Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Computer, Google redirect


  • This topic is locked This topic is locked
14 replies to this topic

#1 4ensic

4ensic

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 01 June 2011 - 05:25 PM

Hello,

My computer has been infected with something so I am looking for guidance on how to fix the problem. I scanned my computer with Malwarebytes' anti-malware,spyware terminator,spybot search & destroy, and ESET online and am still infected.

After about 10 minutes of use I get "send/don't send" report pop up. It says "Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience." After that my computer is very unresponsive to opening programs/files. It also wont restart/shutdown normally; like it hangs on "saving user settings" or something like that after I hit the shutdown/restart button. Also I get google searches redirected. I am unable to update my security for win. xp, and am unable to update security through the microsoft website as well.

Here are the HijackThis logs as well as DDS.txt. I will attach the gmer.log and attach.txt as well.

_________________________________________________________________________________________________________
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Run by user at 18:03:32 on 2011-06-01
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1033.18.1279.787 [GMT -4:00]
.
FW: COMODO Firewall Pro *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\lxebcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\dwwin.exe
C:\Documents and Settings\user\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.rambler.ru/
uInternet Settings,ProxyOverride = <local>
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: {468CD8A9-7C25-45FA-969E-3D925C689DC4} - No File
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
IE: Crawler Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1306706757968
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} - hxxp://www.verizon.net/checkmypc/includes/MotivePreQual.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\2jxp5mhr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 55717
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-5-2 142592]
R2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2006-10-16 472832]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-16 136176]
S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxebserv.exe [2010-6-5 98984]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-16 136176]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2006-6-29 2383152]
S3 XDva208;XDva208; [x]
S4 0127211306788719mcinstcleanup;McAfee Application Installer Cleanup (0127211306788719);c:\docume~1\user\locals~1\temp\012721~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\user\locals~1\temp\012721~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S4 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-5-16 102400]
.
=============== Created Last 30 ================
.
2011-05-30 22:39:06 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-05-30 19:32:17 98816 ----a-w- c:\windows\sed.exe
2011-05-30 19:32:17 518144 ----a-w- c:\windows\SWREG.exe
2011-05-30 19:32:17 256512 ----a-w- c:\windows\PEV.exe
2011-05-30 19:32:17 208896 ----a-w- c:\windows\MBR.exe
2011-05-30 17:50:41 -------- d-sh--w- c:\documents and settings\user\IECompatCache
2011-05-30 15:21:35 -------- dc-h--w- c:\windows\ie8
2011-05-29 16:50:16 -------- d-----w- c:\windows\system32\MpEngineStore
2011-05-29 16:49:06 -------- d-----w- C:\b69968629bdc0c3e771be8c49f98ce
2011-05-29 16:39:35 -------- d-----w- C:\03a32bbea6eb7928b12801d7
2011-05-29 01:07:35 -------- d-----w- c:\documents and settings\all users\application data\Skype Extras
2011-05-21 01:23:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-21 01:11:41 -------- d-----w- C:\Security Solution 2011
2011-05-11 00:12:53 -------- d-----w- c:\program files\Mozilla Firefox RU
2011-05-11 00:09:58 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-11 00:09:57 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-11 00:09:57 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-11 00:09:57 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-11 00:09:57 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-11 00:09:57 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-11 00:09:57 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-11 00:09:57 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
.
==================== Find3M ====================
.
2011-05-20 21:09:47 0 ----a-w- c:\windows\Gnalabu.bin
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3200826A rev.3.03 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A1AE4D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a1b47f0]; MOV EAX, [0x8a1b486c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A21CAB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000063[0x8A247F18]
5 ACPI[0xF7496620] -> nt!IofCallDriver[0x804E37D5] -> [0x8A220940]
\Driver\atapi[0x8A244030] -> IRP_MJ_CREATE -> 0x8A1AE4D0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A1AE31B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 18:04:57.25 ===============
______________________________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:06:27 PM, on 6/1/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\lxebcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dwwin.exe
C:\Documents and Settings\user\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rambler.ru/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1306706757968
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus® Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: lxebCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxebserv.exe
O23 - Service: lxeb_device - - C:\WINDOWS\system32\lxebcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 8171 bytes
_____________________________________

Thank You for the help.

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:24 AM

Posted 06 June 2011 - 12:55 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:24 AM

Posted 08 June 2011 - 10:02 AM

Do you still need help with your machine?

If the instructions are unclear or something isn't working, please let me know before proceeding.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:24 AM

Posted 09 June 2011 - 10:08 AM

Due to lack of feedback this thread will now be closed. If you still require assistance, and would like to have your thread re-opened, please feel free to send me a Private Message (PM) being sure to include a link to your topic, and I'd be happy to re-open it.


Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:24 AM

Posted 09 June 2011 - 12:09 PM

This topic has been re-opened at the request of the person who originally posted.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 4ensic

4ensic
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 09 June 2011 - 02:10 PM

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xAEB53000 C:\WINDOWS\system32\DRIVERS\lvuvc.sys 6750208 bytes (Logitech Inc., Logitech USB Video Class Driver)
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 4530176 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 93.71 )
0xB918A000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 4124672 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0xB95B0000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3997696 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 93.71 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF74D6000 PCI_PNP9190 1048576 bytes
0xF74D6000 sptd 1048576 bytes
0xF74D6000 spxt.sys 1048576 bytes
0xB9039000 C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys 610304 bytes (LT, LT Windows Modem)
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB90CE000 C:\WINDOWS\system32\DRIVERS\A3AB.sys 475136 bytes (D-Link Corporation, Driver for D-Link Wireless Network Adapter)
0xB32BF000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB45A3000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB33C7000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAD4C1000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF464000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xAC960000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xAEB13000 C:\WINDOWS\system32\DRIVERS\lvrs.sys 262144 bytes (Logitech Inc., Logitech Kernel Audio Improvement Filter Driver)
0xF7490000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xAD6E6000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7A0F000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAADCE000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB332F000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB339F000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB3299000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB9166000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9142000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9579000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB335A000 C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 143360 bytes (-, -)
0xB337D000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7967000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7858000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xBA7E6000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7840000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAEAFB000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF74BE000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF7950000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB900E000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAD681000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9025000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB959C000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB3420000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF7A3C000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF782E000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF747F000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB8FFD000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB5CB7000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF76E7000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF745F000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF746F000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF76F7000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB4DE6000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB5D27000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xB51A9000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7637000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF744F000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF743F000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF741F000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB5169000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF76D7000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF742F000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB51B9000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7647000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7657000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xB51C9000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF740F000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7627000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB5D37000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF76C7000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA1A6000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB5179000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB4E76000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF773F000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB4F5E000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB60D3000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7737000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7807000 C:\WINDOWS\system32\ANIO.SYS 28672 bytes (Alpha Networks Inc., ANIO (NT5) Driver )
0xF7747000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xB4F76000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB4FC0000 C:\WINDOWS\system32\DRIVERS\VClone.sys 28672 bytes (Elaborate Bytes AG, VirtualCloneCD Driver)
0xF774F000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB4FC8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB4F6E000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB60C3000 C:\WINDOWS\System32\Drivers\ElbyCDIO.sys 20480 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0xB4F86000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xB5B48000 C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0xB4F66000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB4FD8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB4FD0000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7757000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF772F000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xB5E4E000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB5DED000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xBA6D6000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF792B000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF789B000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xAF59B000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF791F000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 12288 bytes (GEAR Software Inc., CD DVD Filter)
0xB083A000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8A09D000 C:\WINDOWS\system32\KDCOM.DLL 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB0241000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF792F000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB5026000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF79B5000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF79F1000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF79C5000 C:\WINDOWS\System32\Drivers\ElbyDelay.sys 8192 bytes (Elaborate Bytes AG, Elby Delay Lower Filter Driver)
0xF79B3000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF79B7000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7A07000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF79B9000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79AD000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xF79AF000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79B1000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7987000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7AAF000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB9984000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB479F000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8A26C1F8 unknown_irp_handler 3592 bytes
0x8A1251F8 unknown_irp_handler 3592 bytes
0x8A13D1F8 unknown_irp_handler 3592 bytes
0x8A2DC1F8 unknown_irp_handler 3592 bytes
0x89FB11F8 unknown_irp_handler 3592 bytes
0x8A1191F8 unknown_irp_handler 3592 bytes
0x89DD31F8 unknown_irp_handler 3592 bytes
0x899201F8 unknown_irp_handler 3592 bytes
!!!!!!!!!!!Hidden driver: 0x8A1AE31B ?_empty_? 3301 bytes
0x89F43500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
0xF7840000 WARNING: suspicious driver modification [atapi.sys::0x8A1AE31B]
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]
____________________________________________________________________________________

