDOWS\system32\DRIVERS\atineuxx.sys
2011/06/02 13:56:52.0078 3344 ativraxx (856768f5c63f0267449d7c6e35a460ca) C:\WINDOWS\system32\DRIVERS\atinraxx.sys
2011/06/02 13:56:52.0218 3344 ATIXSAudio (8542aafa29b086dcf5c552f2de7d8001) C:\WINDOWS\system32\DRIVERS\atinesxx.sys
2011/06/02 13:56:52.0390 3344 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/02 13:56:52.0562 3344 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/02 13:56:52.0671 3344 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/06/02 13:56:52.0812 3344 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/06/02 13:56:53.0000 3344 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/06/02 13:56:53.0156 3344 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
2011/06/02 13:56:53.0468 3344 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/02 13:56:54.0203 3344 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/02 13:56:54.0593 3344 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/02 13:56:54.0859 3344 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/02 13:56:55.0046 3344 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/02 13:56:55.0218 3344 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/02 13:56:55.0968 3344 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/02 13:56:56.0343 3344 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/02 13:56:56.0531 3344 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/02 13:56:56.0687 3344 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/02 13:56:56.0875 3344 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/02 13:56:57.0187 3344 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/02 13:56:57.0578 3344 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
2011/06/02 13:56:57.0765 3344 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/02 13:56:57.0937 3344 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/02 13:56:58.0109 3344 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/02 13:56:58.0265 3344 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/02 13:56:58.0500 3344 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/02 13:56:58.0671 3344 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
2011/06/02 13:56:58.0828 3344 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/02 13:56:58.0937 3344 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/02 13:56:59.0125 3344 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/02 13:56:59.0296 3344 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/02 13:56:59.0500 3344 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/02 13:56:59.0859 3344 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/02 13:57:00.0046 3344 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/02 13:57:00.0187 3344 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/02 13:57:00.0406 3344 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
2011/06/02 13:57:00.0640 3344 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
2011/06/02 13:57:00.0859 3344 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
2011/06/02 13:57:01.0062 3344 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/02 13:57:01.0453 3344 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/02 13:57:01.0640 3344 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/02 13:57:02.0156 3344 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/02 13:57:02.0343 3344 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/02 13:57:02.0484 3344 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/02 13:57:02.0609 3344 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/02 13:57:02.0765 3344 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/02 13:57:02.0921 3344 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/02 13:57:03.0109 3344 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/02 13:57:03.0265 3344 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/02 13:57:03.0453 3344 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
2011/06/02 13:57:03.0640 3344 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/02 13:57:03.0796 3344 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/02 13:57:03.0953 3344 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/02 13:57:04.0109 3344 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/02 13:57:04.0390 3344 libusb0 (d1598203b19b4922531a8bd6811547f7) C:\WINDOWS\system32\DRIVERS\libusb0.sys
2011/06/02 13:57:04.0546 3344 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/02 13:57:04.0703 3344 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/02 13:57:04.0875 3344 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/02 13:57:05.0109 3344 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/02 13:57:05.0265 3344 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/02 13:57:05.0437 3344 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/02 13:57:05.0687 3344 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/02 13:57:05.0875 3344 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/02 13:57:06.0109 3344 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/02 13:57:06.0296 3344 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/02 13:57:06.0453 3344 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/02 13:57:06.0578 3344 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/02 13:57:06.0734 3344 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/02 13:57:06.0921 3344 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/02 13:57:07.0093 3344 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/02 13:57:07.0250 3344 MVDCODEC (d181968825d24dbbe8c3ee6ec44a3062) C:\WINDOWS\system32\DRIVERS\atinmdxx.sys
2011/06/02 13:57:07.0437 3344 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/02 13:57:07.0671 3344 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/02 13:57:07.0843 3344 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/02 13:57:08.0000 3344 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/02 13:57:08.0156 3344 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/02 13:57:08.0328 3344 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/02 13:57:08.0468 3344 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/02 13:57:08.0625 3344 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/02 13:57:08.0796 3344 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/02 13:57:09.0078 3344 nocashio (03bba4dedefb48c510061529651b453a) C:\WINDOWS\system32\drivers\nocashio.sys
2011/06/02 13:57:09.0218 3344 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/02 13:57:09.0453 3344 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/02 13:57:10.0000 3344 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/02 13:57:10.0531 3344 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/02 13:57:10.0843 3344 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/02 13:57:11.0000 3344 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/02 13:57:11.0171 3344 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/02 13:57:11.0328 3344 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/02 13:57:11.0453 3344 pbfilter (61a5701e3f543861b21bbe0932c4cc03) C:\Program Files\PeerBlock\pbfilter.sys
2011/06/02 13:57:11.0625 3344 PCDCODEC (2287585a1d1944e8fa3295702d10ec5c) C:\WINDOWS\system32\DRIVERS\atinpdxx.sys
