Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser redirect and antivrus blocked


  • This topic is locked This topic is locked
24 replies to this topic

#1 snarb

snarb

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 04 September 2011 - 07:13 AM

It started with a browser redirect virus - maybe something like "6day of week". But it is blocking all antivirus software. DDS logs below. GMER terminated and closed without allowing me to save file.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Run by Joel at 7:43:39 on 2011-09-04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.953 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\1090667037:3804102078.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
BHO: AutorunsDisabled - No File
BHO: Canon Easy-WebPrint EX BHO - No File
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {5AA06644-BC46-4220-A460-47A6EB47C96D} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Sonic RecordNow!]
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
StartupFolder: c:\docume~1\joel\startm~1\programs\startup\autoru~1\SHORTC~1.LNK -
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: mswsock.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} - hxxp://www.symantec.com/techsupp/activedata/nprdtinf.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{71053C2C-8923-4BDC-84C7-263B1134E23D} : DhcpNameServer = 192.168.1.1 71.252.0.12
Handler: AutorunsDisabled\cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\joel\application data\mozilla\firefox\profiles\jum2dhku.default user\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=ab&ychte=us&q=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\joel\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\joel\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\joel\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\joel\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2007-7-5 16384]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2004-7-1 6097]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-1 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-1 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-1 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-1 297752]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-4-15 146312]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-5-13 41288]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-5-13 56832]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-5-13 74240]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2004-7-1 299923]
S3 vsdatant;vsdatant; [x]
S4 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 98304]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\svcntaux.exe [2008-5-13 311112]
S4 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\swdsvc.exe [2008-5-13 1418056]
.
=============== Created Last 30 ================
.
2011-09-03 14:26:52 -------- d-----w- c:\documents and settings\joel\application data\BitDefender
2011-09-03 14:26:32 -------- d-----w- c:\documents and settings\all users\application data\BitDefender
2011-09-03 14:26:31 -------- d-----w- c:\program files\BitDefender
2011-09-03 14:25:31 -------- d-----w- c:\program files\common files\BitDefender
2011-09-02 02:02:48 4194304 ----a-w- c:\windows\system32\asobptkf.dll
2011-08-09 19:59:05 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-09 19:56:53 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
.
==================== Find3M ====================
.
2011-09-03 15:51:21 146312 ----a-w- c:\windows\system32\drivers\bdfm.sys
2011-07-21 09:30:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 7:44:27.62 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:05 PM

Posted 04 September 2011 - 11:37 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 snarb

snarb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 05 September 2011 - 10:18 AM

Thanks Gringo. I ran combofix and it seems to have removed a bunch of bad things. Here is the log.