OTL logfile created on: 6/9/2011 1:08:22 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 53.38% Memory free
1.48 Gb Paging File | 1.13 Gb Available in Paging File | 76.48% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 135.64 Gb Free Space | 72.81% Space Free | Partition Type: NTFS

Computer Name: USER-B0A32341CE | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/09 13:07:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
PRC - [2011/04/14 13:01:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox RU\firefox.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/07/29 10:53:27 | 000,602,792 | ---- | M] ( ) -- C:\WINDOWS\system32\lxebcoms.exe
PRC - [2009/05/02 03:25:25 | 000,487,424 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 20:12:18 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (SafeList) ==========

MOD - [2011/06/09 13:07:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (getPlus® Helper) getPlus®
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (ANIWZCSdService)
SRV - File not found [Disabled | Stopped] -- -- (0127211306788719mcinstcleanup) McAfee Application Installer Cleanup (0127211306788719)
SRV - [2010/04/12 16:26:45 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/29 10:53:27 | 000,602,792 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxebcoms.exe -- (lxeb_device)
SRV - [2009/07/29 10:53:20 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV - [2009/05/02 03:25:25 | 000,487,424 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2008/05/16 17:12:44 | 000,102,400 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2003/08/11 04:07:38 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2009/10/07 04:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 04:49:38 | 006,756,632 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 600(UVC)
DRV - [2009/10/07 04:47:55 | 000,266,008 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/05/02 03:25:25 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2008/09/26 10:53:00 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/09/26 10:52:00 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/09/26 10:52:00 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/07/23 01:34:13 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/10/26 12:20:40 | 004,124,352 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007/04/23 13:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007/02/15 20:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2006/10/16 00:58:36 | 000,472,832 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2006/06/29 19:56:04 | 002,383,152 | ---- | M] (Microsoft Corporation
) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX6000Xp.sys -- (VX6000)
DRV - [2005/12/11 12:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005/07/07 10:26:04 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2005/07/07 10:26:00 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005/07/07 10:25:58 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005/05/30 18:58:52 | 000,028,160 | ---- | M] (W1zzard) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2005/02/11 12:24:24 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2004/08/03 18:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2003/03/31 15:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-842925246-1715567821-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rambler.ru/
IE - HKU\S-1-5-21-842925246-1715567821-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-842925246-1715567821-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {880CCDC7-BED1-4B00-B55D-9A1D4BB5055E}:1.9.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 55717
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/28 16:38:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{880CCDC7-BED1-4B00-B55D-9A1D4BB5055E}: C:\Documents and Settings\user\Local Settings\Application Data\{880CCDC7-BED1-4B00-B55D-9A1D4BB5055E} [2011/04/22 21:41:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox RU\components [2011/05/10 20:12:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox RU\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2011/03/06 16:37:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2009/03/24 16:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/05/23 18:15:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\2jxp5mhr.default\extensions
[2011/03/06 18:52:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\2jxp5mhr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/10 20:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2JXP5MHR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/04/22 21:41:50 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\{880CCDC7-BED1-4B00-B55D-9A1D4BB5055E}
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/11/18 17:43:29 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/05/30 17:48:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-842925246-1715567821-682003330-1004\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-842925246-1715567821-682003330-1004\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-1715567821-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-1715567821-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-842925246-1715567821-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-842925246-1715567821-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1306706757968 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} http://www.verizon.net/checkmypc/includes/MotivePreQual.cab (PreQualifier Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/16 19:30:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/02 03:34:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/06/01 16:47:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/30 18:39:06 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/05/30 17:46:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/30 15:32:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/30 15:32:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/30 15:32:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/30 15:32:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/30 13:50:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user\IECompatCache
[2011/05/30 11:21:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/05/30 00:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/05/29 18:16:05 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\user\Desktop\esetsmartinstaller_enu.exe
[2011/05/29 12:50:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/05/29 12:49:06 | 000,000,000 | ---D | C] -- C:\b69968629bdc0c3e771be8c49f98ce
[2011/05/29 12:39:35 | 000,000,000 | ---D | C] -- C:\03a32bbea6eb7928b12801d7
[2011/05/29 12:38:47 | 013,248,968 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\user\Desktop\windows-kb890830-v3.19.exe
[2011/05/29 12:38:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Загрузки
[2011/05/28 21:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/05/28 20:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/05/28 20:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/05/21 21:37:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\peyzazh
[2011/05/20 21:23:25 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/20 21:11:41 | 000,000,000 | ---D | C] -- C:\Security Solution 2011
[2011/05/15 17:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\USA-2011
[2011/05/10 20:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox RU
[2010/06/05 18:16:58 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcoin.dll
[2010/06/05 18:12:57 | 001,056,768 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebserv.dll
[2010/06/05 18:12:57 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebusb1.dll
[2010/06/05 18:12:57 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebpmui.dll
[2010/06/05 18:12:57 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEBhcp.dll
[2010/06/05 18:12:57 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebinpa.dll
[2010/06/05 18:12:57 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebiesc.dll
[2010/06/05 18:12:56 | 000,581,632 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeblmpm.dll
[2010/06/05 18:12:56 | 000,328,360 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebih.exe
[2010/06/05 18:12:55 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebhbn3.dll
[2010/06/05 18:12:55 | 000,602,792 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcoms.exe
[2010/06/05 18:12:55 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomm.dll
[2010/06/05 18:12:54 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomc.dll
[2010/06/05 18:12:54 | 000,369,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcfg.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/09 12:55:43 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/06/09 12:55:21 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/09 12:55:16 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1715567821-682003330-1004.job
[2011/06/09 12:55:04 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/09 12:55:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/09 12:54:58 | 1341,706,240 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/09 12:54:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/06/09 12:54:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/06/04 11:52:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1715567821-682003330-1004UA.job
[2011/06/04 11:38:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/03 23:52:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1715567821-682003330-1004Core.job
[2011/05/30 18:39:06 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/05/30 18:18:11 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\housecall.guid.cache
[2011/05/30 17:48:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/30 16:54:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/30 16:29:57 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1715567821-682003330-1004.job
[2011/05/29 21:54:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/29 18:16:18 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\user\Desktop\esetsmartinstaller_enu.exe
[2011/05/29 12:38:57 | 013,248,968 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\user\Desktop\windows-kb890830-v3.19.exe
[2011/05/28 21:00:29 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/25 20:47:45 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Google Chrome.lnk
[2011/05/25 20:47:45 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/20 21:23:25 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/20 21:21:14 | 000,006,705 | ---- | M] () -- C:\Documents and Settings\user\Application Data\F88E.8D3
[2011/05/20 21:11:41 | 000,001,818 | ---- | M] () -- C:\Security Solution 2011.lnk
[2011/05/20 17:09:50 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Tpimowuwu.dat
[2011/05/20 17:09:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Gnalabu.bin
[2011/05/10 20:12:55 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/10 20:12:55 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/10 20:02:47 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/05/10 19:45:40 | 000,001,834 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Lightroom 3.3.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/30 18:18:11 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\housecall.guid.cache
[2011/05/30 15:32:17 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/30 15:32:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/30 15:32:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/30 15:32:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/30 15:32:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/29 18:03:34 | 1341,706,240 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/28 20:59:59 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/20 21:11:41 | 000,001,818 | ---- | C] () -- C:\Security Solution 2011.lnk
[2011/05/10 20:09:59 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/10 19:45:40 | 000,001,834 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lightroom 3.3.lnk
[2011/05/10 19:45:40 | 000,001,828 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop Lightroom 3.3.lnk
[2011/04/22 21:39:56 | 000,006,705 | ---- | C] () -- C:\Documents and Settings\user\Application Data\F88E.8D3
[2010/11/19 19:00:56 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Tpimowuwu.dat
[2010/11/19 19:00:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Gnalabu.bin
[2010/06/17 18:05:50 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/05 18:17:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxebvs.dll
[2010/06/05 18:16:51 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxebcuir.dll
[2010/06/05 18:16:51 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxebgcfg.dll
[2010/06/05 18:16:50 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxebcui.dll
[2010/06/05 18:15:21 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\LXEBPMON.DLL
[2010/06/05 18:15:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXEBFXPU.DLL
[2010/06/05 18:15:01 | 004,485,120 | ---- | C] () -- C:\WINDOWS\System32\LXEBoem.dll
[2010/06/05 18:13:10 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\lxebrwrd.ini
[2010/06/05 18:12:58 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\LXEBinst.dll
[2010/06/05 18:12:56 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxebins.dll
[2010/06/05 18:12:56 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxebinsb.dll
[2010/06/05 18:12:56 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxebinsr.dll
[2010/06/05 18:12:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxebjswr.dll
[2010/06/05 18:12:55 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxebcu.dll
[2010/06/05 18:12:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxebgrd.dll
[2010/06/05 18:12:55 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxebcub.dll
[2010/06/05 18:12:55 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxebcur.dll
[2010/06/05 18:09:36 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXEBsm.dll
[2010/06/05 18:09:36 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LXEBsmr.dll
[2010/04/27 16:40:58 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WFT-E2Utility.INI
[2010/04/13 22:55:47 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/11 18:42:28 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/02/28 21:03:19 | 000,013,082 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\0Mp8n7BDj1d
[2010/02/10 23:16:10 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/09/13 13:50:46 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/08/29 20:54:41 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2009/08/29 20:54:41 | 000,029,234 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2009/07/27 13:44:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\md5sum.exe
[2009/07/24 18:09:29 | 000,005,227 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2009/05/19 20:50:45 | 000,000,990 | -HS- | C] () -- C:\Documents and Settings\user\Application Data\systemfl.$dk
[2009/05/14 16:36:19 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2009/05/02 03:25:25 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2009/04/25 11:37:18 | 000,000,400 | ---- | C] () -- C:\WINDOWS\g_iclink417.ini
[2009/04/25 11:37:18 | 000,000,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\bcompbg979.dat
[2009/03/19 18:36:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mavis Beacon Teaches Typing.INI
[2009/03/10 20:01:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\cm.ini
[2009/02/17 19:55:20 | 000,000,134 | ---- | C] () -- C:\WINDOWS\System32\DWLAB.DAT
[2009/02/17 19:54:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2009/02/07 13:41:15 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI
[2008/12/28 16:11:19 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/12/23 15:04:52 | 000,000,058 | ---- | C] () -- C:\WINDOWS\nfsc_patch.ini
[2008/10/31 13:55:54 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\user\Application Data\PnkBstrK.sys
[2008/10/26 16:25:03 | 000,211,893 | ---- | C] () -- C:\WINDOWS\System32\drivers\IsDrv122.sys
[2008/10/10 17:41:57 | 000,038,284 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/09/22 18:22:21 | 000,000,086 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/20 23:38:35 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\PUTTY.RND
[2008/08/29 18:03:32 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\user\Application Data\$_hpcst$.hpc
[2008/07/20 20:16:11 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll
[2008/04/13 11:16:51 | 000,000,892 | ---- | C] () -- C:\WINDOWS\mge.INI
[2008/03/31 15:21:00 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/02/11 09:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 21:52:51 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/02/08 21:52:51 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\4FEA4B1C94.sys
[2008/02/08 13:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2008/02/05 08:48:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerUninstaller.exe
[2008/01/12 16:08:35 | 000,002,035 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/01/11 18:37:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/01/09 21:24:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/12/02 14:13:49 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/11/25 17:55:08 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
[2007/11/22 20:42:04 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/22 20:42:00 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/17 17:19:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/11/17 11:23:34 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/17 10:45:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/11/17 10:45:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/11/16 19:32:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/11/16 19:27:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/11/16 14:10:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/11/16 14:09:22 | 000,247,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/07/27 14:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2006/11/02 12:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2006/10/22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 13:22:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/22 13:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 13:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 13:22:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/22 13:22:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/04/14 22:30:49 | 000,015,497 | ---- | C] () -- C:\WINDOWS\VX6KStd.ini
[2005/12/05 19:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,444,382 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,072,258 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/18 17:10:36 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.DLL
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