2011/06/02 13:57:11.0828 3344 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/02 13:57:12.0093 3344 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/02 13:57:12.0250 3344 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/02 13:57:12.0453 3344 PCTAppEvent (f767f3b35c3ecf8a60b2a65beec50ef5) C:\WINDOWS\system32\drivers\PCTAppEvent.sys
2011/06/02 13:57:12.0609 3344 PCTFW-PacketFilter (58db891ca76a2d49e33ba9fa13b86c89) C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys
2011/06/02 13:57:12.0796 3344 pctgntdi (b76c829f00b9b534405b4ed5f58b8f52) C:\WINDOWS\system32\drivers\pctgntdi.sys
2011/06/02 13:57:12.0984 3344 pctNdis (3ec79cfb2e0e74aada8b561ed8904577) C:\WINDOWS\system32\DRIVERS\pctNdis.sys
2011/06/02 13:57:13.0015 3344 pctNdisMP (3ec79cfb2e0e74aada8b561ed8904577) C:\WINDOWS\system32\DRIVERS\pctNdis.sys
2011/06/02 13:57:13.0187 3344 pctplfw (78d871114e7cb3115e058d1f85751c7f) C:\WINDOWS\system32\drivers\pctplfw.sys
2011/06/02 13:57:13.0609 3344 pdiddcci (d1fc85a4880539657bb4d3775da0c541) C:\WINDOWS\system32\DRIVERS\pdiddcci.sys
2011/06/02 13:57:13.0765 3344 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\WINDOWS\system32\Drivers\PdiPorts.sys
2011/06/02 13:57:14.0421 3344 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys
2011/06/02 13:57:14.0609 3344 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/02 13:57:14.0781 3344 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/02 13:57:14.0937 3344 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/02 13:57:15.0125 3344 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2011/06/02 13:57:15.0265 3344 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/02 13:57:15.0453 3344 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys
2011/06/02 13:57:15.0609 3344 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/06/02 13:57:17.0500 3344 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/02 13:57:17.0656 3344 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/02 13:57:17.0828 3344 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/02 13:57:18.0000 3344 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/02 13:57:18.0156 3344 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/02 13:57:18.0375 3344 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/02 13:57:18.0546 3344 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/02 13:57:18.0734 3344 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/02 13:57:18.0921 3344 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/02 13:57:19.0125 3344 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
2011/06/02 13:57:19.0328 3344 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/06/02 13:57:19.0500 3344 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/06/02 13:57:19.0687 3344 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/02 13:57:19.0828 3344 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/02 13:57:20.0000 3344 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/02 13:57:20.0156 3344 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/02 13:57:20.0484 3344 SiS315 (c10865ab0a1fd9f4ec7db70a1b8425d1) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2011/06/02 13:57:20.0640 3344 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/02 13:57:20.0828 3344 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
2011/06/02 13:57:21.0156 3344 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/02 13:57:21.0343 3344 sptd (a199171385be17973fd800fa91f8f78a) C:\WINDOWS\System32\Drivers\sptd.sys
2011/06/02 13:57:21.0562 3344 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/02 13:57:21.0718 3344 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/02 13:57:21.0906 3344 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/06/02 13:57:22.0046 3344 st3bus28 (50f8e144c69a798623e52a514eed9e06) C:\WINDOWS\system32\DRIVERS\st3bus28.sys
2011/06/02 13:57:22.0171 3344 st3mp28 (0bbb23ddb8d25e1d4d68b757a714d653) C:\WINDOWS\system32\DRIVERS\st3mp28.sys
2011/06/02 13:57:22.0421 3344 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/06/02 13:57:23.0031 3344 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/02 13:57:23.0484 3344 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/02 13:57:23.0703 3344 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/02 13:57:24.0343 3344 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/02 13:57:24.0531 3344 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/02 13:57:24.0718 3344 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/02 13:57:24.0921 3344 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/02 13:57:25.0062 3344 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/02 13:57:25.0250 3344 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
2011/06/02 13:57:25.0515 3344 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/02 13:57:25.0765 3344 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/02 13:57:26.0062 3344 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/06/02 13:57:26.0203 3344 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/02 13:57:26.0406 3344 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/02 13:57:26.0546 3344 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/02 13:57:26.0718 3344 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/02 13:57:27.0093 3344 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/02 13:57:27.0218 3344 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/02 13:57:27.0375 3344 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/02 13:57:27.0500 3344 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/02 13:57:27.0640 3344 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/06/02 13:57:27.0843 3344 V0510Dev (004415a34b5dc881eaefb860c4b22c24) C:\WINDOWS\system32\DRIVERS\V0510Vid.sys
2011/06/02 13:57:28.0031 3344 V0510Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\V0510Vfx.sys
2011/06/02 13:57:28.0234 3344 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
2011/06/02 13:57:28.0437 3344 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/02 13:57:28.0968 3344 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/02 13:57:29.0578 3344 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/02 13:57:30.0078 3344 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/06/02 13:57:30.0468 3344 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/02 13:57:30.0656 3344 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
2011/06/02 13:57:30.0937 3344 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/02 13:57:31.0093 3344 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/02 13:57:31.0250 3344 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/02 13:57:31.0421 3344 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\WINDOWS\system32\DRIVERS\xusb21.sys
2011/06/02 13:57:31.0515 3344 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/06/02 13:57:31.0531 3344 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/02 13:57:31.0531 3344 ================================================================================
2011/06/02 13:57:31.0531 3344 Scan finished
2011/06/02 13:57:31.0531 3344 ================================================================================
2011/06/02 13:57:31.0562 0476 Detected object count: 1
2011/06/02 13:57:31.0562 0476 Actual detected object count: 1
2011/06/02 13:57:42.0421 0476 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/02 13:57:42.0421 0476 \Device\Harddisk0\DR0 - ok
2011/06/02 13:57:42.0421 0476 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/02 13:57:47.0921 4056 Deinitialize success

