Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown infection disables scans and attempts at removal


  • This topic is locked This topic is locked
32 replies to this topic

#1 ccyne

ccyne

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 05 October 2011 - 12:08 PM

Os: win xp, browser: explorer, virus protection is Mcafee

Have malware on my laptop. It's taken over my search engine and all protection. crackajacksearchsystem.com keeps popping up. Did a system restore and eliminated some of the anoyance and have since tried to clean up the malware using malwarebytes and and SAS free with no luck. It takes over the program even if i rename the files and extensions also tried to do the same in safe mode, hijacks them there also. Tried Rkill with no success, disables it instantly. It also wont let me delete any of the original or renamed files
Had a few error messages pop on startup as well. All attempts at removal have failed as the threat hijacks the program before it gets a chance to do anything.

In setting up and gathering the logs for this forum post it even disabled the GMER scan after about 20 seconds so I cant get the log posted. The DDS i did get and is included below. Everything it hijacks gives me a message "windows cannot access the specific device,path, or file. You may not have the appropriate permissions to access the item" If I reload the file or rename it it will work again but gets hijacked again.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by C Coyne at 12:20:08 on 2011-10-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.487 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\335673691:2751921899.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdlserv.exe
C:\WINDOWS\system32\lxdlcoms.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 7500 Series\lxdlmon.exe
C:\Program Files\Lexmark 7500 Series\lxdlamon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://forecast.weather.gov/MapClick.php?CityName=Lanexa&state=VA&site=AKQ&textField1=37.423&textField2=-76.9062&e=0
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110120114813.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2C0A5F28-48D8-408B-9172-9C6121025BCE} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
StartupFolder: c:\docume~1\ccoyne~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks pro\components\qbagent\qbdagent2001.exe
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 Plus - c:\program files\sony\image converter 2\menu.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://www3.authentium.com/cssrelease/bin/wizard.exe
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://cid-6aaa377c886dd77f.spaces.live.com/PhotoUpload/MsnPUpld.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} - hxxp://windsurfari.viewnetcam.com:50000/bl_camera.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DF84C641-4254-46D0-998B-E9FCE72D4CDF} : DhcpNameServer = 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: Dotehtab - {99B8B55A-B269-4C19-B046-09E16812E6CD} - c:\windows\system32\extiww32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-26 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-20 84072]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2009-8-13 18816]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 lxdl_device;lxdl_device;c:\windows\system32\lxdlcoms.exe -service --> c:\windows\system32\lxdlcoms.exe -service [?]
R2 lxdlCATSCustConnectService;lxdlCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdlserv.exe [2010-7-15 99248]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-20 271480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-20 188136]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-26 152960]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-20 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-1-20 88544]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-3-15 226304]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys --> c:\windows\system32\drivers\ntcdrdrv.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-20 271480]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-20 271480]
S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-20 171168]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-20 141792]
S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-20 55840]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-10-4 41272]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\18.tmp --> c:\windows\system32\18.tmp [?]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-26 52104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-1-20 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-20 84264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-26 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-26 40552]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-3-15 29184]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
.
=============== Created Last 30 ================
.
2011-10-04 16:08:23 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-29 23:40:24 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-09-29 23:40:24 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 12:55:31 0 ----a-w- c:\windows\Lzabez.bin
.
============= FINISH: 12:22:02.54 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 AM

Posted 08 October 2011 - 04:46 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Please download DummyCreator.zip and unzip it.
  • Run the tool.
  • Copy and paste the following into the edit box:

    C:\WINDOWS\335673691
  • Press Create button and post the content of the Result.txt.

    Important: Restart the computer.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ccyne

ccyne
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 09 October 2011 - 07:48 AM

Thank you! i'll have these done as soon as possible here is the first log.


DummyCreator by Farbar
Ran by C Coyne (administrator) on 09-10-2011 at 08:44:45
**************************************************************

C:\WINDOWS\335673691 [09-10-2011 08:44:45]

== End of log ==

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 AM

Posted 09 October 2011 - 12:48 PM

let me have the combofix report when complete


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ccyne

ccyne
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 09 October 2011 - 04:21 PM

here is the log.