< End of report >
__________________________________________________________

OTL Extras logfile created on: 6/9/2011 1:08:22 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 53.38% Memory free
1.48 Gb Paging File | 1.13 Gb Available in Paging File | 76.48% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 135.64 Gb Free Space | 72.81% Space Free | Partition Type: NTFS

Computer Name: USER-B0A32341CE | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-842925246-1715567821-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox RU\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"94:TCP" = 94:TCP:*:Disabled:VRS Recording System Web Control Panel
"606:TCP" = 606:TCP:*:Disabled:VoIP On-Hold Server
"8000:UDP" = 8000:UDP:*:Disabled:Express Talk RTP Incoming Audio (UDP)
"81:TCP" = 81:TCP:*:Disabled:Axon Virtual PBX Web Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Disabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )
"C:\Program Files\russradio\russradio.chm" = C:\Program Files\russradio\russradio.chm:*:Enabled:russradio.chm -- ()
"C:\WINDOWS\system32\lxebcoms.exe" = C:\WINDOWS\system32\lxebcoms.exe:*:Enabled:Pro200-S500 Series Server -- ( )
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{2205B8AE-490E-43F2-AB43-C13C2BEC86A7}" = DDS Thumbnail Viewer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft Visual C++ 8.0 Support DLLs
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3FBC5FCA-F989-4D5D-93F6-B185EEE1EC76}" = IIS6 Manager
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{400348D1-032F-4717-A840-D52F975C1033}" = Nero 7 Ultra Edition
"{42C7A1F1-6986-41E6-B0C7-94657FE89301}" = Mavis Beacon Teaches Typing Deluxe 15
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{545026A7-D1CB-47DB-A2CA-DBDEE0391DC0}" = «Интенсивный курс по Windows XP»
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{657EDA98-A8AD-4E9F-8F18-F1BE0E618290}" = RangeBooster G WDA-2320
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C1D4735-84E4-41E2-A1DB-70EADE27633C}" = Adobe Photoshop Lightroom 3.3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{E934E2A2-BE3B-4C1A-A3D9-753FFB2B38B4}" = WD Drive Manager (x86)
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA82FF50-E258-4DFE-839B-8F26A01A34A7}" = Microsoft Tool Web Package:WntIpcfg.exe
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agent" = Microsoft Agent 1.5
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"CCleaner" = CCleaner
"CSCLIB" = Canon Camera Support Core Library
"DivX Codec" = DivX Pro Codec
"DivX Player" = DivX Player 2.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DPP" = Canon Utilities Digital Photo Professional 3.6
"EOS Utility" = Canon Utilities EOS Utility
"ESET Online Scanner" = ESET Online Scanner v3
"EsetOnlineScanner" = ESET Online Scanner
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{657EDA98-A8AD-4E9F-8F18-F1BE0E618290}" = RangeBooster G WDA-2320
"Lexmark Pro200-S500 Series" = Lexmark Pro200-S500 Series
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Mozilla Firefox 4.0.1 (x86 ru)" = Mozilla Firefox 4.0.1 (x86 ru)
"MSCnC" = Microsoft Command & Control Engine
"MSLex" = Microsoft Speech Lexicon
"MyCamera" = Canon Utilities MyCamera
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Russian Language for Adobe Photoshop CS2 v9.0" = Russian Language for Adobe Photoshop CS2 v9.0
"SpeechAPI" = Microsoft Speech API 3.0
"Spyware Terminator_is1" = Spyware Terminator
"Verizon High Speed Internet_is1" = Verizon High Speed Internet
"VirtualCloneDrive" = VirtualCloneDrive
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WFTK" = Canon Utilities WFT-E1/E2/E3/E4 Utility
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-842925246-1715567821-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/30/2011 6:21:01 PM | Computer Name = USER-B0A32341CE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/30/2011 6:32:05 PM | Computer Name = USER-B0A32341CE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 5/30/2011 6:32:06 PM | Computer Name = USER-B0A32341CE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 6/1/2011 4:42:51 PM | Computer Name = USER-B0A32341CE | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00266f95.

Error - 6/1/2011 4:43:23 PM | Computer Name = USER-B0A32341CE | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00266f95.

Error - 6/1/2011 4:51:16 PM | Computer Name = USER-B0A32341CE | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x001a6f95.

Error - 6/1/2011 5:13:52 PM | Computer Name = USER-B0A32341CE | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001a6f95.

Error - 6/1/2011 6:08:37 PM | Computer Name = USER-B0A32341CE | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00264d04.

Error - 6/9/2011 12:56:24 PM | Computer Name = USER-B0A32341CE | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00264d04.

Error - 6/9/2011 1:05:16 PM | Computer Name = USER-B0A32341CE | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001a6f95.

[ System Events ]
Error - 6/1/2011 4:39:18 PM | Computer Name = USER-B0A32341CE | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_TMCOMM\0000 disappeared from the system without
first being prepared for removal.

Error - 6/1/2011 4:41:34 PM | Computer Name = USER-B0A32341CE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxebCATSCustConnectService
service to connect.

Error - 6/1/2011 4:41:34 PM | Computer Name = USER-B0A32341CE | Source = Service Control Manager | ID = 7000
Description = The lxebCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 6/1/2011 4:45:11 PM | Computer Name = USER-B0A32341CE | Source = Service Control Manager | ID = 7034
Description = The Canon Camera Access Library 8 service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/1/2011 5:03:54 PM | Computer Name = USER-B0A32341CE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxebCATSCustConnectService
service to connect.

Error - 6/1/2011 5:03:54 PM | Computer Name = USER-B0A32341CE | Source = Service Control Manager | ID = 7000
Description = The lxebCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 6/2/2011 5:36:38 PM | Computer Name = USER-B0A32341CE | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 6/9/2011 12:55:18 PM | Computer Name = USER-B0A32341CE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxebCATSCustConnectService
service to connect.

Error - 6/9/2011 12:55:18 PM | Computer Name = USER-B0A32341CE | Source = Service Control Manager | ID = 7000
Description = The lxebCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 6/9/2011 12:57:01 PM | Computer Name = USER-B0A32341CE | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >
_______________________________________________

When pasting the extras.txt from the infected computer and trying to preview/submit the post, I got one of those "you have a connection problem." I tried on firefox and i.e. and get same message. I don't know if that's part of the problem, because I transferred the text docs to my other computer and am now able to paste and preview/submit the information without any problems.

Also google chrome crashes when I open it and when I go to google.com on any of the browsers, they crash as well now. I think I might have corrupted some files when scanning them with malwarebytes, search & destroy, etc.

Thank yo for taking your time to look through this.

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:24 AM

Posted 09 June 2011 - 02:22 PM

Hi!

Looks like we maybe dealing with a Rootkit infection here.

Do you recognize this folder?

[2011/05/29 12:38:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Загрузки

GooredFix
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    SRV - File not found [On_Demand | Stopped] -- -- (getPlus® Helper) getPlus®
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - File not found [Auto | Stopped] -- -- (ANIWZCSdService)
    SRV - File not found [Disabled | Stopped] -- -- (0127211306788719mcinstcleanup) McAfee Application Installer Cleanup (0127211306788719)
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 55717
    FF - prefs.js..network.proxy.type: 0
    [2011/04/22 21:41:50 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\{880CCDC7-BED1-4B00-B55D-9A1D4BB5055E}
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    [2011/05/20 21:11:41 | 000,000,000 | ---D | C] -- C:\Security Solution 2011
    [2011/05/20 21:21:14 | 000,006,705 | ---- | M] () -- C:\Documents and Settings\user\Application Data\F88E.8D3
    [2011/05/20 21:11:41 | 000,001,818 | ---- | M] () -- C:\Security Solution 2011.lnk
    [2011/05/20 17:09:50 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Tpimowuwu.dat
    [2011/05/20 17:09:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Gnalabu.bin
    [2011/05/20 21:11:41 | 000,001,818 | ---- | C] () -- C:\Security Solution 2011.lnk
    [2011/04/22 21:39:56 | 000,006,705 | ---- | C] () -- C:\Documents and Settings\user\Application Data\F88E.8D3
    [2010/11/19 19:00:56 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Tpimowuwu.dat
    [2010/11/19 19:00:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Gnalabu.bin
    [2010/02/28 21:03:19 | 000,013,082 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\0Mp8n7BDj1d
    
    :Reg
    
    :Files
    C:\Documents and Settings\user\Local Settings\Application Data\0Mp8n7BDj1d
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



What issues are you currently experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 4ensic

4ensic
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 09 June 2011 - 05:44 PM

GooredFix by jpshortstuff (04.04.11.1)
Log created at 18:07 on 09/06/2011 (user)
Firefox version 4.0.1 (ru)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{880CCDC7-BED1-4B00-B55D-9A1D4BB5055E} -> Success!
Deleting C:\Documents and Settings\user\Local Settings\Application Data\{880CCDC7-BED1-4B00-B55D-9A1D4BB5055E} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [00:09 11/05/2011]
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [02:44 14/11/2008]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [21:11 09/12/2008]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [21:45 07/05/2009]

C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\2jxp5mhr.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [22:52 06/03/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [00:51 14/04/2009]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [20:38 28/08/2010]