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:03 AM

Posted 03 June 2011 - 02:29 PM

Good evening. :)

Reboot the PC, if you haven't already, and then take it for a spin and tell me how it's behaving.

So long, and thanks for all the fish.

 

 


#7 Kon

Kon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 03 June 2011 - 03:13 PM

Hi, I haven't encountered any problems yet. Google searches don't crash my browsers anymore. Also, I forgot to mention something about a "General Win32 Process" error that used to pop up randomly that I think these steps have fixed.

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:03 AM

Posted 03 June 2011 - 03:16 PM

OK, run the PC for a day or two and then do the following:

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

Will you also throw in a fresh DDS log and let me know how the PC is behaving.

So long, and thanks for all the fish.

 

 


#9 Kon

Kon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 04 June 2011 - 08:24 AM

I don't really have any problems when searching the web and other general activities on the computer, but things have shown up on the eset scan.
C:\Documents and Settings\Hope\Application Data\Sun\Java\Deployment\cache\6.0\3\73428103-29c077a4 multiple threats
C:\Documents and Settings\Hope\Local Settings\Temp\OpenCandy\OCSetupHlp.dll Win32/OpenCandy application
C:\Program Files\Mozilla Firefox 4.0 Beta 1\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\chrome\questbrowse.jar Win32/Adware.OneStep application
C:\Program Files\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application

.
DDS (Ver_2011-06-01.06) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Hope at 23:10:01 on 2011-06-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.744 [GMT -7:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP Wireless Multimedia Keyboard and Mouse\KMaestro.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Secunia\PSI\sua.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z013&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\prxtbTog2.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\prxtbTog2.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [<NO NAME>]
uRun: [ATI Launchpad]
uRun: [ATI Remote Control] c:\program files\ati multimedia\remctrl\ATIRW.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\documents and settings\hope\local settings\application data\google\update\GoogleUpdate.exe" /c
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10p_Plugin.exe -update plugin
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [BtcMaestro] "c:\program files\hp wireless multimedia keyboard and mouse\KMaestro.exe"
mRun: [DT HPW] c:\program files\portrait displays\hp my display\DTHtml.exe -startup_folder
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [<NO NAME>]
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {44226DFF-747E-4edc-B30C-78752E50CD0C} - {44226DFF-747E-4edc-B30C-78752E50CD0C} - c:\program files\ati multimedia\dtv\EXPLBAR.DLL
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250406442232
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252830992640
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{35FC259F-B71A-484A-9D16-D03700CB48CD} : DhcpNameServer = 192.168.1.254
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: itlntfy - itlnfw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hope\application data\mozilla\firefox\profiles\jo4gi7v8.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z013&form=ZGAADF&q=
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\hope\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\hope\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 1\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 1\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 1\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 1\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 1\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 1\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 1\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 1\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 1\plugins\npqtplugin7.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\rayv\rayv\plugins\nprayvplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-1-2 11608]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-1-2 249616]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-1-2 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-1-2 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-2 61960]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2011-1-2 160448]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2011-1-2 287024]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-8-15 583640]
R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\system32\svchost.exe -k netsvcs [2001-8-23 14336]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2010-12-21 987704]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2010-12-21 399416]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2011-1-2 89192]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2011-1-2 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2011-1-2 124992]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 st3bus28;st3bus28;c:\windows\system32\drivers\st3bus28.sys [2002-12-28 8416]
R3 st3mp28;st3mp28;c:\windows\system32\drivers\st3mp28.sys [2002-12-28 95328]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-24 135664]
S2 itlperf;Intel CPU;c:\windows\system32\svchost.exe -k itlsvc [2001-8-23 14336]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-24 135664]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [2011-3-6 29184]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2011-1-2 57536]
S3 V0510Dev;Rocketfish Webcam VF0510 Driver;c:\windows\system32\drivers\V0510Vid.sys [2009-9-3 254080]
S3 V0510Vfx;Rocketfish Webcam VF0510 Video VFX Driver;c:\windows\system32\drivers\V0510Vfx.sys [2009-9-3 7424]
.
=============== Created Last 30 ================
.
2011-05-30 22:22:43 -------- d-----w- c:\documents and settings\hope\application data\PriceGong
2011-05-29 01:49:17 59888 ------w- c:\windows\system32\pxwma.dll
2011-05-29 01:41:07 -------- d-----w- c:\documents and settings\hope\application data\libimobiledevice
2011-05-29 01:40:58 -------- d-----w- c:\documents and settings\hope\.config
2011-05-28 17:10:13 -------- d-----w- c:\program files\iPod
2011-05-28 17:10:09 -------- d-----w- c:\program files\iTunes
2011-05-28 17:06:56 -------- d-----w- c:\program files\Bonjour
2011-05-28 04:00:36 713312 ----a-w- c:\windows\system32\ijjiSetup.exe
2011-05-28 04:00:36 62048 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2011-05-28 04:00:29 -------- d-----w- c:\program files\REACTOR
.
==================== Find3M ====================
.
2011-04-13 17:54:14 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-06 23:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 23:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
============= FINISH: 23:11:45.26 ===============

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:03 AM

Posted 04 June 2011 - 02:03 PM

Good evening. :)

You've got some leftover traces of nothingness that might as well be removed, so we'll tidy up what we can with what we've got and then you'll need to run one last log creating tool and once we've used it to clean house, that should be that.

Your copy of Adobe Reader is out of date. You can get the latest version here, feel free to uncheck the McAfee download first, or you can update from within the program itself: Help > Check for Updates...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your version of Sun Java needs updating:

1) Go here and click on the Windows XP/Vista/2000/2003/2008 Offline link in the Windows section near the top and save it to your Desktop.

2) Download JavaRa from here and save it to your Desktop.
You will need to extract the file(s):

Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


***Please close any instances of Internet Explorer before continuing!***

  • Double-click JavaRa.exe to begin.
  • Pick your preferred language from the drop-down menu and click Select.
  • Click on Remove Older Versions to remove older version of Java - obvious really, isn't it!
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location, just in case you have any problems with Java afterwards.
3) Run the installer that you downloaded earlier.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Go to Start > Control Panel > Add/Remove Programs and remove the following:

Search Toolbar

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download TFC by OldTimer from here and save it to your Desktop.