ComboFix 11-09-05.03 - Joel 09/05/2011 10:53:26.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1166 [GMT -4:00]
Running from: c:\documents and settings\Joel\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini.inuse
c:\documents and settings\Joel\Desktop\Search.lnk
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\AlertView.exe.8de2ebce.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\AllertEula.exe.561b80e6.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\DA_PASlog.exe.266217b1.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\DFolder.exe.368dcbb5.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\DNgen.exe.8bb9a8a9.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\DNgen.exe.ead52a2b.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\DReg1.exe.c7cc3366.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\DS_PASlog.exe.5c97331f.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\ExpEval21.exe.8f3e9125.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\GUI.exe.1cffab20.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\hpqindex.exe.a822919c.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\hpqiscfg.exe.94ca2e04.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\hpqpos.exe.2a8da59e.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\hpqpos.exe.2a8da59e.ini.inuse
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\hpqselsk.exe.a048b05c.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\hpqthb08.exe.a935d1e0.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\InC21.exe.4bf13939.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\MSI18.tmp.86c67b21.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\MsiExec.exe.8cb23528.ini.inuse
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\mswmc.exe.ed1fcd7a.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\mswmc.exe.ed1fcd7a.ini.inuse
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\netguide.exe.62a0f28a.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\NGen.exe.2c05686e.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\ngen.exe.89f695a3.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini.inuse
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\PolMigrate.exe.c1cd293e.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\prstp.exe.3ac677f2.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\rng.exe.ac4aa698.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\SL1.tmp.6ac8dcf9.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\SL108.tmp.26e26901.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\SL13.tmp.c297944c.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\SL23.tmp.d8c3f58b.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\SL27.tmp.e875718f.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\SL29.tmp.704e2f91.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\SL51.tmp.93705b46.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\SL6.tmp.be66b7fe.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\SL8E.tmp.a1f8cb37.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\SL9.tmp.8a2bd501.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\SLCB.tmp.8fa803c9.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\ssIS.exe.d00358d.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\startDSLog.exe.39525976.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\startDSLog.exe.619d5130.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\update21GUI.exe.7a16bd78.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.2003a4b2.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.264e9cf4.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.4babd34.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.558269b5.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.70cb5133.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.77164975.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.ba34fb79.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.f711c2b7.ini
c:\documents and settings\Joel\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.fe78d26e.ini
c:\documents and settings\Joel\WINDOWS
c:\documents and settings\NetworkService\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\NetworkService\Local Settings\Application Data\ApplicationHistory\mswmccds.exe.5bdff540.ini.inuse
c:\program files\messenger\msmsgsin.exe
c:\windows\iun6002.exe
c:\windows\system32\asobptkf.dll
c:\windows\system32\c_24780.nls
c:\windows\system32\comct332.ocx
c:\windows\system32\comrepl.exe
c:\windows\system32\drivers\fad.sys
c:\windows\system32\regobj.dll
c:\windows\system32\tmp.reg
.
Infected copy of c:\windows\system32\Drivers\cdrom.sys was found and disinfected
Restored copy from - The cat found it :)
Infected copy of c:\windows\SYSTEM32\wuauclt.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\wuauclt.exe
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe . . . is infected!!
.
c:\progra~1\AVG\AVG8\avgwdsvc.exe . . . is infected!!
.
c:\program files\Bonjour\mDNSResponder.exe . . . is infected!!
.
c:\program files\iPod\bin\iPodService.exe . . . is infected!!
.
Infected copy of c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1962\A0244081.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_1d420241
.
.
((((((((((((((((((((((((( Files Created from 2011-08-05 to 2011-09-05 )))))))))))))))))))))))))))))))
.
.
2011-09-05 14:49 . 2009-11-13 22:57 62592 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-09-05 14:49 . 2009-11-13 22:57 62592 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2011-09-03 14:26 . 2011-09-03 14:26 -------- d-----w- c:\documents and settings\Joel\Application Data\BitDefender
2011-09-03 14:26 . 2011-09-03 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2011-09-03 14:26 . 2011-09-03 14:26 -------- d-----w- c:\program files\BitDefender
2011-09-03 14:25 . 2011-09-03 14:26 -------- d-----w- c:\program files\Common Files\BitDefender
2011-08-09 19:59 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-09 19:56 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 15:51 . 2009-04-15 19:13 146312 ----a-w- c:\windows\system32\drivers\bdfm.sys
2011-07-21 09:30 . 2011-05-22 15:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2002-08-29 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2002-08-29 10:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2002-08-29 10:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-02-06 23:05 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2002-08-29 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2002-08-29 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2002-08-29 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-09-01 18:30 . 2011-05-14 13:36 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2011-09-03 782336]
.
c:\documents and settings\Joel\Start Menu\Programs\Startup\AutorunsDisabled
shortcut to verizon online.lnk - [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\digital imaging\bin\hpqtra08.exe [2004-5-28 241664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 15:18 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Documents and Settings\\Joel\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Documents and Settings\\Joel\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=
"c:\\Program Files\\Google\\Picasa3\\PicasaUpdater.exe"=
"c:\\Program Files\\Google\\Picasa3\\Picasa3.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9000:TCP"= 9000:TCP:SlimServer 9000 tcp
"3483:UDP"= 3483:UDP:SlimServer 3483 udp
"3483:TCP"= 3483:TCP:SlimServer 3483 tcp
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R0 DigiFilter;DigiFilter;c:\windows\SYSTEM32\DRIVERS\DigiFilt.sys [7/5/2007 8:02 PM 16384]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\SYSTEM32\DRIVERS\sonyhcb.sys [7/1/2004 8:51 PM 6097]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [2/1/2009 10:32 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [2/1/2009 10:32 AM 108552]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S3 bdfm;BDFM;c:\windows\SYSTEM32\DRIVERS\bdfm.sys [4/15/2009 3:13 PM 146312]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\SYSTEM32\DRIVERS\sonyhcs.sys [7/1/2004 8:51 PM 299923]
S4 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 6:06 PM 98304]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [5/13/2008 8:21 PM 311112]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - IPVNMon
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]
.
2011-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2135619002-3175040133-253305863-1007Core.job
- c:\documents and settings\Joel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-14 00:11]
.
2011-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2135619002-3175040133-253305863-1007UA.job
- c:\documents and settings\Joel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-14 00:11]
.
2011-01-21 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-12-27 03:00]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Joel\Application Data\Mozilla\Firefox\Profiles\jum2dhku.Default User\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=ab&ychte=us&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Sonic RecordNow! - (no file)
AddRemove-Microsoft Interactive Training - c:\windows\orun32.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-05 11:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1576)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\BitDefender\BitDefender 2009\seccenter.exe
.
**************************************************************************
.
Completion time: 2011-09-05 11:11:15 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-05 15:10
.
Pre-Run: 108,450,979,840 bytes free
Post-Run: 110,757,974,016 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - FAEF51137118DF3A152C4362542EE5BF

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:05 PM

Posted 05 September 2011 - 11:32 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 snarb

snarb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 05 September 2011 - 11:50 AM