ComboFix 11-10-09.01 - C Coyne 10/09/2011 16:33:30.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.628 [GMT -4:00]
Running from: c:\documents and settings\C Coyne\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Macromedia\swfupdate
c:\documents and settings\All Users\Application Data\Macromedia\swfupdate\flagunit.dtd
c:\documents and settings\All Users\Application Data\Macromedia\swfupdate\h64data.dtd
c:\documents and settings\All Users\Application Data\Macromedia\swfupdate\LocalsSettings.dtd
c:\documents and settings\All Users\Application Data\Macromedia\swfupdate\Ui.dtd
c:\documents and settings\All Users\SPL23C.tmp
c:\documents and settings\C Coyne\WINDOWS
c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe
c:\windows\$NtUninstallKB42258$
c:\windows\$NtUninstallKB42258$\1543045396\@
c:\windows\$NtUninstallKB42258$\1543045396\click.tlb
c:\windows\$NtUninstallKB42258$\1543045396\L\hageaxms
c:\windows\$NtUninstallKB42258$\1543045396\loader.tlb
c:\windows\$NtUninstallKB42258$\1543045396\U\@00000001
c:\windows\$NtUninstallKB42258$\1543045396\U\@000000c0
c:\windows\$NtUninstallKB42258$\1543045396\U\@000000cb
c:\windows\$NtUninstallKB42258$\1543045396\U\@000000cf
c:\windows\$NtUninstallKB42258$\1543045396\U\@80000000
c:\windows\$NtUninstallKB42258$\1543045396\U\@800000c0
c:\windows\$NtUninstallKB42258$\1543045396\U\@800000cb
c:\windows\$NtUninstallKB42258$\1543045396\U\@800000cf
c:\windows\$NtUninstallKB42258$\3189846915
c:\windows\335673691
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
c:\windows\kb835221.exe
c:\windows\kb913800.exe
c:\windows\setupapi.log
c:\windows\system32\
c:\windows\windows-kb870669-x86-enu.exe
c:\windows\windowsinstaller-kb893803-v2-x86.exe
c:\windows\windowsxp-kb307154-x86-enu.exe
c:\windows\windowsxp-kb873339-x86-enu.exe
c:\windows\windowsxp-kb884018-x86-enu.exe
c:\windows\windowsxp-kb884575-x86-enu.exe
c:\windows\windowsxp-kb885250-x86-enu.exe
c:\windows\windowsxp-kb885835-x86-enu.exe
c:\windows\windowsxp-kb885836-x86-enu.exe
c:\windows\windowsxp-kb886185-x86-enu.exe
c:\windows\windowsxp-kb887472-x86-enu.exe
c:\windows\windowsxp-kb887742-x86-enu.exe
c:\windows\windowsxp-kb888113-x86-enu.exe
c:\windows\windowsxp-kb888239-x86-enu.exe
c:\windows\windowsxp-kb888302-x86-enu.exe
c:\windows\windowsxp-kb888321-x86-enu.exe
c:\windows\windowsxp-kb890046-x86-enu.exe
c:\windows\windowsxp-kb890859-x86-enu.exe
c:\windows\windowsxp-kb891781-x86-enu.exe
c:\windows\WindowsXP-KB893056-x86-ENU.exe
c:\windows\windowsxp-kb893066-v2-x86-enu.exe
c:\windows\windowsxp-kb893357-v2-x86-enu.exe
c:\windows\windowsxp-kb893756-x86-enu.exe
c:\windows\windowsxp-kb894391-x86-enu.exe
c:\windows\windowsxp-kb896358-x86-enu.exe
c:\windows\windowsxp-kb896422-x86-enu.exe
c:\windows\windowsxp-kb896423-x86-enu.exe
c:\windows\windowsxp-kb896424-x86-enu.exe
c:\windows\windowsxp-kb896428-x86-enu.exe
c:\windows\windowsxp-kb896688-x86-enu.exe
c:\windows\windowsxp-kb896727-x86-enu.exe
c:\windows\windowsxp-kb899587-x86-enu.exe
c:\windows\windowsxp-kb899588-x86-enu.exe
c:\windows\windowsxp-kb899589-x86-enu.exe
c:\windows\windowsxp-kb899591-x86-enu.exe
c:\windows\windowsxp-kb900725-x86-enu.exe
c:\windows\windowsxp-kb901017-x86-enu.exe
c:\windows\windowsxp-kb901214-x86-enu.exe
c:\windows\windowsxp-kb902400-x86-enu.exe
c:\windows\windowsxp-kb903235-x86-enu.exe
c:\windows\windowsxp-kb904706-x86-enu.exe
c:\windows\windowsxp-kb905414-x86-enu.exe
c:\windows\windowsxp-kb905749-x86-enu.exe
c:\windows\windowsxp-kb905915-x86-enu.exe
c:\windows\windowsxp-kb908519-x86-enu.exe
c:\windows\windowsxp-kb909667-x86-enu.exe
c:\windows\windowsxp-kb910437-x86-enu.exe
c:\windows\windowsxp-kb910728-x86-enu.exe
c:\windows\windowsxp-kb912919-x86-enu.exe
c:\windows\windowsxp-kb912945-x86-enu.exe
.
Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\cdrom.sys
.
Infected copy of c:\program files\SUPERAntiSpyware\SASCORE.EXE was found and disinfected
Restored copy from - c:\system volume information\_restore{6B3B2631-9354-4189-8E72-FAB98CF40958}\RP1270\A0213244.EXE
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{6B3B2631-9354-4189-8E72-FAB98CF40958}\RP1266\A0200149.exe
.
Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{6B3B2631-9354-4189-8E72-FAB98CF40958}\RP1266\A0200150.exe
.
Infected copy of c:\program files\Canon\CAL\CALMAIN.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{6B3B2631-9354-4189-8E72-FAB98CF40958}\RP1266\A0201158.exe
.
Infected copy of c:\program files\Intel\Wireless\Bin\EvtEng.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{6B3B2631-9354-4189-8E72-FAB98CF40958}\RP1266\A0200148.exe
.
Infected copy of c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{6B3B2631-9354-4189-8E72-FAB98CF40958}\RP1266\A0200151.exe
.
Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{6B3B2631-9354-4189-8E72-FAB98CF40958}\RP1266\A0201159.exe
.
Infected copy of c:\program files\Java\jre6\bin\jqs.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{6B3B2631-9354-4189-8E72-FAB98CF40958}\RP1266\A0201152.exe
.
Infected copy of c:\windows\system32\lxdlcoms.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{6B3B2631-9354-4189-8E72-FAB98CF40958}\RP1266\A0200152.exe
.
Infected copy of c:\windows\System32\spool\DRIVERS\W32X86\3\\lxdlserv.exe was found and disinfected
Restored copy from - c:\windows\system32\spool\drivers\w32x86\lexmark_7500_seriesd1ed\lxdlserv.exe
.