  • You will need to close all open programs and save any work as TFC will require a reboot.
  • Double-click TFC.exe to run it. (Note: If you are using Vista, right-click the file and select Run As Administrator from the menu that appears).
  • Click the Start button to begin. Depending on how often you clean temp files, execution time could be anywhere from a few seconds to a minute or two - just sit back and enjoy the view.
  • Once it has finished it should reboot your PC all by itself. If it does not, please manually reboot.
  • Once rebooted your PC will run like a Cray supercomputer, or at least have less junk on the hard drive - OT's not a miracle worker you know!
  • Please note that this tool will empty the Recycle Bin as part of it's actions. If you have anything in there that you haven't finished with, move it first.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

So long, and thanks for all the fish.

 

 


#11 Kon

Kon
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 04 June 2011 - 11:49 PM

OTL logfile created on: 6/4/2011 9:41:32 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Hope\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 51.61% Memory free
2.97 Gb Paging File | 2.45 Gb Available in Paging File | 82.32% Paging File free
Paging file location(s): C:\pagefile.sys 1908 3816 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 13.31 Gb Free Space | 17.44% Space Free | Partition Type: NTFS

Computer Name: PERSONAL | User Name: Hope | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/04 21:41:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hope\Desktop\OTL.scr
PRC - [2011/06/01 13:28:05 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 1\firefox.exe
PRC - [2011/04/27 19:34:18 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/16 21:33:49 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/12/21 05:04:30 | 000,987,704 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2010/12/21 05:04:30 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2010/12/21 05:04:30 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/12/13 09:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/29 12:55:44 | 002,676,696 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2010/11/17 11:29:38 | 000,287,024 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/11/12 14:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/09/15 18:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2009/07/08 03:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/16 21:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/10/22 23:48:14 | 000,344,064 | ---- | M] (Kmaestro) -- C:\Program Files\HP Wireless Multimedia Keyboard and Mouse\Kmaestro.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/06/29 17:54:16 | 000,073,728 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2007/06/29 17:53:34 | 000,110,592 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/10 21:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2005/10/12 21:08:30 | 001,622,016 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE
PRC - [2005/06/20 06:42:20 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (SafeList) ==========

MOD - [2011/06/04 21:41:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hope\Desktop\OTL.scr
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (itlperf)
SRV - File not found [Auto | Stopped] -- -- (6to4)
SRV - [2011/04/27 19:34:18 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/16 21:33:49 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/12/21 05:04:30 | 000,987,704 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2010/12/21 05:04:30 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/11/17 11:29:38 | 000,287,024 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/11/12 14:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/04/05 20:07:00 | 002,784,285 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/13 17:11:54 | 023,276,032 | R-S- | M] (Safer Networking Limited ) [Auto | Running] -- C:\WINDOWS\system32\Rpcqt.dll -- (RPCQT) Remote Procedure Call (CQTPM)
SRV - [2007/12/16 21:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/06/29 17:54:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/10 21:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV - [2011/03/16 21:33:50 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/02/14 22:31:44 | 000,436,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/02/07 20:39:10 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nocashio.sys -- (nocashio)
DRV - [2010/12/13 09:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/25 11:53:58 | 000,160,448 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2010/11/25 11:42:10 | 000,124,992 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2010/11/24 10:18:16 | 000,089,192 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/11/17 11:19:50 | 000,249,616 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/11/06 23:24:30 | 000,019,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2010/09/01 01:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/07/08 10:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdisMP)
DRV - [2010/07/08 10:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdis)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/07 15:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 15:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/03/25 06:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/04/07 18:00:00 | 000,254,080 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0510Vid.sys -- (V0510Dev)
DRV - [2007/06/12 11:27:00 | 000,011,776 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pdiddcci.sys -- (pdiddcci)
DRV - [2007/03/05 03:45:04 | 000,007,424 | R--- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0510Vfx.sys -- (V0510Vfx)
DRV - [2006/11/28 22:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2006/11/16 17:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2006/05/30 08:53:18 | 000,029,184 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2006/02/21 20:46:26 | 001,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/01 20:05:41 | 000,058,880 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atineuxx.sys -- (ATITUNEP)
DRV - [2005/11/01 20:04:59 | 000,075,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinesxx.sys -- (ATIXSAudio)
DRV - [2005/11/01 20:02:53 | 000,166,400 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinevxx.sys -- (atinevxx)
DRV - [2005/11/01 20:01:59 | 000,014,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinpdxx.sys -- (PCDCODEC)
DRV - [2005/11/01 20:01:49 | 000,015,360 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2005/11/01 20:01:19 | 000,055,808 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinraxx.sys -- (ativraxx)
DRV - [2005/06/20 07:08:44 | 002,324,480 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/03 22:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/15 11:28:46 | 000,257,872 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atirwvd.sys -- (ATI Remote Wonder II)
DRV - [2002/12/28 12:16:58 | 000,095,328 | ---- | M] (Generic) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\st3mp28.sys -- (st3mp28)
DRV - [2002/12/28 12:16:40 | 000,008,416 | ---- | M] (Generic) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\st3bus28.sys -- (st3bus28)
DRV - [2001/08/17 12:50:48 | 000,104,064 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2001/08/17 06:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 06:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 06:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 06:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 06:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 06:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 06:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 06:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 06:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z013&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: silvermel@pardal.de:1.3.5
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z013&form=ZGAADF&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/03 19:59:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/04 12:16:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 1\components [2011/06/01 13:28:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 1\plugins [2011/06/04 21:38:46 | 000,000,000 | ---D | M]