-=E.O.F=-

_____________________________________________________

2011/06/09 18:09:43.0042 2992 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/09 18:09:43.0307 2992 ================================================================================
2011/06/09 18:09:43.0307 2992 SystemInfo:
2011/06/09 18:09:43.0307 2992
2011/06/09 18:09:43.0307 2992 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/09 18:09:43.0307 2992 Product type: Workstation
2011/06/09 18:09:43.0307 2992 ComputerName: USER-B0A32341CE
2011/06/09 18:09:43.0307 2992 UserName: user
2011/06/09 18:09:43.0307 2992 Windows directory: C:\WINDOWS
2011/06/09 18:09:43.0307 2992 System windows directory: C:\WINDOWS
2011/06/09 18:09:43.0307 2992 Processor architecture: Intel x86
2011/06/09 18:09:43.0307 2992 Number of processors: 1
2011/06/09 18:09:43.0307 2992 Page size: 0x1000
2011/06/09 18:09:43.0307 2992 Boot type: Normal boot
2011/06/09 18:09:43.0307 2992 ================================================================================
2011/06/09 18:09:43.0979 2992 Initialize success
2011/06/09 18:09:45.0995 0892 ================================================================================
2011/06/09 18:09:45.0995 0892 Scan started
2011/06/09 18:09:45.0995 0892 Mode: Manual;
2011/06/09 18:09:45.0995 0892 ================================================================================
2011/06/09 18:09:46.0901 0892 A3AB (7bb07b8f835ed36f98598cf85f6e6c08) C:\WINDOWS\system32\DRIVERS\A3AB.sys
2011/06/09 18:09:47.0198 0892 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/09 18:09:47.0292 0892 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/09 18:09:47.0526 0892 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/09 18:09:47.0651 0892 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/09 18:09:48.0073 0892 ALCXWDM (b786825902bd49232ba3b7df485ad9a4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/06/09 18:09:48.0510 0892 ANIO (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS
2011/06/09 18:09:48.0792 0892 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/09 18:09:48.0901 0892 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/09 18:09:49.0057 0892 ATITool (1294314049f7cc8bf8ffa11d51458d35) C:\WINDOWS\system32\DRIVERS\ATITool.sys
2011/06/09 18:09:49.0135 0892 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/09 18:09:49.0214 0892 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/09 18:09:49.0354 0892 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/09 18:09:49.0479 0892 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/09 18:09:49.0557 0892 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/09 18:09:49.0682 0892 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/09 18:09:49.0776 0892 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/09 18:09:49.0854 0892 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/09 18:09:50.0323 0892 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/09 18:09:50.0448 0892 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/09 18:09:50.0526 0892 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/09 18:09:50.0604 0892 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/09 18:09:50.0682 0892 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/09 18:09:50.0823 0892 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/09 18:09:50.0948 0892 ElbyCDIO (aaa8999a169e39fb8b48ae49cd6ac30a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/06/09 18:09:50.0995 0892 ElbyDelay (e205c313417da6fa7afe85912a310a65) C:\WINDOWS\system32\Drivers\ElbyDelay.sys
2011/06/09 18:09:51.0057 0892 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
2011/06/09 18:09:51.0167 0892 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/09 18:09:51.0214 0892 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/09 18:09:51.0307 0892 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/06/09 18:09:51.0370 0892 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/09 18:09:51.0432 0892 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/09 18:09:51.0510 0892 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/09 18:09:51.0604 0892 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/09 18:09:51.0651 0892 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/09 18:09:51.0729 0892 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/06/09 18:09:51.0823 0892 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/09 18:09:51.0948 0892 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/09 18:09:52.0089 0892 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/09 18:09:52.0151 0892 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/09 18:09:52.0198 0892 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/09 18:09:52.0276 0892 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/09 18:09:52.0479 0892 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/09 18:09:52.0573 0892 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/09 18:09:52.0776 0892 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/09 18:09:52.0823 0892 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/09 18:09:52.0885 0892 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/09 18:09:52.0917 0892 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/09 18:09:52.0979 0892 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/09 18:09:53.0073 0892 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/09 18:09:53.0151 0892 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/09 18:09:53.0229 0892 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/09 18:09:53.0307 0892 k750bus (fe8300320281d658a7854d5cfc02a63f) C:\WINDOWS\system32\DRIVERS\k750bus.sys
2011/06/09 18:09:53.0370 0892 k750mdfl (f44521f63c0c00364fa3d59db980de6a) C:\WINDOWS\system32\DRIVERS\k750mdfl.sys
2011/06/09 18:09:53.0417 0892 k750mdm (e93323c3ed5e8923a177740a973c27b2) C:\WINDOWS\system32\DRIVERS\k750mdm.sys
2011/06/09 18:09:53.0479 0892 k750obex (81ca2d57b2c14f76f4ba80846784bb3d) C:\WINDOWS\system32\DRIVERS\k750obex.sys
2011/06/09 18:09:53.0557 0892 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/09 18:09:53.0651 0892 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/09 18:09:53.0745 0892 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/09 18:09:53.0839 0892 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/09 18:09:53.0917 0892 L8042Kbd (dc61f15187372d164769c841655e58f3) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2011/06/09 18:09:54.0057 0892 LHidFilt (dd83dc92463fce6324fd30a13d17d0da) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/06/09 18:09:54.0167 0892 LMouFilt (8fe0008e183ff0293a925b78a5581c5f) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/06/09 18:09:54.0260 0892 ltmodem5 (fa2ed4a054360f3f873c15420f1f19cc) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2011/06/09 18:09:54.0354 0892 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/06/09 18:09:54.0464 0892 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/06/09 18:09:54.0807 0892 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/06/09 18:09:55.0104 0892 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/09 18:09:55.0214 0892 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/09 18:09:55.0292 0892 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/09 18:09:55.0354 0892 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/09 18:09:55.0401 0892 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/09 18:09:55.0526 0892 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/09 18:09:55.0620 0892 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/09 18:09:55.0698 0892 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/09 18:09:55.0792 0892 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/09 18:09:55.0839 0892 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/09 18:09:55.0901 0892 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/09 18:09:55.0948 0892 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/09 18:09:56.0010 0892 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/09 18:09:56.0089 0892 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/09 18:09:56.0135 0892 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/09 18:09:56.0229 0892 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/09 18:09:56.0307 0892 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/09 18:09:56.0370 0892 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/09 18:09:56.0401 0892 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/09 18:09:56.0448 0892 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/09 18:09:56.0557 0892 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/09 18:09:56.0604 0892 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/09 18:09:56.0682 0892 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/09 18:09:56.0823 0892 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/06/09 18:09:56.0870 0892 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/09 18:09:57.0010 0892 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/09 18:09:57.0135 0892 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/09 18:09:57.0385 0892 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/09 18:09:57.0651 0892 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/09 18:09:57.0714 0892 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/09 18:09:57.0839 0892 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/09 18:09:57.0901 0892 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/09 18:09:57.0979 0892 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/09 18:09:58.0026 0892 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/09 18:09:58.0104 0892 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/09 18:09:58.0167 0892 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/09 18:09:58.0604 0892 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/09 18:09:58.0667 0892 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/09 18:09:58.0729 0892 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/09 18:09:58.0823 0892 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/09 18:09:59.0089 0892 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/09 18:09:59.0182 0892 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/09 18:09:59.0260 0892 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/09 18:09:59.0307 0892 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/09 18:09:59.0370 0892 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/09 18:09:59.0432 0892 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/09 18:09:59.0526 0892 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/09 18:09:59.0604 0892 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/09 18:09:59.0698 0892 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/06/09 18:09:59.0823 0892 s115mgmt (eb02ab4ca8bccecfde236cad8fc6e135) C:\WINDOWS\system32\DRIVERS\s115mgmt.sys
2011/06/09 18:09:59.0964 0892 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/09 18:10:00.0073 0892 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/09 18:10:00.0120 0892 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/09 18:10:00.0214 0892 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/09 18:10:00.0339 0892 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/06/09 18:10:00.0417 0892 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2011/06/09 18:10:00.0510 0892 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/09 18:10:00.0635 0892 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/09 18:10:00.0760 0892 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2011/06/09 18:10:00.0760 0892 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/06/09 18:10:00.0776 0892 sptd - detected LockedFile.Multi.Generic (1)
2011/06/09 18:10:00.0854 0892 sp_rsdrv2 (8831252bcf05fcfb5abd116a22e552d8) C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2011/06/09 18:10:00.0917 0892 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/09 18:10:01.0026 0892 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/09 18:10:01.0135 0892 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/09 18:10:01.0198 0892 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/09 18:10:01.0260 0892 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/09 18:10:01.0620 0892 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/09 18:10:01.0745 0892 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/09 18:10:01.0854 0892 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/09 18:10:01.0948 0892 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/09 18:10:02.0026 0892 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/09 18:10:02.0182 0892 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/09 18:10:02.0292 0892 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/09 18:10:02.0464 0892 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/09 18:10:02.0542 0892 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/09 18:10:02.0589 0892 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/09 18:10:02.0620 0892 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/09 18:10:02.0667 0892 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/09 18:10:02.0729 0892 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/09 18:10:02.0776 0892 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/09 18:10:02.0823 0892 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/09 18:10:02.0885 0892 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/06/09 18:10:02.0948 0892 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/06/09 18:10:03.0042 0892 VClone (edeaf6dd18e2806f4bf6712761c2e452) C:\WINDOWS\system32\DRIVERS\VClone.sys
2011/06/09 18:10:03.0089 0892 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/09 18:10:03.0167 0892 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/09 18:10:03.0339 0892 VX6000 (b21c075fa69897acce0c93b9c3c5eb44) C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys
2011/06/09 18:10:03.0479 0892 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/09 18:10:03.0620 0892 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/06/09 18:10:03.0745 0892 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/09 18:10:03.0917 0892 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/06/09 18:10:04.0010 0892 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/09 18:10:04.0104 0892 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/09 18:10:04.0182 0892 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/09 18:10:04.0385 0892 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/06/09 18:10:04.0401 0892 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/09 18:10:04.0417 0892 ================================================================================
2011/06/09 18:10:04.0417 0892 Scan finished
2011/06/09 18:10:04.0417 0892 ================================================================================
2011/06/09 18:10:04.0448 1552 Detected object count: 2
2011/06/09 18:10:04.0448 1552 Actual detected object count: 2
2011/06/09 18:10:13.0776 1552 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/06/09 18:10:13.0792 1552 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/09 18:10:13.0792 1552 \Device\Harddisk0\DR0 - ok
2011/06/09 18:10:13.0792 1552 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/09 18:10:21.0214 2788 Deinitialize success
_______________________________________________________________________________________________________________________________