Infected copy of c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{6B3B2631-9354-4189-8E72-FAB98CF40958}\RP1266\A0201154.exe
.
Infected copy of c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{6B3B2631-9354-4189-8E72-FAB98CF40958}\RP1266\A0201157.exe
.
c:\windows\system32\mfevtps.exe . . . is infected!!
c:\windows\system32\mfevtps.exe . . . was deleted!! You should re-install the program it pertains to
.
Infected copy of c:\windows\system32\nvsvc32.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{6B3B2631-9354-4189-8E72-FAB98CF40958}\RP1267\A0205142.exe
.
Infected copy of c:\program files\Intel\Wireless\Bin\RegSrvc.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{6B3B2631-9354-4189-8E72-FAB98CF40958}\RP1266\A0201155.exe
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe . . . is infected!!
c:\program files\Intel\Wireless\Bin\S24EvMon.exe . . . was deleted!! You should re-install the program it pertains to
.
Infected copy of c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{6B3B2631-9354-4189-8E72-FAB98CF40958}\RP1266\A0201156.exe
.
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe . . . is infected!!
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe . . . was deleted!! You should re-install the program it pertains to
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_5bf90114
.
.
((((((((((((((((((((((((( Files Created from 2011-09-09 to 2011-10-09 )))))))))))))))))))))))))))))))
.
.
2011-10-09 20:59 . 2011-10-09 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\!SASCORE
2011-10-04 16:08 . 2011-10-04 16:24 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-29 23:40 . 2011-09-29 23:40 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 21:00 . 2009-01-25 21:45 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-04 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-14 4611456]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
c:\documents and settings\C Coyne\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
QuickBooks 2001 Delivery Agent.lnk - c:\program files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2001.exe [2006-8-17 204800]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Dotehtab"= {99B8B55A-B269-4C19-B046-09E16812E6CD} - c:\windows\system32\extiww32.dll [2007-04-16 839680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 01:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\lxdlcoms.exe"=
"c:\\Program Files\\Lexmark 7500 Series\\lxdlmon.exe"=
"c:\\WINDOWS\\system32\\lxdlcfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdlpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdltime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdljswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdlwbgw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/20/2011 12:47 PM 84072]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [8/13/2009 9:13 AM 18816]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [10/9/2011 4:53 PM 114416]
R2 lxdl_device;lxdl_device;c:\windows\system32\lxdlcoms.exe -service --> c:\windows\system32\lxdlcoms.exe -service [?]
R2 lxdlCATSCustConnectService;lxdlCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdlserv.exe [7/15/2010 8:20 AM 99248]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/20/2011 12:47 PM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/20/2011 12:47 PM 88544]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [3/15/2006 7:57 PM 226304]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [?]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [1/20/2011 12:48 PM 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;"c:\windows\system32\mfevtps.exe" --> c:\windows\system32\mfevtps.exe [?]
S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/20/2011 12:47 PM 55840]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [10/4/2011 12:08 PM 41272]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\18.tmp --> c:\windows\system32\18.tmp [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/20/2011 12:47 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/20/2011 12:47 PM 84264]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [3/15/2006 7:57 PM 29184]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2008-09-10 c:\windows\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
- c:\program files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe [2005-11-01 10:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://forecast.weather.gov/MapClick.php?CityName=Lanexa&state=VA&site=AKQ&textField1=37.423&textField2=-76.9062&e=0
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://www3.authentium.com/cssrelease/bin/wizard.exe
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-09 16:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\18.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1376)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'explorer.exe'(108)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\extiww32.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\imgorpop.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdlcoms.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2011-10-09 17:10:42 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-09 21:10
.
Pre-Run: 1,115,955,200 bytes free
Post-Run: 1,129,062,400 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - D9F00F5EF45D3CF4B8382CFCC11A150B