[2009/08/16 02:08:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hope\Application Data\Mozilla\Extensions
[2011/06/01 08:03:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hope\Application Data\Mozilla\Firefox\Profiles\jo4gi7v8.default\extensions
[2011/02/26 12:55:39 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Hope\Application Data\Mozilla\Firefox\Profiles\jo4gi7v8.default\searchplugins\bing-zugo.xml
[2010/12/29 14:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/29 14:08:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/29 14:12:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/04 21:38:21 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/04 21:38:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 1\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2009/09/01 18:37:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/24 13:14:50 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2009/11/28 12:10:18 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog2.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files\ToggleEN\prxtbTog2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BtcMaestro] C:\Program Files\HP Wireless Multimedia Keyboard and Mouse\KMaestro.exe (Kmaestro)
O4 - HKLM..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WinampAgent] File not found
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [ATI Launchpad] File not found
O4 - HKCU..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE (ATI Technologies Inc.)
O4 - HKCU..\Run: [Google Update] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2011/01/16 11:39:05 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL (ATI Technologies Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250406442232 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252830992640 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Hope\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hope\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/15 22:41:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3221b86b-669c-11df-8cb0-00016c27265a}\Shell - "" = AutoRun
O33 - MountPoints2\{3221b86b-669c-11df-8cb0-00016c27265a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3221b86b-669c-11df-8cb0-00016c27265a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/04 21:41:10 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hope\Desktop\OTL.scr
[2011/06/04 21:39:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/04 12:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/06/02 13:56:14 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Hope\Desktop\TDSSKiller.exe
[2011/06/02 13:00:11 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Hope\Desktop\aswMBR.exe
[2011/06/01 13:49:51 | 000,607,294 | R--- | C] (Swearware) -- C:\Documents and Settings\Hope\Desktop\dds.scr
[2011/05/30 15:22:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hope\Application Data\PriceGong
[2011/05/28 19:35:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hope\Start Menu\Programs\Handbrake
[2011/05/28 18:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2011/05/28 18:41:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hope\Application Data\libimobiledevice
[2011/05/28 18:40:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hope\.config
[2011/05/28 10:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/05/28 10:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/28 10:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/28 10:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/27 21:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ijji
[2011/05/27 21:00:36 | 000,713,312 | ---- | C] (NHN USA) -- C:\WINDOWS\System32\ijjiSetup.exe
[2011/05/27 21:00:36 | 000,062,048 | ---- | C] (NHN USA Inc.) -- C:\WINDOWS\System32\ijjiProcessRestarter.exe
[2011/05/27 21:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\REACTOR
[1 C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/04 21:46:19 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/04 21:46:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/04 21:45:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1390067357-725345543-1003UA.job
[2011/06/04 21:41:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hope\Desktop\OTL.scr
[2011/06/04 21:23:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/04 21:21:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/04 20:06:01 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2011/06/04 01:45:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1390067357-725345543-1003Core.job
[2011/06/02 19:31:26 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dungeon Fighter Online.url
[2011/06/02 13:55:50 | 001,301,452 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\tdsskiller.zip
[2011/06/02 13:01:30 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\MBR.dat
[2011/06/02 13:00:32 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Hope\Desktop\aswMBR.exe
[2011/06/01 14:40:31 | 000,293,977 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\gmer.zip
[2011/06/01 13:49:51 | 000,607,294 | R--- | M] (Swearware) -- C:\Documents and Settings\Hope\Desktop\dds.scr
[2011/06/01 13:44:12 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Hope\defogger_reenable
[2011/06/01 13:42:47 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\Defogger.exe
[2011/05/31 09:23:54 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/30 21:50:06 | 000,098,816 | ---- | M] () -- C:\Documents and Settings\Hope\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/30 09:56:15 | 000,008,623 | -HS- | M] () -- C:\Documents and Settings\Hope\Desktop\Folder.jpg
[2011/05/30 09:56:15 | 000,008,623 | -HS- | M] () -- C:\Documents and Settings\Hope\Desktop\AlbumArt_{FE3D7B0B-1BC5-4B49-B09D-01634082EC8D}_Large.jpg
[2011/05/30 09:56:12 | 000,002,295 | -HS- | M] () -- C:\Documents and Settings\Hope\Desktop\AlbumArtSmall.jpg
[2011/05/30 09:56:12 | 000,002,295 | -HS- | M] () -- C:\Documents and Settings\Hope\Desktop\AlbumArt_{FE3D7B0B-1BC5-4B49-B09D-01634082EC8D}_Small.jpg
[2011/05/29 12:32:00 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Hope\Desktop\gmer.exe
[2011/05/27 21:02:34 | 000,000,171 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ijji.url
[2011/05/27 21:02:32 | 000,001,586 | ---- | M] () -- C:\Documents and Settings\Hope\Application Data\Microsoft\Internet Explorer\Quick Launch\ijji REACTOR.lnk
[2011/05/27 21:02:31 | 000,001,566 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ijji REACTOR.lnk
[2011/05/25 07:10:16 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Hope\Desktop\TDSSKiller.exe
[2011/05/22 07:13:16 | 000,000,204 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MapleStory.url