I ran TDSSKiller. DIdn't seem to find anything. Log is attached. Thanks

2011/09/05 12:46:46.0343 2752 TDSS rootkit removing tool 2.5.18.0 Sep 5 2011 09:53:09
2011/09/05 12:46:46.0593 2752 ================================================================================
2011/09/05 12:46:46.0593 2752 SystemInfo:
2011/09/05 12:46:46.0593 2752
2011/09/05 12:46:46.0593 2752 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/05 12:46:46.0593 2752 Product type: Workstation
2011/09/05 12:46:46.0593 2752 ComputerName: ARNOLD
2011/09/05 12:46:46.0593 2752 UserName: Joel
2011/09/05 12:46:46.0593 2752 Windows directory: C:\WINDOWS
2011/09/05 12:46:46.0593 2752 System windows directory: C:\WINDOWS
2011/09/05 12:46:46.0593 2752 Processor architecture: Intel x86
2011/09/05 12:46:46.0593 2752 Number of processors: 1
2011/09/05 12:46:46.0593 2752 Page size: 0x1000
2011/09/05 12:46:46.0593 2752 Boot type: Normal boot
2011/09/05 12:46:46.0593 2752 ================================================================================
2011/09/05 12:46:47.0953 2752 Initialize success
2011/09/05 12:46:50.0484 2900 ================================================================================
2011/09/05 12:46:50.0484 2900 Scan started
2011/09/05 12:46:50.0484 2900 Mode: Manual;
2011/09/05 12:46:50.0484 2900 ================================================================================
2011/09/05 12:46:51.0703 2900 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/09/05 12:46:51.0859 2900 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/09/05 12:46:51.0937 2900 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/05 12:46:52.0031 2900 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/05 12:46:52.0093 2900 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/09/05 12:46:52.0171 2900 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/09/05 12:46:52.0218 2900 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/05 12:46:52.0328 2900 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/05 12:46:52.0421 2900 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
2011/09/05 12:46:52.0515 2900 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/09/05 12:46:52.0828 2900 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/09/05 12:46:52.0953 2900 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/09/05 12:46:53.0015 2900 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/09/05 12:46:53.0093 2900 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/09/05 12:46:53.0156 2900 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/09/05 12:46:53.0218 2900 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/09/05 12:46:53.0265 2900 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/09/05 12:46:53.0375 2900 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/05 12:46:53.0421 2900 ASAPIW2K (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\drivers\ASAPIW2k.sys
2011/09/05 12:46:53.0500 2900 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/09/05 12:46:53.0546 2900 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/09/05 12:46:53.0625 2900 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/09/05 12:46:53.0703 2900 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/09/05 12:46:53.0765 2900 Aspi32 (5b01af89d16d562825c4db4530f20cbb) C:\WINDOWS\system32\drivers\Aspi32.sys
2011/09/05 12:46:53.0828 2900 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/05 12:46:53.0890 2900 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/05 12:46:54.0046 2900 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/09/05 12:46:54.0125 2900 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/05 12:46:54.0203 2900 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/05 12:46:54.0281 2900 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/09/05 12:46:54.0375 2900 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
2011/09/05 12:46:54.0437 2900 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2011/09/05 12:46:54.0515 2900 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
2011/09/05 12:46:54.0609 2900 bcm4sbxp (068523d2cd260069b19ad68adea0d739) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/09/05 12:46:54.0718 2900 bdfm (f040e9fff03bc19aff03cb922e131cd7) C:\WINDOWS\system32\drivers\bdfm.sys
2011/09/05 12:46:54.0843 2900 bdfsfltr (d281217152b9fc5774863e70e3fab4d3) C:\WINDOWS\system32\drivers\bdfsfltr.sys
2011/09/05 12:46:55.0031 2900 BDSelfPr (5eaf583c0b1cc2499761ea3b065f5db2) C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys
2011/09/05 12:46:55.0109 2900 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/05 12:46:55.0265 2900 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/09/05 12:46:55.0312 2900 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/05 12:46:55.0359 2900 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/05 12:46:55.0421 2900 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/09/05 12:46:55.0500 2900 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/05 12:46:55.0562 2900 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/05 12:46:55.0656 2900 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/05 12:46:55.0812 2900 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/09/05 12:46:55.0890 2900 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/09/05 12:46:55.0953 2900 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/09/05 12:46:56.0015 2900 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/09/05 12:46:56.0093 2900 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/09/05 12:46:56.0187 2900 DigiFilter (ba912376605b72b1039da461c1fa19c6) C:\WINDOWS\system32\drivers\DigiFilt.sys
2011/09/05 12:46:56.0234 2900 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/05 12:46:56.0359 2900 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/05 12:46:56.0437 2900 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/05 12:46:56.0500 2900 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/05 12:46:56.0593 2900 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/05 12:46:56.0718 2900 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/09/05 12:46:56.0765 2900 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/05 12:46:56.0906 2900 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/09/05 12:46:56.0984 2900 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/09/05 12:46:57.0093 2900 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/09/05 12:46:57.0218 2900 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/05 12:46:57.0312 2900 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/05 12:46:57.0375 2900 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/05 12:46:57.0421 2900 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/05 12:46:57.0484 2900 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/05 12:46:57.0687 2900 FreshIO (caac750e6d27866c28494e0de9fa802a) C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys
2011/09/05 12:46:57.0765 2900 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/05 12:46:57.0828 2900 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/05 12:46:57.0937 2900 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/09/05 12:46:58.0000 2900 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/05 12:46:58.0125 2900 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/05 12:46:58.0203 2900 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/09/05 12:46:58.0265 2900 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/09/05 12:46:58.0328 2900 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/09/05 12:46:58.0390 2900 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/09/05 12:46:58.0515 2900 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/05 12:46:58.0640 2900 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/09/05 12:46:58.0750 2900 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/09/05 12:46:58.0828 2900 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/05 12:46:58.0906 2900 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2011/09/05 12:46:59.0000 2900 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2011/09/05 12:46:59.0046 2900 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2011/09/05 12:46:59.0109 2900 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2011/09/05 12:46:59.0156 2900 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2011/09/05 12:46:59.0234 2900 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2011/09/05 12:46:59.0296 2900 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2011/09/05 12:46:59.0328 2900 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2011/09/05 12:46:59.0421 2900 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2011/09/05 12:46:59.0484 2900 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2011/09/05 12:46:59.0593 2900 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/09/05 12:46:59.0750 2900 IKFileSec (bb07262041a213fea5fccf0a9f90d85a) C:\WINDOWS\system32\drivers\ikfilesec.sys
2011/09/05 12:46:59.0843 2900 IKSysFlt (1c670fa74a86b3689a314139c67814ae) C:\WINDOWS\system32\drivers\iksysflt.sys
2011/09/05 12:46:59.0906 2900 IKSysSec (ddd207288dd498d6e47a321ec399966b) C:\WINDOWS\system32\drivers\iksyssec.sys
2011/09/05 12:46:59.0984 2900 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/05 12:47:00.0062 2900 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/09/05 12:47:00.0187 2900 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2011/09/05 12:47:00.0265 2900 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2011/09/05 12:47:00.0343 2900 IntelC53 (de2686c0e012e6ae24acd6e79eb7ff5d) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2011/09/05 12:47:00.0421 2900 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/09/05 12:47:00.0500 2900 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/05 12:47:00.0562 2900 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/05 12:47:00.0625 2900 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/05 12:47:00.0687 2900 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/05 12:47:00.0765 2900 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/05 12:47:00.0843 2900 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/05 12:47:00.0921 2900 IPVNMon (c2c572cc7baaf097ac1e5b875ae8ea45) C:\WINDOWS\system32\drivers\IPVNMon.sys
2011/09/05 12:47:01.0000 2900 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/05 12:47:01.0078 2900 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/05 12:47:01.0156 2900 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/05 12:47:01.0218 2900 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/05 12:47:01.0296 2900 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/05 12:47:01.0484 2900 ma763004 (f0bc9e9d3e52c721fd4d5fb59167318e) C:\WINDOWS\system32\drivers\MA763004.sys
2011/09/05 12:47:01.0718 2900 MarvinBus (7584ffb07305d2e9e3823059a9310b0f) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
2011/09/05 12:47:01.0890 2900 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/05 12:47:01.0953 2900 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/05 12:47:02.0000 2900 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/09/05 12:47:02.0062 2900 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2011/09/05 12:47:02.0109 2900 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/05 12:47:02.0203 2900 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/05 12:47:02.0281 2900 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/05 12:47:02.0359 2900 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/09/05 12:47:02.0578 2900 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/09/05 12:47:02.0750 2900 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/09/05 12:47:02.0859 2900 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/05 12:47:02.0906 2900 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/05 12:47:03.0046 2900 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/09/05 12:47:03.0109 2900 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/05 12:47:03.0203 2900 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/05 12:47:03.0281 2900 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/05 12:47:03.0328 2900 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/05 12:47:03.0406 2900 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/05 12:47:03.0437 2900 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/05 12:47:03.0531 2900 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/05 12:47:03.0625 2900 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/05 12:47:03.0734 2900 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/05 12:47:03.0796 2900 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/05 12:47:03.0859 2900 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/05 12:47:03.0937 2900 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/05 12:47:03.0984 2900 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/05 12:47:04.0093 2900 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/05 12:47:04.0156 2900 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/05 12:47:04.0218 2900 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/05 12:47:04.0328 2900 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/05 12:47:04.0406 2900 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/05 12:47:04.0500 2900 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/05 12:47:04.0593 2900 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/05 12:47:04.0703 2900 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/05 12:47:05.0000 2900 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/05 12:47:05.0046 2900 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/05 12:47:05.0140 2900 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/05 12:47:05.0203 2900 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/09/05 12:47:05.0265 2900 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/09/05 12:47:05.0343 2900 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/05 12:47:05.0421 2900 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/05 12:47:05.0500 2900 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/05 12:47:05.0546 2900 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/05 12:47:05.0625 2900 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/05 12:47:05.0703 2900 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