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 AM

Posted 09 October 2011 - 08:24 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
C:\Users\ChrisV\AppData\Local\Temp\DWH7E1F.tmp
C:\Users\ChrisV\AppData\Local\Temp\DWHAF5D.tmp
C:\Users\ChrisV\AppData\Local\Temp\DWH7E1F.tmp

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ccyne

ccyne
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 09 October 2011 - 10:56 PM

comp Running faster.
still get a change of search provider window at start of explorer.

ComboFix 11-10-09.01 - C Coyne 10/09/2011 23:32:52.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.520 [GMT -4:00]
Running from: c:\documents and settings\C Coyne\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\C Coyne\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
FILE ::
"c:\users\ChrisV\AppData\Local\Temp\DWH7E1F.tmp"
"c:\users\ChrisV\AppData\Local\Temp\DWHAF5D.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\C Coyne\Local Settings\Application Data\{F27B0064-5824-41C0-9C22-82163C72B4A0}
c:\documents and settings\C Coyne\Local Settings\Application Data\{F27B0064-5824-41C0-9C22-82163C72B4A0}\chrome\content\_cfg.js
c:\documents and settings\C Coyne\Local Settings\Application Data\{F27B0064-5824-41C0-9C22-82163C72B4A0}\chrome\content\overlay.xul
c:\documents and settings\C Coyne\Local Settings\Application Data\{F27B0064-5824-41C0-9C22-82163C72B4A0}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-09-10 to 2011-10-10 )))))))))))))))))))))))))))))))
.
.
2011-10-09 20:59 . 2011-10-09 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\!SASCORE
2011-10-04 16:08 . 2011-10-04 16:24 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-29 23:40 . 2011-09-29 23:40 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 21:00 . 2009-01-25 21:45 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-09_21.00.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-03-15 23:55 . 2009-03-21 14:06 802401 c:\windows\system32\matipcat32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-04 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-14 4611456]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
c:\documents and settings\C Coyne\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
QuickBooks 2001 Delivery Agent.lnk - c:\program files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2001.exe [2006-8-17 204800]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Dotehtab"= {99B8B55A-B269-4C19-B046-09E16812E6CD} - c:\windows\system32\extiww32.dll [2007-04-16 839680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 01:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\lxdlcoms.exe"=
"c:\\Program Files\\Lexmark 7500 Series\\lxdlmon.exe"=
"c:\\WINDOWS\\system32\\lxdlcfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdlpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdltime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdljswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdlwbgw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/20/2011 12:47 PM 84072]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [8/13/2009 9:13 AM 18816]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [10/9/2011 4:53 PM 114416]
R2 lxdl_device;lxdl_device;c:\windows\system32\lxdlcoms.exe -service --> c:\windows\system32\lxdlcoms.exe -service [?]
R2 lxdlCATSCustConnectService;lxdlCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdlserv.exe [7/15/2010 8:20 AM 99248]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/20/2011 12:47 PM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/20/2011 12:47 PM 88544]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [3/15/2006 7:57 PM 226304]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [?]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [1/20/2011 12:48 PM 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;"c:\windows\system32\mfevtps.exe" --> c:\windows\system32\mfevtps.exe [?]
S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/20/2011 12:47 PM 55840]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [10/4/2011 12:08 PM 41272]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\18.tmp --> c:\windows\system32\18.tmp [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/20/2011 12:47 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/20/2011 12:47 PM 84264]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [3/15/2006 7:57 PM 29184]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://forecast.weather.gov/MapClick.php?CityName=Lanexa&state=VA&site=AKQ&textField1=37.423&textField2=-76.9062&e=0
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://www3.authentium.com/cssrelease/bin/wizard.exe
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-09 23:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\18.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1376)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\VESWinlogon.dll
.
Completion time: 2011-10-09 23:50:44
ComboFix-quarantined-files.txt 2011-10-10 03:50
ComboFix2.txt 2011-10-09 21:10
.
Pre-Run: 1,144,848,384 bytes free
Post-Run: 1,474,588,672 bytes free
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - C2B12F7DA40D35EDF9FDBBEC12D38622

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 AM

Posted 10 October 2011 - 08:06 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ccyne

ccyne
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 11 October 2011 - 12:46 AM