========== Files Created - No Company Name ==========

[2011/06/04 12:16:35 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/02 19:31:26 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dungeon Fighter Online.url
[2011/06/02 13:55:46 | 001,301,452 | ---- | C] () -- C:\Documents and Settings\Hope\Desktop\tdsskiller.zip
[2011/06/02 13:01:30 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Hope\Desktop\MBR.dat
[2011/06/01 14:41:21 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Hope\Desktop\gmer.exe
[2011/06/01 14:40:30 | 000,293,977 | ---- | C] () -- C:\Documents and Settings\Hope\Desktop\gmer.zip
[2011/06/01 13:43:46 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Hope\defogger_reenable
[2011/06/01 13:42:47 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Hope\Desktop\Defogger.exe
[2011/05/30 09:56:16 | 000,008,623 | -HS- | C] () -- C:\Documents and Settings\Hope\Desktop\Folder.jpg
[2011/05/30 09:56:16 | 000,008,623 | -HS- | C] () -- C:\Documents and Settings\Hope\Desktop\AlbumArt_{FE3D7B0B-1BC5-4B49-B09D-01634082EC8D}_Large.jpg
[2011/05/30 09:56:16 | 000,002,295 | -HS- | C] () -- C:\Documents and Settings\Hope\Desktop\AlbumArtSmall.jpg
[2011/05/30 09:56:16 | 000,002,295 | -HS- | C] () -- C:\Documents and Settings\Hope\Desktop\AlbumArt_{FE3D7B0B-1BC5-4B49-B09D-01634082EC8D}_Small.jpg
[2011/05/27 21:02:34 | 000,000,171 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ijji.url
[2011/05/27 21:02:32 | 000,001,586 | ---- | C] () -- C:\Documents and Settings\Hope\Application Data\Microsoft\Internet Explorer\Quick Launch\ijji REACTOR.lnk
[2011/05/27 21:02:31 | 000,001,566 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ijji REACTOR.lnk
[2011/05/22 07:13:16 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MapleStory.url
[2011/02/26 12:49:41 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/02/26 12:49:40 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/02/14 23:36:41 | 000,000,565 | ---- | C] () -- C:\Documents and Settings\Hope\Application Data\myMPQ.ini
[2011/02/07 20:39:10 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys
[2010/12/04 20:54:44 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/22 21:16:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/15 05:06:19 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2010/08/06 21:00:24 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\System32\HsInfo.dat
[2010/06/15 11:54:06 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Hope\Application Data\winscp.rnd
[2010/05/13 16:22:24 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Strings
[2010/05/13 16:22:24 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Hope\Application Data\StatusSheet
[2010/05/13 16:22:24 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Synth Leads
[2010/05/13 16:22:23 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/05/08 23:55:58 | 000,262,884 | ---- | C] () -- C:\WINDOWS\IPUI_DivXG400.exe
[2010/03/10 21:27:17 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/02/25 18:37:49 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Hope\Local Settings\Application Data\rQVN4I4g
[2010/02/07 14:44:05 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/02/07 14:44:05 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/02/07 14:44:05 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/02/07 14:44:05 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/02/07 14:44:05 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/02/07 14:44:05 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/02/07 14:44:05 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/02/07 14:44:05 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/02/07 14:44:05 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/02/07 14:44:05 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/02/07 14:44:05 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/02/07 14:44:05 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/02/07 14:44:05 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/02/07 14:44:05 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/02/07 14:44:05 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/02/07 14:44:05 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/02/07 14:41:42 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPNX410.ini
[2009/12/21 12:36:05 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/12/19 21:08:46 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/19 21:09:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Hope\Local Settings\Application Data\Schedule8.dat
[2009/11/16 20:23:51 | 000,035,316 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/10 21:01:15 | 000,098,816 | ---- | C] () -- C:\Documents and Settings\Hope\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/23 19:16:08 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/08/23 18:59:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/22 01:28:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2009/08/16 20:39:14 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Hope\Local Settings\Application Data\fusioncache.dat
[2009/08/16 20:20:01 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/08/16 19:53:20 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/08/16 02:08:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/16 01:56:44 | 000,083,216 | ---- | C] () -- C:\WINDOWS\System32\KmRemove.exe
[2009/08/16 00:19:43 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/08/16 00:04:08 | 000,121,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/08/15 23:16:55 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/08/15 22:42:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/15 22:38:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/15 15:29:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/15 15:28:38 | 000,190,592 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/03/03 12:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/11/15 11:02:26 | 001,866,670 | ---- | C] () -- C:\WINDOWS\System32\libfftw3f-3.dll
[2008/04/05 10:53:24 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\avsfilter.dll
[2006/03/18 06:16:04 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2005/09/12 20:09:34 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\AvsRecursion.dll
[2004/01/28 11:42:06 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2004/01/28 11:42:06 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2004/01/28 11:42:06 | 000,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2004/01/23 19:35:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\avisynth_c.dll
[2002/10/15 15:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/08/23 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 05:00:00 | 000,440,684 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 05:00:00 | 000,071,002 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000/04/25 13:58:08 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wrkgadm.exe
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/12/19 09:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/03/10 21:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/06/14 15:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/05/13 16:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/02/07 14:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/08/07 13:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2011/05/22 01:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/05/13 16:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2011/05/21 05:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/06/04 21:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/13 16:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/06/22 02:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/04/07 20:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/03 20:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/20 19:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/07/19 23:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\Audacity
[2010/03/10 21:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\Canneverbe Limited
[2009/09/26 20:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\Canon
[2010/12/17 17:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1
[2010/06/14 15:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\DAEMON Tools Lite
[2009/12/22 12:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\DiskAid
[2009/08/16 02:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\DisplayTune
[2010/08/07 13:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\DragonicaSCB
[2010/08/29 16:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\Dropbox
[2010/06/30 17:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\EPSON
[2010/05/14 05:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\Facebook
[2010/07/19 23:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\FMZilla
[2010/07/09 23:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\gtk-2.0
[2011/05/28 19:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\HandBrake
[2011/05/27 21:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\ijjigame
[2010/02/07 14:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\Leadertech
[2011/05/28 18:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\libimobiledevice
[2011/03/05 11:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\LolClient
[2009/10/17 18:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\NeopleLauncherDFO
[2009/08/23 13:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\Nexon
[2010/05/13 16:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\Nikon
[2009/08/22 13:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\NPLUTO Corporation
[2009/08/29 08:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\Octoshape
[2011/02/08 17:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\Opera
[2011/01/02 21:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\PCToolsFirewallPlus
[2010/12/04 22:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\Power Mixer
[2011/06/04 12:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\PriceGong
[2010/08/09 14:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\Raptr
[2010/10/01 12:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\RayV
[2009/11/21 14:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\Red Kawa
[2010/08/15 05:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\Registry Mechanic
[2010/07/31 11:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\Sammsoft
[2010/06/16 00:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\Sony
[2011/06/04 11:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\uTorrent
[2010/07/26 19:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\WinAVI
[2010/06/22 03:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hope\Application Data\WindSolutions
[2011/06/04 20:06:01 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\RMSmartUpdate.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