========== SERVICES/DRIVERS ==========
========== OTL ==========
Error: No service named getPlus® Helper was found to stop!
Service\Driver key getPlus® Helper not found.
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
Service ANIWZCSdService stopped successfully!
Service ANIWZCSdService deleted successfully!
Error: No service named 0127211306788719mcinstcleanup) McAfee Application Installer Cleanup (0127211306788719 was found to stop!
Service\Driver key 0127211306788719mcinstcleanup) McAfee Application Installer Cleanup (0127211306788719 not found.
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 55717 removed from network.proxy.http_port
Prefs.js: 0 removed from network.proxy.type
Folder C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\{880CCDC7-BED1-4B00-B55D-9A1D4BB5055E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Starting removal of ActiveX control {6B75345B-AA36-438A-BBE6-4078B4C6984D}
C:\WINDOWS\Downloaded Program Files\setup.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6B75345B-AA36-438A-BBE6-4078B4C6984D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B75345B-AA36-438A-BBE6-4078B4C6984D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6B75345B-AA36-438A-BBE6-4078B4C6984D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B75345B-AA36-438A-BBE6-4078B4C6984D}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Security Solution 2011 folder moved successfully.
C:\Documents and Settings\user\Application Data\F88E.8D3 moved successfully.
C:\Security Solution 2011.lnk moved successfully.
C:\WINDOWS\Tpimowuwu.dat moved successfully.
C:\WINDOWS\Gnalabu.bin moved successfully.
File C:\Security Solution 2011.lnk not found.
File C:\Documents and Settings\user\Application Data\F88E.8D3 not found.
File C:\WINDOWS\Tpimowuwu.dat not found.
File C:\WINDOWS\Gnalabu.bin not found.
C:\Documents and Settings\user\Local Settings\Application Data\0Mp8n7BDj1d moved successfully.
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Documents and Settings\user\Local Settings\Application Data\0Mp8n7BDj1d not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\user\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\user\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.23.0 log created on 06092011_181617

_______________________________________________________________________________________________________________

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6822

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/9/2011 6:27:15 PM
mbam-log-2011-06-09 (18-27-15).txt

Scan type: Quick scan
Objects scanned: 157120
Time elapsed: 3 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\config\systemprofile\Desktop\security solution 2011.lnk (Rogue.SecuritySolution) -> Quarantined and deleted successfully.
____________________________________________________________

The folder I think was created from a russian verson of mizilla firefox.

Everything else seems to be fine right now. All the problems that I talked about I think went away, but I will confirm that tomorrow in another post.

I don't know if you know this, but are there programs that are not intensive on the system (I have fairly old pc)so as to keep the computer from such infections?

Is there anything else I need to do?

Thank You very much for your help!!!

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:24 AM

Posted 09 June 2011 - 05:51 PM

Hi!

Looks like TDSSKiller found the main culprit!

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



The main infection that you were infected with is called TDL4.

See the snippet of text below:

2011/06/09 18:10:04.0448 1552 Detected object count: 2
2011/06/09 18:10:04.0448 1552 Actual detected object count: 2
2011/06/09 18:10:13.0792 1552 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/09 18:10:13.0792 1552 \Device\Harddisk0\DR0 - ok
2011/06/09 18:10:13.0792 1552 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/09 18:10:21.0214 2788 Deinitialize success


You can read more about this infection here:

Special thanks to quietman7 for providing the above links.



NEXT:


I don't know if you know this, but are there programs that are not intensive on the system (I have fairly old pc)so as to keep the computer from such infections?

Is there anything else I need to do?

We'll address the outdated programs later.

We will run through some more scans;

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 4ensic

4ensic
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 10 June 2011 - 03:19 PM

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6822

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/9/2011 7:25:43 PM
mbam-log-2011-06-09 (19-25-43).txt

Scan type: Quick scan
Objects scanned: 157272
Time elapsed: 3 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
______________________________________

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=bc7d3a4777ee7d43bff8a476635a175e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-10 06:31:43
# local_time=2011-06-10 02:31:43 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=7937 16777213 100 100 939503 68915106 0 0
# compatibility_mode=8192 67108863 100 0 16501794 16501794 0 0
# scanned=107589
# found=0
# cleaned=0
# scan_time=4784
____________________________
Results of screen317's Security Check version 0.99.13
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
ESET Online Scanner
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 26
Adobe Flash Player 10.3.181.14
Adobe Reader X (10.0.1)
Mozilla Firefox (x86 ru..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

_________________________________________________

Not sure if that's the right log file from ESET, because I ran the scan and forgot to copy the log, so I went to ESET folder and opened log.txt and this was there.