01:43:40.0748 0812 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06
01:43:40.0982 0812 ============================================================
01:43:40.0982 0812 Current date / time: 2011/10/11 01:43:40.0982
01:43:40.0982 0812 SystemInfo:
01:43:40.0982 0812
01:43:40.0982 0812 OS Version: 5.1.2600 ServicePack: 3.0
01:43:40.0982 0812 Product type: Workstation
01:43:40.0982 0812 ComputerName: CHRIS
01:43:40.0982 0812 UserName: C Coyne
01:43:40.0982 0812 Windows directory: C:\WINDOWS
01:43:40.0982 0812 System windows directory: C:\WINDOWS
01:43:40.0982 0812 Processor architecture: Intel x86
01:43:40.0982 0812 Number of processors: 2
01:43:40.0982 0812 Page size: 0x1000
01:43:40.0982 0812 Boot type: Normal boot
01:43:40.0982 0812 ============================================================
01:43:43.0263 0812 Initialize success
01:44:12.0373 3408 ============================================================
01:44:12.0373 3408 Scan started
01:44:12.0373 3408 Mode: Manual;
01:44:12.0373 3408 ============================================================
01:44:13.0170 3408 Abiosdsk - ok
01:44:13.0185 3408 abp480n5 - ok
01:44:13.0248 3408 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:44:13.0263 3408 ACPI - ok
01:44:13.0310 3408 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
01:44:13.0310 3408 ACPIEC - ok
01:44:13.0326 3408 adpu160m - ok
01:44:13.0373 3408 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
01:44:13.0373 3408 aec - ok
01:44:13.0420 3408 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
01:44:13.0435 3408 AegisP - ok
01:44:13.0498 3408 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
01:44:13.0498 3408 AFD - ok
01:44:13.0513 3408 Aha154x - ok
01:44:13.0529 3408 aic78u2 - ok
01:44:13.0545 3408 aic78xx - ok
01:44:13.0560 3408 AliIde - ok
01:44:13.0576 3408 amsint - ok
01:44:13.0638 3408 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
01:44:13.0654 3408 ApfiltrService - ok
01:44:13.0701 3408 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
01:44:13.0701 3408 Arp1394 - ok
01:44:13.0716 3408 asc - ok
01:44:13.0732 3408 asc3350p - ok
01:44:13.0748 3408 asc3550 - ok
01:44:13.0810 3408 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:44:13.0810 3408 AsyncMac - ok
01:44:13.0826 3408 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
01:44:13.0826 3408 atapi - ok
01:44:13.0841 3408 Atdisk - ok
01:44:13.0873 3408 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:44:13.0873 3408 Atmarpc - ok
01:44:13.0920 3408 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
01:44:13.0920 3408 audstub - ok
01:44:13.0966 3408 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
01:44:13.0966 3408 Beep - ok
01:44:14.0091 3408 BVRPMPR5 (6598d078d5446197aed6b46c6a2a3431) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
01:44:14.0091 3408 BVRPMPR5 - ok
01:44:14.0091 3408 catchme - ok
01:44:14.0123 3408 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
01:44:14.0123 3408 cbidf2k - ok
01:44:14.0154 3408 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
01:44:14.0154 3408 CCDECODE - ok
01:44:14.0310 3408 cd20xrnt - ok
01:44:14.0591 3408 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
01:44:14.0591 3408 Cdaudio - ok
01:44:14.0638 3408 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
01:44:14.0638 3408 Cdfs - ok
01:44:14.0716 3408 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:44:14.0716 3408 Cdrom - ok
01:44:14.0779 3408 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys
01:44:14.0779 3408 cfwids - ok
01:44:14.0795 3408 Changer - ok
01:44:14.0826 3408 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
01:44:14.0826 3408 CmBatt - ok
01:44:14.0841 3408 CmdIde - ok
01:44:14.0857 3408 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
01:44:14.0857 3408 Compbatt - ok
01:44:14.0873 3408 Cpqarray - ok
01:44:14.0888 3408 CSS DVP - ok
01:44:14.0904 3408 dac2w2k - ok
01:44:14.0920 3408 dac960nt - ok
01:44:14.0935 3408 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
01:44:14.0935 3408 Disk - ok
01:44:15.0013 3408 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
01:44:15.0029 3408 dmboot - ok
01:44:15.0138 3408 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
01:44:15.0138 3408 DMICall - ok
01:44:15.0201 3408 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
01:44:15.0201 3408 dmio - ok
01:44:15.0248 3408 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
01:44:15.0248 3408 dmload - ok
01:44:15.0295 3408 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
01:44:15.0295 3408 DMusic - ok
01:44:15.0310 3408 dpti2o - ok
01:44:15.0341 3408 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
01:44:15.0341 3408 drmkaud - ok
01:44:15.0435 3408 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
01:44:15.0435 3408 E100B - ok
01:44:15.0498 3408 e1express (389cf2cded384be477c3b3f15747d495) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
01:44:15.0498 3408 e1express - ok
01:44:15.0545 3408 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
01:44:15.0560 3408 Fastfat - ok
01:44:15.0591 3408 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
01:44:15.0591 3408 Fdc - ok
01:44:15.0623 3408 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
01:44:15.0623 3408 Fips - ok
01:44:15.0638 3408 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
01:44:15.0638 3408 Flpydisk - ok
01:44:15.0685 3408 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
01:44:15.0701 3408 FltMgr - ok
01:44:15.0716 3408 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:44:15.0716 3408 Fs_Rec - ok
01:44:15.0748 3408 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:44:15.0748 3408 Ftdisk - ok
01:44:15.0810 3408 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
01:44:15.0810 3408 GEARAspiWDM - ok
01:44:15.0873 3408 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:44:15.0873 3408 Gpc - ok
01:44:15.0888 3408 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
01:44:15.0888 3408 HDAudBus - ok