OTL Extras logfile created on: 6/4/2011 9:41:32 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Hope\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 51.61% Memory free
2.97 Gb Paging File | 2.45 Gb Available in Paging File | 82.32% Paging File free
Paging file location(s): C:\pagefile.sys 1908 3816 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 13.31 Gb Free Space | 17.44% Space Free | Partition Type: NTFS

Computer Name: PERSONAL | User Name: Hope | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"56767:TCP" = 56767:TCP:*:Enabled:Pando Media Booster
"56767:UDP" = 56767:UDP:*:Enabled:Pando Media Booster
"57230:TCP" = 57230:TCP:*:Enabled:Pando Media Booster
"57230:UDP" = 57230:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"7383:TCP" = 7383:TCP:*:Enabled:BitComet 7383 TCP
"7383:UDP" = 7383:UDP:*:Enabled:BitComet 7383 UDP
"57392:TCP" = 57392:TCP:*:Enabled:Pando Media Booster
"57392:UDP" = 57392:UDP:*:Enabled:Pando Media Booster
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"7835:TCP" = 7835:TCP:*:Enabled:BitComet 7835 TCP
"7835:UDP" = 7835:UDP:*:Enabled:BitComet 7835 UDP
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"57291:TCP" = 57291:TCP:*:Enabled:Pando Media Booster
"57291:UDP" = 57291:UDP:*:Enabled:Pando Media Booster
"7476:TCP" = 7476:TCP:*:Enabled:BitComet 7476 TCP
"7476:UDP" = 7476:UDP:*:Enabled:BitComet 7476 UDP
"56767:TCP" = 56767:TCP:*:Enabled:Pando Media Booster
"56767:UDP" = 56767:UDP:*:Enabled:Pando Media Booster
"57230:TCP" = 57230:TCP:*:Enabled:Pando Media Booster
"57230:UDP" = 57230:UDP:*:Enabled:Pando Media Booster
"8381:TCP" = 8381:TCP:*:Enabled:League of Legends Launcher
"8381:UDP" = 8381:UDP:*:Enabled:League of Legends Launcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam
"C:\Documents and Settings\Hope\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Hope\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\RayV\RayV\RayV.exe" = C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV -- (RayV)
"C:\Program Files\RayV\RayV\RayV.dll" = C:\Program Files\RayV\RayV\RayV.dll:*:Enabled:RayV -- (RayV)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Blubster\Blubster.exe" = C:\Program Files\Blubster\Blubster.exe:*:Enabled:Blubster -- (MP2P Technologies.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{0A04149A-F6CC-4E4E-BDC6-44D0E64916FC}" = TitanTV Client components for ATI
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{159C13FA-82AF-4DD9-8BC9-5EA368613A20}" = WebEx Recorder and Player
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5E479D3B-4A87-42B9-A91E-2EB2284A54D4}" = DAEMON Tools
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{672D0014-71A9-45EF-B10E-DEF7426961A6}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{68BD9036-0952-4849-AE7A-963BB53EDB71}" = GGPO
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{752CA503-E29F-4610-A1A4-B21CDC58EF8D}" = SAS10
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79E147E8-2113-4BE0-9AB4-360B85CC3051}" = GameShadow
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A232EC3-38F5-4827-910F-AD1F3BF7878F}" = ATI Parental Control & Encoder
"{8F36E44A-E6E7-41B7-B6F6-4637BF84EFA5}" = ATI Remote Wonder
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99D34763-7E45-4FE5-8424-28DBC3A5F0BF}" = GUIDE PLUS+™ for Windows® System - ATI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4E0C1B6-AAC6-405C-A123-185B0905AE46}" = ATI Decoder
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B76E962C-190D-403D-BE4A-03C112C94F9C}" = ATI Multimedia Center
"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
"{BA688606-4B20-4982-995E-EDADC6A6817E}" = League of Legends
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC4D6E89-1FB7-4694-A917-AA3FD1BED346}" = ATI Catalyst Control Center
"{CD4D567E-44D7-4CDA-977D-C918D88FA3D9}_is1" = MemTurbo 4
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"87D46C3F73EF6B7F5CD27D922EEE14783E1AD3BF" = Windows Driver Package - Sony PSP Type B (11/20/2005 20051120)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Blubster" = Blubster 3.1.1
"BtcMaestro" = HP Wireless Multimedia Keyboard and Mouse Driver V1.2
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"CopyTrans Suite" = CopyTrans Suite Remove Only
"CSCLIB" = Canon Camera Support Core Library
"DFO" = DFOLauncher
"DirectVobSub" = DirectVobSub (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DivXG400" = DivXG400
"DPP" = Canon Utilities Digital Photo Professional 3.6
"EOS Utility" = Canon Utilities EOS Utility
"EPSON NX410 Series" = EPSON NX410 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Finale NotePad 2007" = Finale NotePad 2007
"Finale Reader" = Finale Reader 2010
"HandBrake" = HandBrake 0.9.5
"ie8" = Windows Internet Explorer 8
"InstallShield_{752CA503-E29F-4610-A1A4-B21CDC58EF8D}" = AuthorScript Engine 1.0
"InstallShield_{8F36E44A-E6E7-41B7-B6F6-4637BF84EFA5}" = ATI Remote Wonder 3.03
"InstallShield_{A4E0C1B6-AAC6-405C-A123-185B0905AE46}" = ATI Decoder
"InstallShield_{B76E962C-190D-403D-BE4A-03C112C94F9C}" = ATI Multimedia Center 9.10
"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"IrfanView" = IrfanView (remove only)
"JAIELangPack" = Japanese Language Support
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapleStory" = MapleStory
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"Network MagicUninstall" = Network Magic
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PC Tools Firewall Plus" = PC Tools Firewall Plus 7.0
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Raptr" = Raptr
"RayV" = WCG2010EN Player
"Registry Mechanic_is1" = Registry Mechanic 10.0
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Rocketfish Live! Cam Center" = Rocketfish Live! Cam Center
"Rocketfish VF0510" = Rocketfish 2MP AF Webcam Driver (1.00.06.00)
"Secunia PSI" = Secunia PSI (2.0.0.1003)
"ToggleEN Toolbar" = ToggleEN Toolbar
"uTorrent" = µTorrent
"Videora iPod Converter" = Videora iPod Converter 5.03
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.0.5
"VobSub" = VobSub v2.23 (Remove Only)
"WAV to MP3 Encoder" = WAV to MP3 Encoder
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WFTK" = Canon Utilities WFT-E1/E2/E3/E4 Utility
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.9
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YouTube Downloader App" = YouTube Downloader App 2.03
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/1/2011 8:12:46 AM | Computer Name = PERSONAL | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00266f95.