Also I just updated Adobe Reader from 9 to 10 and updated java as well to the latest version since the security check said it's out of date. I posted the updated log file.

Thanks.

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:24 AM

Posted 10 June 2011 - 03:20 PM

Hi!

That's great to hear!

Please run this scan;

OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 4ensic

4ensic
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 10 June 2011 - 04:56 PM

OTL logfile created on: 6/10/2011 4:53:36 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.62 Gb Available Physical Memory | 49.60% Memory free
1.48 Gb Paging File | 1.17 Gb Available in Paging File | 78.67% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 135.21 Gb Free Space | 72.58% Space Free | Partition Type: NTFS

Computer Name: USER-B0A32341CE | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/09 13:07:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2011/04/14 13:01:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox RU\firefox.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/07/29 10:53:27 | 000,602,792 | ---- | M] ( ) -- C:\WINDOWS\system32\lxebcoms.exe
PRC - [2009/05/02 03:25:25 | 000,487,424 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (SafeList) ==========

MOD - [2011/06/09 13:07:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (getPlus® Helper) getPlus®
SRV - File not found [Disabled | Stopped] -- -- (0127211306788719mcinstcleanup) McAfee Application Installer Cleanup (0127211306788719)
SRV - [2010/04/12 16:26:45 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/29 10:53:27 | 000,602,792 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxebcoms.exe -- (lxeb_device)
SRV - [2009/07/29 10:53:20 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV - [2009/05/02 03:25:25 | 000,487,424 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2008/05/16 17:12:44 | 000,102,400 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2003/08/11 04:07:38 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2009/10/07 04:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 04:49:38 | 006,756,632 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 600(UVC)
DRV - [2009/10/07 04:47:55 | 000,266,008 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/05/02 03:25:25 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2008/09/26 10:53:00 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/09/26 10:52:00 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/09/26 10:52:00 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/07/23 01:34:13 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/10/26 12:20:40 | 004,124,352 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007/04/23 13:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007/02/15 20:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2006/10/16 00:58:36 | 000,472,832 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2006/06/29 19:56:04 | 002,383,152 | ---- | M] (Microsoft Corporation
) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX6000Xp.sys -- (VX6000)
DRV - [2005/12/11 12:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005/07/07 10:26:04 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2005/07/07 10:26:00 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005/07/07 10:25:58 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005/05/30 18:58:52 | 000,028,160 | ---- | M] (W1zzard) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2005/02/11 12:24:24 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2004/08/03 18:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2003/03/31 15:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rambler.ru/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {880CCDC7-BED1-4B00-B55D-9A1D4BB5055E}:1.9.1