01:44:15.0920 3408 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:44:15.0920 3408 hidusb - ok
01:44:15.0935 3408 hpn - ok
01:44:15.0998 3408 HSFHWAZL (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
01:44:15.0998 3408 HSFHWAZL - ok
01:44:16.0076 3408 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
01:44:16.0091 3408 HSF_DPV - ok
01:44:16.0201 3408 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
01:44:16.0216 3408 HTTP - ok
01:44:16.0232 3408 i2omgmt - ok
01:44:16.0232 3408 i2omp - ok
01:44:16.0263 3408 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:44:16.0279 3408 i8042prt - ok
01:44:16.0404 3408 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
01:44:16.0435 3408 ialm - ok
01:44:16.0576 3408 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
01:44:16.0576 3408 Imapi - ok
01:44:16.0591 3408 ini910u - ok
01:44:16.0607 3408 IntelIde - ok
01:44:16.0685 3408 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
01:44:16.0685 3408 intelppm - ok
01:44:16.0732 3408 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
01:44:16.0732 3408 Ip6Fw - ok
01:44:16.0795 3408 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:44:16.0795 3408 IpFilterDriver - ok
01:44:16.0857 3408 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:44:16.0857 3408 IpInIp - ok
01:44:16.0904 3408 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:44:16.0904 3408 IpNat - ok
01:44:16.0920 3408 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:44:16.0920 3408 IPSec - ok
01:44:16.0951 3408 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
01:44:16.0951 3408 IRENUM - ok
01:44:16.0998 3408 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:44:16.0998 3408 isapnp - ok
01:44:17.0013 3408 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:44:17.0013 3408 Kbdclass - ok
01:44:17.0045 3408 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
01:44:17.0045 3408 kmixer - ok
01:44:17.0076 3408 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
01:44:17.0076 3408 KSecDD - ok
01:44:17.0091 3408 lbrtfdc - ok
01:44:17.0170 3408 MBAMSwissArmy (0905dc0814d738cff53577a59ccd81e0) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
01:44:17.0170 3408 MBAMSwissArmy - ok
01:44:17.0248 3408 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
01:44:17.0248 3408 mdmxsdk - ok
01:44:17.0263 3408 MEMSWEEP2 - ok
01:44:17.0326 3408 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\WINDOWS\system32\drivers\mfeapfk.sys
01:44:17.0326 3408 mfeapfk - ok
01:44:17.0451 3408 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys
01:44:17.0466 3408 mfeavfk - ok
01:44:17.0482 3408 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys
01:44:17.0482 3408 mfebopk - ok
01:44:17.0560 3408 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys
01:44:17.0576 3408 mfefirek - ok
01:44:17.0685 3408 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys
01:44:17.0685 3408 mfehidk - ok
01:44:17.0732 3408 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
01:44:17.0732 3408 mfendisk - ok
01:44:17.0748 3408 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
01:44:17.0748 3408 mfendiskmp - ok
01:44:17.0763 3408 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys
01:44:17.0779 3408 mferkdet - ok
01:44:17.0826 3408 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
01:44:17.0826 3408 mferkdk - ok
01:44:17.0873 3408 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
01:44:17.0873 3408 mfesmfk - ok
01:44:17.0951 3408 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\WINDOWS\system32\drivers\mfetdi2k.sys
01:44:17.0951 3408 mfetdi2k - ok
01:44:18.0013 3408 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
01:44:18.0013 3408 MHNDRV - ok
01:44:18.0138 3408 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
01:44:18.0138 3408 mnmdd - ok
01:44:18.0185 3408 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
01:44:18.0201 3408 Modem - ok
01:44:18.0232 3408 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
01:44:18.0232 3408 motmodem - ok
01:44:18.0279 3408 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:44:18.0279 3408 Mouclass - ok
01:44:18.0341 3408 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:44:18.0341 3408 mouhid - ok
01:44:18.0388 3408 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
01:44:18.0388 3408 MountMgr - ok
01:44:18.0404 3408 mraid35x - ok
01:44:18.0435 3408 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:44:18.0451 3408 MRxDAV - ok
01:44:18.0529 3408 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:44:18.0529 3408 MRxSmb - ok
01:44:18.0560 3408 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
01:44:18.0560 3408 Msfs - ok
01:44:18.0591 3408 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:44:18.0591 3408 MSKSSRV - ok
01:44:18.0623 3408 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:44:18.0623 3408 MSPCLOCK - ok
01:44:18.0654 3408 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
01:44:18.0654 3408 MSPQM - ok
01:44:18.0748 3408 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:44:18.0748 3408 mssmbios - ok
01:44:18.0810 3408 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
01:44:18.0810 3408 MSTEE - ok
01:44:18.0857 3408 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
01:44:18.0857 3408 Mup - ok
01:44:18.0888 3408 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
01:44:18.0904 3408 NABTSFEC - ok
01:44:18.0920 3408 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
01:44:18.0920 3408 NDIS - ok
01:44:18.0951 3408 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
01:44:18.0951 3408 NdisIP - ok
01:44:19.0029 3408 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:44:19.0029 3408 NdisTapi - ok
01:44:19.0076 3408 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:44:19.0076 3408 Ndisuio - ok
01:44:19.0107 3408 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:44:19.0107 3408 NdisWan - ok
01:44:19.0138 3408 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
01:44:19.0138 3408 NDProxy - ok
01:44:19.0154 3408 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