2011/09/05 12:47:05.0765 2900 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/05 12:47:06.0000 2900 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/09/05 12:47:06.0078 2900 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/09/05 12:47:06.0171 2900 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/09/05 12:47:06.0265 2900 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/05 12:47:06.0328 2900 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/09/05 12:47:06.0578 2900 Profos (1bfe86c679a43994e36e623fb6898cdb) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys
2011/09/05 12:47:06.0671 2900 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/05 12:47:06.0734 2900 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/05 12:47:06.0781 2900 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/05 12:47:06.0859 2900 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/09/05 12:47:06.0921 2900 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/09/05 12:47:06.0984 2900 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/09/05 12:47:07.0031 2900 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/09/05 12:47:07.0078 2900 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/09/05 12:47:07.0156 2900 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/05 12:47:07.0218 2900 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/05 12:47:07.0296 2900 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/05 12:47:07.0343 2900 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/05 12:47:07.0406 2900 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/05 12:47:07.0484 2900 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/05 12:47:07.0609 2900 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/05 12:47:07.0734 2900 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/05 12:47:07.0828 2900 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/05 12:47:07.0968 2900 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/09/05 12:47:08.0046 2900 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/09/05 12:47:08.0187 2900 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/05 12:47:08.0265 2900 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/05 12:47:08.0328 2900 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/05 12:47:08.0406 2900 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/05 12:47:08.0546 2900 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/09/05 12:47:08.0609 2900 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/05 12:47:08.0703 2900 smwdm (99a9e1ef62f955c82a5001ac94b4b77b) C:\WINDOWS\system32\drivers\smwdm.sys
2011/09/05 12:47:08.0843 2900 sonyhcb (e78cd3bb53a208dfab8fc826384307e0) C:\WINDOWS\system32\DRIVERS\sonyhcb.sys
2011/09/05 12:47:08.0921 2900 sonyhcs (610f515fcd95d37f3252e1c250ef8c61) C:\WINDOWS\system32\DRIVERS\sonyhcs.sys
2011/09/05 12:47:09.0000 2900 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/09/05 12:47:09.0078 2900 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/09/05 12:47:09.0140 2900 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/05 12:47:09.0203 2900 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/05 12:47:09.0312 2900 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/05 12:47:09.0390 2900 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/05 12:47:09.0468 2900 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/05 12:47:09.0515 2900 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/05 12:47:09.0593 2900 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/09/05 12:47:09.0656 2900 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/09/05 12:47:09.0703 2900 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/09/05 12:47:09.0765 2900 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/09/05 12:47:09.0843 2900 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/05 12:47:09.0906 2900 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/05 12:47:10.0015 2900 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/05 12:47:10.0078 2900 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/05 12:47:10.0156 2900 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/05 12:47:10.0234 2900 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/09/05 12:47:10.0296 2900 TPkd (15fb67eb022a74b30e278d19b03da3b4) C:\WINDOWS\system32\drivers\TPkd.sys
2011/09/05 12:47:10.0562 2900 Trufos (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys
2011/09/05 12:47:10.0640 2900 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/05 12:47:10.0718 2900 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/09/05 12:47:10.0796 2900 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/05 12:47:10.0921 2900 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/09/05 12:47:10.0984 2900 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/05 12:47:11.0062 2900 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/05 12:47:11.0140 2900 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/05 12:47:11.0203 2900 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/05 12:47:11.0265 2900 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/05 12:47:11.0328 2900 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/05 12:47:11.0375 2900 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/05 12:47:11.0437 2900 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/05 12:47:11.0515 2900 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/09/05 12:47:11.0625 2900 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/05 12:47:11.0687 2900 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/09/05 12:47:11.0765 2900 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/09/05 12:47:11.0812 2900 VNUSB (ae01e1ed5a81e0d268b91b4a6de5a872) C:\WINDOWS\system32\DRIVERS\VNUSB.sys
2011/09/05 12:47:11.0890 2900 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/05 12:47:12.0031 2900 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/05 12:47:12.0171 2900 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/05 12:47:12.0312 2900 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/09/05 12:47:12.0406 2900 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/05 12:47:12.0500 2900 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/05 12:47:12.0578 2900 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/05 12:47:12.0703 2900 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/09/05 12:47:12.0781 2900 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/09/05 12:47:12.0843 2900 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk0\DR0
2011/09/05 12:47:13.0031 2900 MBR (0x1B8) (cca1ba40a58358d455955605b1f57d02) \Device\Harddisk1\DR1
2011/09/05 12:47:13.0093 2900 Boot (0x1200) (6e8116928193f89fcbcd9222366f6089) \Device\Harddisk0\DR0\Partition0
2011/09/05 12:47:13.0109 2900 Boot (0x1200) (f66af138bc58b115556bb0421025de21) \Device\Harddisk1\DR1\Partition0
2011/09/05 12:47:13.0125 2900 ================================================================================
2011/09/05 12:47:13.0125 2900 Scan finished
2011/09/05 12:47:13.0125 2900 ================================================================================
2011/09/05 12:47:13.0156 2864 Detected object count: 0
2011/09/05 12:47:13.0156 2864 Actual detected object count: 0
2011/09/05 12:47:28.0703 2748 Deinitialize success