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/28 16:38:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox RU\components [2011/05/10 20:12:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox RU\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2011/03/06 16:37:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2009/03/24 16:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/05/23 18:15:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\2jxp5mhr.default\extensions
[2011/03/06 18:52:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\2jxp5mhr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/10 20:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2JXP5MHR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2008/11/13 22:44:01 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/10 15:59:55 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX RU\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/11/18 17:43:29 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/06/09 18:16:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1306706757968 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} http://www.verizon.net/checkmypc/includes/MotivePreQual.cab (PreQualifier Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/16 19:30:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.ffds - ffdshow.ax File not found
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/10 16:08:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/10 16:00:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/06/10 16:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/09 18:16:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/09 18:09:38 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\user\Desktop\TDSSKiller.exe
[2011/06/09 18:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\GooredFix Backups
[2011/06/09 18:06:39 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\user\Desktop\GooredFix.exe
[2011/06/09 13:07:21 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/06/02 03:34:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/06/01 16:47:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/30 18:39:06 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/05/30 17:46:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/30 15:32:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/30 15:32:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/30 15:32:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/30 15:32:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/30 13:50:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user\IECompatCache
[2011/05/30 11:21:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/05/30 00:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/05/29 18:16:05 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\user\Desktop\esetsmartinstaller_enu.exe
[2011/05/29 12:50:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/05/29 12:49:06 | 000,000,000 | ---D | C] -- C:\b69968629bdc0c3e771be8c49f98ce
[2011/05/29 12:39:35 | 000,000,000 | ---D | C] -- C:\03a32bbea6eb7928b12801d7
[2011/05/29 12:38:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Загрузки
[2011/05/28 21:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/05/28 20:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/05/28 20:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/05/21 21:37:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\peyzazh
[2011/05/15 17:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\USA-2011
[2010/06/05 18:16:58 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcoin.dll
[2010/06/05 18:12:57 | 001,056,768 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebserv.dll
[2010/06/05 18:12:57 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebusb1.dll
[2010/06/05 18:12:57 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebpmui.dll
[2010/06/05 18:12:57 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEBhcp.dll
[2010/06/05 18:12:57 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebinpa.dll
[2010/06/05 18:12:57 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebiesc.dll
[2010/06/05 18:12:56 | 000,581,632 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeblmpm.dll
[2010/06/05 18:12:56 | 000,328,360 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebih.exe
[2010/06/05 18:12:55 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebhbn3.dll
[2010/06/05 18:12:55 | 000,602,792 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcoms.exe
[2010/06/05 18:12:55 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomm.dll
[2010/06/05 18:12:54 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomc.dll
[2010/06/05 18:12:54 | 000,369,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcfg.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/10 16:52:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1715567821-682003330-1004UA.job
[2011/06/10 16:38:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/10 16:09:27 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/10 15:47:10 | 000,879,099 | ---- | M] () -- C:\Documents and Settings\user\Desktop\SecurityCheck.exe
[2011/06/10 13:05:37 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/06/10 13:05:37 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/10 13:05:37 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1715567821-682003330-1004.job
[2011/06/10 13:05:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/10 13:05:19 | 1341,706,240 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/10 13:05:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/06/10 13:05:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/06/09 20:27:50 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\user\Desktop\esetsmartinstaller_enu.exe
[2011/06/09 18:48:40 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/09 18:48:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1715567821-682003330-1004.job
[2011/06/09 18:16:27 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/09 18:12:32 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/09 18:08:58 | 001,305,136 | ---- | M] () -- C:\Documents and Settings\user\Desktop\tdsskiller.zip
[2011/06/09 18:06:36 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\user\Desktop\GooredFix.exe
[2011/06/09 13:07:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/06/07 17:32:48 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\user\Desktop\TDSSKiller.exe
[2011/06/03 23:52:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1715567821-682003330-1004Core.job
[2011/05/30 18:39:06 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/05/30 18:18:11 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\housecall.guid.cache
[2011/05/30 16:54:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/28 21:00:29 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/25 20:47:45 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Google Chrome.lnk
[2011/05/25 20:47:45 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/10 16:09:26 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/10 16:09:26 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/10 15:47:12 | 000,879,099 | ---- | C] () -- C:\Documents and Settings\user\Desktop\SecurityCheck.exe
[2011/06/09 18:08:36 | 001,305,136 | ---- | C] () -- C:\Documents and Settings\user\Desktop\tdsskiller.zip
[2011/05/30 18:18:11 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\housecall.guid.cache
[2011/05/30 15:32:17 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/30 15:32:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/30 15:32:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/30 15:32:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/30 15:32:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/29 18:03:34 | 1341,706,240 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/28 20:59:59 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/06/17 18:05:50 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/05 18:17:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxebvs.dll
[2010/06/05 18:16:51 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxebcuir.dll
[2010/06/05 18:16:51 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxebgcfg.dll
[2010/06/05 18:16:50 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxebcui.dll
[2010/06/05 18:15:21 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\LXEBPMON.DLL
[2010/06/05 18:15:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXEBFXPU.DLL
[2010/06/05 18:15:01 | 004,485,120 | ---- | C] () -- C:\WINDOWS\System32\LXEBoem.dll
[2010/06/05 18:13:10 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\lxebrwrd.ini
[2010/06/05 18:12:58 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\LXEBinst.dll
[2010/06/05 18:12:56 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxebins.dll
[2010/06/05 18:12:56 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxebinsb.dll
[2010/06/05 18:12:56 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxebinsr.dll
[2010/06/05 18:12:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxebjswr.dll
[2010/06/05 18:12:55 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxebcu.dll
[2010/06/05 18:12:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxebgrd.dll
[2010/06/05 18:12:55 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxebcub.dll
[2010/06/05 18:12:55 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxebcur.dll
[2010/06/05 18:09:36 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXEBsm.dll
[2010/06/05 18:09:36 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LXEBsmr.dll
[2010/04/27 16:40:58 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WFT-E2Utility.INI
[2010/04/13 22:55:47 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/11 18:42:28 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/02/10 23:16:10 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/09/13 13:50:46 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/08/29 20:54:41 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2009/08/29 20:54:41 | 000,029,234 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2009/07/27 13:44:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\md5sum.exe
[2009/07/24 18:09:29 | 000,005,227 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2009/05/19 20:50:45 | 000,000,990 | -HS- | C] () -- C:\Documents and Settings\user\Application Data\systemfl.$dk