01:44:19.0154 3408 NetBIOS - ok
01:44:19.0216 3408 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
01:44:19.0216 3408 NetBT - ok
01:44:19.0279 3408 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
01:44:19.0279 3408 NIC1394 - ok
01:44:19.0295 3408 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
01:44:19.0295 3408 Npfs - ok
01:44:19.0310 3408 ntcdrdrv - ok
01:44:19.0373 3408 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
01:44:19.0388 3408 Ntfs - ok
01:44:19.0513 3408 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
01:44:19.0513 3408 Null - ok
01:44:19.0716 3408 nv (57e81d1fde97bb98f7373bce2f4ffb21) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
01:44:19.0779 3408 nv - ok
01:44:19.0888 3408 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:44:19.0888 3408 NwlnkFlt - ok
01:44:19.0966 3408 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:44:19.0966 3408 NwlnkFwd - ok
01:44:20.0013 3408 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
01:44:20.0013 3408 ohci1394 - ok
01:44:20.0060 3408 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
01:44:20.0076 3408 Parport - ok
01:44:20.0107 3408 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
01:44:20.0107 3408 PartMgr - ok
01:44:20.0170 3408 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
01:44:20.0170 3408 ParVdm - ok
01:44:20.0185 3408 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
01:44:20.0185 3408 PCI - ok
01:44:20.0201 3408 PCIDump - ok
01:44:20.0248 3408 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
01:44:20.0248 3408 PCIIde - ok
01:44:20.0263 3408 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
01:44:20.0279 3408 Pcmcia - ok
01:44:20.0295 3408 PDCOMP - ok
01:44:20.0295 3408 PDFRAME - ok
01:44:20.0310 3408 PDRELI - ok
01:44:20.0326 3408 PDRFRAME - ok
01:44:20.0341 3408 perc2 - ok
01:44:20.0357 3408 perc2hib - ok
01:44:20.0404 3408 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:44:20.0404 3408 PptpMiniport - ok
01:44:20.0420 3408 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
01:44:20.0420 3408 PSched - ok
01:44:20.0482 3408 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:44:20.0498 3408 Ptilink - ok
01:44:20.0529 3408 PxHelp20 (1ffd5f718638fbea6c1eaad3349d479e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
01:44:20.0529 3408 PxHelp20 - ok
01:44:20.0545 3408 ql1080 - ok
01:44:20.0560 3408 Ql10wnt - ok
01:44:20.0576 3408 ql12160 - ok
01:44:20.0591 3408 ql1240 - ok
01:44:20.0591 3408 ql1280 - ok
01:44:20.0623 3408 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:44:20.0623 3408 RasAcd - ok
01:44:20.0670 3408 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:44:20.0670 3408 Rasl2tp - ok
01:44:20.0732 3408 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:44:20.0732 3408 RasPppoe - ok
01:44:20.0951 3408 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
01:44:20.0951 3408 Raspti - ok
01:44:21.0060 3408 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:44:21.0060 3408 Rdbss - ok
01:44:21.0123 3408 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:44:21.0138 3408 RDPCDD - ok
01:44:21.0170 3408 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:44:21.0170 3408 rdpdr - ok
01:44:21.0216 3408 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
01:44:21.0232 3408 RDPWD - ok
01:44:21.0248 3408 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
01:44:21.0248 3408 redbook - ok
01:44:21.0310 3408 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
01:44:21.0310 3408 s24trans - ok
01:44:21.0420 3408 SABProcEnum - ok
01:44:21.0513 3408 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
01:44:21.0529 3408 SASDIFSV - ok
01:44:21.0529 3408 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
01:44:21.0545 3408 SASKUTIL - ok
01:44:21.0638 3408 SAVRKBootTasks (68de5b1e82d3dd10f5f6169522c7c88a) C:\WINDOWS\system32\SAVRKBootTasks.sys
01:44:21.0638 3408 SAVRKBootTasks - ok
01:44:21.0716 3408 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:44:21.0732 3408 Secdrv - ok
01:44:21.0826 3408 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
01:44:21.0826 3408 Serial - ok
01:44:21.0888 3408 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
01:44:21.0888 3408 Sfloppy - ok
01:44:21.0998 3408 SI3132 (716a724a447c559f122ea140d636fa48) C:\WINDOWS\system32\DRIVERS\SI3132.sys
01:44:21.0998 3408 SI3132 - ok
01:44:22.0013 3408 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
01:44:22.0013 3408 SiFilter - ok
01:44:22.0029 3408 Simbad - ok
01:44:22.0045 3408 SiRemFil (62fd549acf2943f89612a8777295fa57) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
01:44:22.0045 3408 SiRemFil - ok
01:44:22.0076 3408 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
01:44:22.0091 3408 SLIP - ok
01:44:22.0138 3408 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
01:44:22.0138 3408 SNC - ok
01:44:22.0201 3408 SonyImgF (fb77021110eaa16ea6e0961c844ef0d2) C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
01:44:22.0201 3408 SonyImgF - ok
01:44:22.0216 3408 Sparrow - ok
01:44:22.0232 3408 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
01:44:22.0232 3408 splitter - ok
01:44:22.0248 3408 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
01:44:22.0263 3408 sr - ok
01:44:22.0326 3408 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
01:44:22.0326 3408 Srv - ok
01:44:22.0513 3408 STHDA (c80ec509026f6cc88486742083386ff6) C:\WINDOWS\system32\drivers\sthda.sys
01:44:22.0545 3408 STHDA - ok
01:44:22.0623 3408 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
01:44:22.0623 3408 streamip - ok
01:44:22.0701 3408 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
01:44:22.0701 3408 swenum - ok
01:44:22.0763 3408 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
01:44:22.0763 3408 swmidi - ok
01:44:22.0779 3408 symc810 - ok
01:44:22.0795 3408 symc8xx - ok
01:44:22.0810 3408 sym_hi - ok
01:44:22.0826 3408 sym_u3 - ok
01:44:22.0904 3408 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
01:44:22.0904 3408 sysaudio - ok