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:05 PM

Posted 05 September 2011 - 06:41 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 snarb

snarb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 05 September 2011 - 07:18 PM

Ran OTL. I don't think anything showed up. Here's the output:

OTL logfile created on: 9/5/2011 8:09:22 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Joel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 69.02% Memory free
2.58 Gb Paging File | 2.21 Gb Available in Paging File | 85.83% Paging File free
Paging file location(s): C:\pagefile.sys 1149 1349 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.05 Gb Total Space | 103.41 Gb Free Space | 34.70% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 74.46 Gb Total Space | 13.51 Gb Free Space | 18.14% Space Free | Partition Type: NTFS

Computer Name: ARNOLD | User Name: Joel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Joel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (ZipToA) -- File not found
SRV - (MobilePreInstallerService) -- File not found
SRV - (iPod Service) -- File not found
SRV - (HidServ) -- File not found
SRV - (CLTNetCnService) -- File not found
SRV - (Bonjour Service) -- File not found
SRV - (avg8wd) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (Apple Mobile Device) -- File not found
SRV - (IHA_MessageCenter) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe ()
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\swdsvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\svcntaux.exe (PC Tools)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (IKSysFlt) -- C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys (PCTools Research Pty Ltd.)
DRV - (IKSysSec) -- C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys (PCTools Research Pty Ltd.)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (IKFileSec) -- C:\WINDOWS\system32\drivers\ikfilesec.sys (PCTools Research Pty Ltd.)
DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (DigiFilter) -- C:\WINDOWS\system32\drivers\DigiFilt.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (TPkd) -- C:\WINDOWS\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (VNUSB) -- C:\WINDOWS\SYSTEM32\DRIVERS\VNUSB.sys (OLYMPUS IMAGING CORP.)
DRV - (ma763004) -- C:\WINDOWS\SYSTEM32\DRIVERS\MA763004.sys (M-Audio)
DRV - (CVirtA) -- C:\WINDOWS\SYSTEM32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.)
DRV - (MarvinBus) -- C:\WINDOWS\SYSTEM32\DRIVERS\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (pfc) -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys (Padus, Inc.)
DRV - (ASAPIW2K) -- C:\WINDOWS\SYSTEM32\DRIVERS\asapiW2k.sys (Pinnacle Systems GmbH)
DRV - (IntelC52) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys (Intel Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (FreshIO) -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys ()
DRV - (PCLEPCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\Pclepci.sys (Pinnacle Systems GmbH)
DRV - (sonyhcs) -- C:\WINDOWS\SYSTEM32\DRIVERS\sonyhcs.sys (Sony Corporation)
DRV - (sonyhcb) -- C:\WINDOWS\System32\DRIVERS\sonyhcb.sys (Sony Corporation)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2135619002-3175040133-253305863-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-2135619002-3175040133-253305863-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-2135619002-3175040133-253305863-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2135619002-3175040133-253305863-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.cnn.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=ab&ychte=us&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Joel\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Joel\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Joel\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Joel\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Joel\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 11:51:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2010/10/05 21:08:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/01 14:30:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/16 15:53:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/07/16 15:53:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/07/16 15:53:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Joel\Application Data\Move Networks [2009/09/13 18:11:21 | 000,000,000 | ---D | M]