Error - 6/1/2011 8:13:02 AM | Computer Name = PERSONAL | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001a6f95.

Error - 6/1/2011 8:13:34 AM | Computer Name = PERSONAL | Source = Application Error | ID = 1001
Description = Fault bucket -1849155533.

Error - 6/1/2011 8:13:37 AM | Computer Name = PERSONAL | Source = Application Error | ID = 1001
Description = Fault bucket -1848598042.

Error - 6/1/2011 8:14:26 AM | Computer Name = PERSONAL | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00266f95.

Error - 6/1/2011 4:36:17 PM | Computer Name = PERSONAL | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00266f95.

Error - 6/1/2011 4:56:05 PM | Computer Name = PERSONAL | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001a6f95.

Error - 6/2/2011 12:12:59 AM | Computer Name = PERSONAL | Source = ESENT | ID = 490
Description = svchost (1488) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 6/2/2011 12:13:01 AM | Computer Name = PERSONAL | Source = ESENT | ID = 490
Description = svchost (1488) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 6/2/2011 4:07:00 PM | Computer Name = PERSONAL | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001a6f95.

[ System Events ]
Error - 6/4/2011 3:20:18 PM | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7034
Description = The PC Tools Firewall Plus service terminated unexpectedly. It has
done this 1 time(s).

Error - 6/4/2011 3:20:18 PM | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/4/2011 3:20:18 PM | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).

Error - 6/4/2011 3:20:18 PM | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7034
Description = The Secunia PSI Agent service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/4/2011 3:20:18 PM | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7034
Description = The Canon Camera Access Library 8 service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/4/2011 3:20:18 PM | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 6/4/2011 3:20:18 PM | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7034
Description = The Secunia Update Agent service terminated unexpectedly. It has
done this 1 time(s).

Error - 6/4/2011 3:20:19 PM | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7034
Description = The Pure Networks Platform Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/5/2011 12:22:55 AM | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 6/5/2011 12:22:55 AM | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7023
Description = The Intel CPU service terminated with the following error: %%126


< End of report >

#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:03 AM

Posted 05 June 2011 - 01:34 PM

Good evening. :)

Run OTL.scr.

  • Copy and paste the following into the Custom Scans/Fixes box at the bottom:

    :OTL
    O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [WinampAgent] File not found
    O4 - HKCU..\Run: [] File not found
    O4 - HKCU..\Run: [ATI Launchpad] File not found
    O4 - HKCU..\Run: [Google Update] File not found
    O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab (Reg Error: Key error.)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found

    :Commands
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]

  • Click the Run Fix button at the top.
  • Let the program run until it has completed.
Assuming that nothing untoward occurs, you're now done. I want you to run your PC as normal for a few days and when you are happy that everything is fine, do the following:

Create a new Restore Point with a memorable name - this will give a clean one should you need it in the future. If you use a Restore Point from before this point you may reinstall any infection that was present at the time, so only do so if using this latest one doesn't solve any issues.
A tutorial for System Restore is available here.

Some bedtime reading: This is a very good tutorial about keeping your computer safe and secure on the internet. It's a little old, but still contains some good ideas.

So long, and thanks for all the fish.

 

 


#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:03 AM

Posted 09 June 2011 - 01:51 PM

As this issue appears to have been resolved, this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users