[2009/05/14 16:36:19 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2009/05/02 03:25:25 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2009/04/25 11:37:18 | 000,000,400 | ---- | C] () -- C:\WINDOWS\g_iclink417.ini
[2009/04/25 11:37:18 | 000,000,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\bcompbg979.dat
[2009/03/19 18:36:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mavis Beacon Teaches Typing.INI
[2009/03/10 20:01:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\cm.ini
[2009/02/17 19:55:20 | 000,000,134 | ---- | C] () -- C:\WINDOWS\System32\DWLAB.DAT
[2009/02/17 19:54:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2009/02/07 13:41:15 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI
[2008/12/28 16:11:19 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/12/23 15:04:52 | 000,000,058 | ---- | C] () -- C:\WINDOWS\nfsc_patch.ini
[2008/10/31 13:55:54 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\user\Application Data\PnkBstrK.sys
[2008/10/26 16:25:03 | 000,211,893 | ---- | C] () -- C:\WINDOWS\System32\drivers\IsDrv122.sys
[2008/10/10 17:41:57 | 000,038,284 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/09/22 18:22:21 | 000,000,086 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/20 23:38:35 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\PUTTY.RND
[2008/08/29 18:03:32 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\user\Application Data\$_hpcst$.hpc
[2008/07/20 20:16:11 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll
[2008/04/13 11:16:51 | 000,000,892 | ---- | C] () -- C:\WINDOWS\mge.INI
[2008/03/31 15:21:00 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/02/11 09:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 21:52:51 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/02/08 21:52:51 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\4FEA4B1C94.sys
[2008/02/08 13:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2008/02/05 08:48:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerUninstaller.exe
[2008/01/12 16:08:35 | 000,002,035 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/01/11 18:37:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/01/09 21:24:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/12/02 14:13:49 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/11/25 17:55:08 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
[2007/11/22 20:42:04 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/22 20:42:00 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/17 17:19:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/11/17 11:23:34 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/17 10:45:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/11/17 10:45:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/11/16 19:32:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/11/16 19:27:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/11/16 14:10:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/11/16 14:09:22 | 000,247,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/07/27 14:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2006/11/02 12:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2006/10/22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 13:22:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/22 13:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 13:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 13:22:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/22 13:22:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/04/14 22:30:49 | 000,015,497 | ---- | C] () -- C:\WINDOWS\VX6KStd.ini
[2005/12/05 19:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,444,382 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,072,258 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/18 17:10:36 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.DLL
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/02/17 17:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/03/19 18:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2009/02/21 16:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2008/04/11 22:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/02/08 18:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark Pro200-S500 Series
[2009/04/25 11:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McNeel
[2009/02/17 20:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/06/26 14:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/02/21 01:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/11/19 23:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch
[2010/06/05 18:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pro200-S500 Series
[2011/04/03 16:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2011/05/29 16:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2008/10/06 20:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2007/11/24 16:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\.BitZip
[2009/04/26 18:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Autodesk
[2009/04/02 21:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Blender Foundation
[2009/03/19 18:38:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\user\Application Data\Broderbund
[2010/04/27 16:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Canon
[2008/07/22 17:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DAEMON Tools
[2010/02/17 18:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DataCast
[2009/02/21 01:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DriverCure
[2009/06/06 00:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FDRLab
[2009/09/05 18:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FileFactory Turbo
[2009/09/06 20:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GeoVid
[2010/01/16 23:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\gtk-2.0
[2008/03/16 18:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Helios
[2009/02/17 20:48:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\user\Application Data\ijjigame
[2007/12/02 14:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\InternetCalls
[2010/04/11 18:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Leadertech
[2009/10/02 19:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\LimeWire
[2009/02/17 20:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\NCH Swift Sound
[2011/02/19 20:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Opera
[2010/01/16 23:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Participatory Culture Foundation
[2010/06/07 15:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Pro200-S500 Series
[2008/01/20 15:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\rambler.ru
[2009/01/09 19:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Recordpad
[2010/02/17 18:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SanDisk
[2011/05/29 15:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Spyware Terminator
[2009/02/21 01:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Uniblue
[2009/10/26 21:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Новый Диск

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox RU\uninstall\helper.exe" /HideShortcuts [2011/04/14 13:01:11 | 000,712,784 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox RU\uninstall\helper.exe" /ShowShortcuts [2011/04/14 13:01:11 | 000,712,784 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox RU\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 13:01:11 | 000,712,784 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox RU\firefox.exe [2011/04/14 13:01:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox RU\firefox.exe" -preferences [2011/04/14 13:01:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox RU\firefox.exe" -safe-mode [2011/04/14 13:01:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/20 01:54:14 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/20 01:54:14 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/20 01:54:14 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/05/20 01:54:14 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | -HS- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | -HS- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-09 22:49:08

< End of report >
____________________________

Everything seems to be working great!

Thanks.

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:24 AM

Posted 10 June 2011 - 05:02 PM

Hi!

No Anti-Virus Present

Looking over your log it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect cleans and erase harmful virus files on a computer
Web server or network.
Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors
  • Avira AntiVir Personal - Free anti-virus software for Windows. Detects and removes more than 50000 viruses. Free support.
  • avast! 6 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer then only one of them should be active in memory at a time.



NEXT:



Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Commands
    [ClearAllRestorePoints]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.


Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates

  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 4ensic

4ensic
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 11 June 2011 - 10:07 AM

========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.23.0 log created on 06112011_103215

_______________________________________________________________________

Well everything is working great!

I have installed FileHippo update checker, as well as WOT, look to be very helpful tools.

For the anti-virus I will try Avira AntiVir Personal.

You can now close this thread.

Thanks again for the help!

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:24 AM

Posted 11 June 2011 - 10:14 AM

You're more than welcome! I'm glad that we were able to work together to solve the issues you were experiencing with your computer.

Please take care!

Kindest Regards,
SweetTech.

____________________________________________________

Since it appears that the issues you were experiencing with your computer have been resolved, I am going to close this thread. If you should need the thread re-opened please send me a Private Message (PM) with a request to re-open the thread, as well as the link to the thread in question, and I'd be happy to re-open the thread.


Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users