[2009/09/09 23:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joel\Application Data\Mozilla\Extensions
[2011/05/09 20:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\jum2dhku.Default User\extensions
[2010/09/25 03:42:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\jum2dhku.Default User\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/25 03:42:48 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Documents and Settings\Joel\Application Data\Mozilla\Firefox\Profiles\jum2dhku.Default User\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2011/05/09 20:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/10 00:59:31 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/01 14:30:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/14 09:36:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/05 11:06:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2135619002-3175040133-253305863-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2135619002-3175040133-253305863-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2135619002-3175040133-253305863-1007\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-2135619002-3175040133-253305863-1007\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2011/01/21 00:03:25 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Joel\Start Menu\Programs\Startup\AutorunsDisabled [2011/01/21 00:03:27 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2135619002-3175040133-253305863-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2135619002-3175040133-253305863-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2135619002-3175040133-253305863-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2135619002-3175040133-253305863-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} http://www.symantec.com/techsupp/activedata/nprdtinf.cab (AxProdInfoCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab (Java Plug-in 1.4.1_02)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71053C2C-8923-4BDC-84C7-263B1134E23D}: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Joel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Joel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/05 20:07:47 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joel\Desktop\OTL.exe
[2011/09/05 12:58:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/05 12:46:28 | 001,401,136 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Joel\Desktop\tdsskiller.exe
[2011/09/05 11:11:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/05 10:49:35 | 000,062,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2011/09/05 10:42:52 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/05 10:41:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/05 10:41:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/05 10:41:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/05 10:41:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/05 10:41:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/05 10:40:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/05 10:40:16 | 004,195,009 | R--- | C] (Swearware) -- C:\Documents and Settings\Joel\Desktop\ComboFix.exe
[2011/09/04 07:42:14 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Joel\Desktop\dds.scr
[2011/09/04 07:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joel\Desktop\Old Desktop
[2011/09/03 12:11:23 | 007,748,456 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Joel\Desktop\mbam-rules1.exe
[2011/09/03 12:10:46 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Joel\Desktop\vtemp-setup.exe
[2011/09/03 10:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2011/09/03 10:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2011/09/03 10:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2011/08/09 15:59:05 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/09 15:56:53 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/05 20:07:44 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joel\Desktop\OTL.exe
[2011/09/05 19:20:56 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/09/05 19:19:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/09/05 12:46:35 | 001,401,136 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Joel\Desktop\tdsskiller.exe
[2011/09/05 11:06:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/09/05 10:42:59 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2011/09/05 10:40:16 | 004,195,009 | R--- | M] (Swearware) -- C:\Documents and Settings\Joel\Desktop\ComboFix.exe
[2011/09/05 08:48:50 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\Microsoft Office Publisher 2007.lnk
[2011/09/04 07:48:09 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\gmer.zip
[2011/09/04 07:42:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Joel\Desktop\dds.scr
[2011/09/04 07:40:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Joel\defogger_reenable
[2011/09/03 12:27:30 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Joel\Desktop\vtemp-setup.exe
[2011/09/03 12:11:24 | 007,748,456 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Joel\Desktop\mbam-rules1.exe
[2011/09/03 11:59:15 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\Excel 2007.lnk
[2011/09/02 21:32:43 | 082,718,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/09/02 06:53:54 | 000,000,504 | ---- | M] () -- C:\WINDOWS\WinInit.ini
[2011/08/24 10:50:20 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\Word 2007.lnk
[2011/08/23 20:52:38 | 000,102,400 | ---- | M] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/09 23:37:49 | 000,439,252 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/08/09 23:37:49 | 000,070,322 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/08/09 23:35:31 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/05 10:42:59 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/09/05 10:42:55 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/09/05 10:41:07 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/05 10:41:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/05 10:41:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/05 10:41:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/05 10:41:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/04 07:48:12 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\gmer.zip
[2011/09/04 07:40:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Joel\defogger_reenable
[2011/07/29 23:25:53 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\PUTTY.RND
[2011/01/17 00:03:07 | 000,002,251 | ---- | C] () -- C:\WINDOWS\TrueRTA.INI
[2010/12/19 16:03:39 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2010/01/19 00:32:24 | 000,006,010 | R--- | C] () -- C:\WINDOWS\System32\drivers\ma004103.bin
[2010/01/18 01:38:54 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/10/03 16:10:20 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2008/06/27 21:22:10 | 000,109,896 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2007/08/04 17:31:29 | 002,097,152 | ---- | C] () -- C:\WINDOWS\System32\autorun.bin
[2007/07/05 20:02:26 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2007/07/05 20:02:03 | 001,900,132 | ---- | C] () -- C:\WINDOWS\System32\ExpansionHD_Firmware.bin
[2007/07/05 20:02:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\DigiPlatformSupport.dll
[2007/03/27 21:36:40 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/03/27 10:45:22 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2007/03/27 10:45:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2007/03/03 12:59:26 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll
[2007/03/03 12:59:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll
[2007/02/20 23:48:01 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2007/02/20 23:46:43 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/12/25 15:09:29 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/19 19:57:20 | 000,000,060 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/10/19 19:57:16 | 000,000,050 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006/10/19 19:52:30 | 000,037,227 | ---- | C] () -- C:\WINDOWS\SEASTORY.DAT
[2006/10/19 19:52:30 | 000,034,931 | ---- | C] () -- C:\WINDOWS\SEAADV.DAT
[2006/10/19 19:52:30 | 000,032,337 | ---- | C] () -- C:\WINDOWS\SEADICT.DAT
[2005/08/29 06:47:40 | 000,082,691 | ---- | C] () -- C:\WINDOWS\HPHins05.dat
[2005/08/29 06:45:12 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat.temp
[2005/04/27 22:09:14 | 000,094,263 | ---- | C] () -- C:\WINDOWS\HPHins03.dat
[2005/04/27 22:09:14 | 000,002,631 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat
[2005/04/22 18:55:12 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\TTSServer.dll
[2005/04/22 18:51:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/02/17 21:44:58 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2005/02/13 23:00:36 | 000,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2005/01/17 19:44:32 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2005/01/17 18:44:44 | 000,001,096 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2005/01/17 18:28:13 | 000,001,421 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2005/01/07 23:28:17 | 000,018,944 | R--- | C] () -- C:\WINDOWS\eraser.exe
[2005/01/06 23:15:05 | 000,077,340 | ---- | C] () -- C:\WINDOWS\System32\SCCRT70.DLL
[2005/01/06 22:42:49 | 000,000,177 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2005/01/06 22:42:48 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/01/06 22:42:45 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2005/01/06 22:42:45 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2005/01/06 22:42:44 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2004/12/04 19:00:49 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\fusioncache.dat
[2004/11/28 19:01:47 | 000,030,048 | ---- | C] () -- C:\WINDOWS\unsetup.exe
[2004/11/28 19:01:27 | 000,000,259 | ---- | C] () -- C:\WINDOWS\BTW.INI
[2004/11/14 22:00:10 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2004/11/14 10:23:41 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2004/08/31 22:44:36 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/12 05:10:07 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/07/16 13:53:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BBCAuto.INI
[2004/07/01 20:51:58 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2004/06/20 23:00:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/06/20 16:14:40 | 000,000,208 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2004/06/19 22:48:05 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/06/19 17:06:26 | 000,000,121 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2004/06/18 22:39:54 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/06/18 22:22:31 | 000,017,679 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/06/17 23:27:23 | 000,001,628 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2004/06/17 22:56:10 | 000,000,782 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2004/06/17 22:56:10 | 000,000,081 | ---- | C] () -- C:\WINDOWS\Tbplus.ini
[2004/06/17 22:56:04 | 000,046,512 | ---- | C] () -- C:\WINDOWS\System32\EPSN.DLL
[2004/06/17 22:56:04 | 000,012,126 | ---- | C] () -- C:\WINDOWS\System32\PIXPCZ.DLL
[2004/06/17 22:56:04 | 000,011,934 | ---- | C] () -- C:\WINDOWS\System32\PIXPNR.DLL
[2004/06/17 22:56:04 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2004/06/17 22:56:04 | 000,000,081 | ---- | C] () -- C:\WINDOWS\TB96.INI
[2004/06/17 22:41:54 | 000,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/06/17 22:02:03 | 000,000,138 | ---- | C] () -- C:\WINDOWS\WinInit.ini.backup
[2004/06/17 21:19:03 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\wh2robo.dll
[2004/06/17 21:12:46 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Joel\Application Data\PFP110JPR.{PB
[2004/06/17 21:12:46 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Joel\Application Data\PFP110JCM.{PB
[2004/06/15 10:40:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/06/15 10:33:51 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/06/15 10:30:53 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/06/15 10:30:51 | 000,000,504 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2004/06/15 10:20:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/06/15 10:18:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/15 10:18:54 | 000,439,252 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/06/15 10:18:54 | 000,070,322 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/06/15 10:18:42 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/06/15 10:05:28 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/06/07 00:32:52 | 000,009,505 | ---- | C] () -- C:\WINDOWS\System32\hphmon06.dat
[2004/03/26 17:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/03/18 08:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/01/22 18:00:48 | 000,519,336 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/01/22 17:59:18 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/01/22 17:58:10 | 000,000,831 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/11/10 16:06:08 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2002/09/03 09:59:14 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 09:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 09:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 09:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2001/08/26 21:25:08 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\akrip32.dll
[2001/08/25 21:16:08 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[1997/07/11 00:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:05 PM

Posted 05 September 2011 - 07:32 PM

Hello

I want you to run this custem OTL script for me and then let me know how things are after you finish.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O3 - HKU\S-1-5-21-2135619002-3175040133-253305863-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-2135619002-3175040133-253305863-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
    O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY] 
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS] 
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 snarb

snarb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 05 September 2011 - 08:02 PM

Here it is:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2135619002-3175040133-253305863-1007\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-2135619002-3175040133-253305863-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\AutorunsDisabled\ deleted successfully.
File Protocol\Handler\AutorunsDisabled - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Joel\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Joel\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Joel
->Temp folder emptied: 2007928 bytes
->Temporary Internet Files folder emptied: 22796770 bytes
->Java cache emptied: 98832301 bytes
->FireFox cache emptied: 52120139 bytes
->Flash cache emptied: 3016598 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 35 bytes
%systemroot% .tmp files removed: 39097 bytes
%systemroot%\System32 .tmp files removed: 2419217 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33726 bytes
RecycleBin emptied: 1736 bytes

Total Files Cleaned = 173.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Joel
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.27.0 log created on 09052011_205157

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Joel\Local Settings\Temp\Temporary Directory 2 for gmer.zip\gmer.exe not found!
File\Folder C:\Documents and Settings\Joel\Local Settings\Temp\Temporary Directory 1 for gmer.zip\gmer.exe not found!

Registry entries deleted on Reboot...

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:05 PM

Posted 05 September 2011 - 08:07 PM

Hello


How is the computer doing now?



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 snarb

snarb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 05 September 2011 - 08:12 PM

as far as I can tell, it's fine. the only thing is that i can't get the AVG antivirus to go back on. maybe i need to reinstall it?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:05 PM

Posted 05 September 2011 - 08:20 PM

yes try to reinstall it and let me know if it works




gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 snarb

snarb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 05 September 2011 - 09:31 PM

Ok - it's all re-installed. Is that it? Thanks very much for your help. This was a nasty one.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:05 PM

Posted 06 September 2011 - 08:42 AM

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 7.0.7
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.1_02
Java 2 Runtime Environment, SE v1.4.2
Java 2 Runtime Environment, SE v1.4.2_04
Java Web Start
Java™ 6 Update 2
Java™ 6 Update 3
Java™ SE Runtime Environment 6 Update 1


and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]
Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 snarb

snarb
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 06 September 2011 - 04:17 PM

some of the old Java versions will not uninstall - i get an "error in transform" message.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users