01:44:23.0013 3408 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:44:23.0013 3408 Tcpip - ok
01:44:23.0138 3408 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
01:44:23.0154 3408 TDPIPE - ok
01:44:23.0170 3408 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
01:44:23.0170 3408 TDTCP - ok
01:44:23.0216 3408 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
01:44:23.0216 3408 TermDD - ok
01:44:23.0295 3408 ti21sony (26587ce8e6c6f16b8b4e7e2c16fa00bf) C:\WINDOWS\system32\drivers\ti21sony.sys
01:44:23.0295 3408 ti21sony - ok
01:44:23.0310 3408 TosIde - ok
01:44:23.0357 3408 tosporte (6a404454c6133e749be33892eb6ffa35) C:\WINDOWS\system32\DRIVERS\tosporte.sys
01:44:23.0357 3408 tosporte - ok
01:44:23.0435 3408 Tosrfbd (e4901804c4d8d613fa3560de2c2e0261) C:\WINDOWS\system32\Drivers\tosrfbd.sys
01:44:23.0435 3408 Tosrfbd - ok
01:44:23.0466 3408 Tosrfbnp (613e09572f4c5b92ca6be8bdc4cc5b7d) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
01:44:23.0466 3408 Tosrfbnp - ok
01:44:23.0513 3408 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
01:44:23.0513 3408 Tosrfcom - ok
01:44:23.0560 3408 Tosrfhid (7726332391d8fca1a491a17f592fd6b3) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
01:44:23.0560 3408 Tosrfhid - ok
01:44:23.0607 3408 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
01:44:23.0607 3408 tosrfnds - ok
01:44:23.0623 3408 Tosrfusb (7414a6461bc83a22b0ae009ace3e375b) C:\WINDOWS\system32\Drivers\tosrfusb.sys
01:44:23.0623 3408 Tosrfusb - ok
01:44:23.0670 3408 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
01:44:23.0670 3408 Udfs - ok
01:44:23.0685 3408 ultra - ok
01:44:23.0779 3408 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
01:44:23.0779 3408 Update - ok
01:44:23.0920 3408 USBAAPL (39d087ff228c9cd57ce766bf0c9c62de) C:\WINDOWS\system32\Drivers\usbaapl.sys
01:44:23.0920 3408 USBAAPL - ok
01:44:23.0998 3408 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:44:23.0998 3408 usbccgp - ok
01:44:24.0045 3408 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:44:24.0045 3408 usbehci - ok
01:44:24.0107 3408 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:44:24.0107 3408 usbhub - ok
01:44:24.0154 3408 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
01:44:24.0154 3408 usbprint - ok
01:44:24.0185 3408 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
01:44:24.0201 3408 usbscan - ok
01:44:24.0248 3408 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:44:24.0248 3408 usbstor - ok
01:44:24.0263 3408 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:44:24.0279 3408 usbuhci - ok
01:44:24.0341 3408 usbvm321 (c7f4158ea3915f4194aee233ff8d4728) C:\WINDOWS\system32\Drivers\usbvm321.sys
01:44:24.0341 3408 usbvm321 - ok
01:44:24.0404 3408 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
01:44:24.0404 3408 VgaSave - ok
01:44:24.0420 3408 ViaIde - ok
01:44:24.0451 3408 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
01:44:24.0451 3408 VolSnap - ok
01:44:24.0607 3408 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
01:44:24.0638 3408 w39n51 - ok
01:44:24.0873 3408 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:44:24.0873 3408 Wanarp - ok
01:44:24.0951 3408 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
01:44:24.0966 3408 Wdf01000 - ok
01:44:24.0982 3408 WDICA - ok
01:44:25.0029 3408 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
01:44:25.0029 3408 wdmaud - ok
01:44:25.0123 3408 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
01:44:25.0138 3408 winachsf - ok
01:44:25.0326 3408 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
01:44:25.0326 3408 WpdUsb - ok
01:44:25.0373 3408 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
01:44:25.0373 3408 WSTCODEC - ok
01:44:25.0435 3408 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:44:25.0435 3408 WudfPf - ok
01:44:25.0466 3408 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:44:25.0466 3408 WudfRd - ok
01:44:25.0513 3408 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
01:44:25.0685 3408 \Device\Harddisk0\DR0 - ok
01:44:25.0685 3408 Boot (0x1200) (7c0650643b3348b6b5f887b3015e66c8) \Device\Harddisk0\DR0\Partition0
01:44:25.0701 3408 \Device\Harddisk0\DR0\Partition0 - ok
01:44:25.0701 3408 ============================================================
01:44:25.0701 3408 Scan finished
01:44:25.0701 3408 ============================================================
01:44:25.0701 3912 Detected object count: 0
01:44:25.0701 3912 Actual detected object count: 0

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 AM

Posted 11 October 2011 - 07:32 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ccyne

ccyne
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 11 October 2011 - 08:32 AM

OTL logfile created on: 10/11/2011 9:23:14 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\C Coyne\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:

1014.11 Mb Total Physical Memory | 687.57 Mb Available Physical Memory | 67.80% Memory free
2.38 Gb Paging File | 2.11 Gb Available in Paging File | 88.51% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.16 Gb Total Space | 1.46 Gb Free Space | 1.69% Space Free | Partition Type: NTFS

Computer Name: CHRIS | User Name: C Coyne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\C Coyne\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\lxdlcoms.exe ( )
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdlserv.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdldrpp.dll ()
MOD - C:\WINDOWS\system32\imgorpop.dll ()
MOD - C:\WINDOWS\system32\extiww32.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()


========== Win32 Services (SafeList) ==========

SRV - (VzFw) -- File not found
SRV - (S24EventMonitor) Intel® -- File not found
SRV - (mfevtp) -- File not found
SRV - (McProxy) -- File not found
SRV - (McNASvc) -- File not found
SRV - (McNaiAnn) -- File not found
SRV - (mcmscsvc) -- File not found
SRV - (McMPFSvc) -- File not found
SRV - (HidServ) -- File not found
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (lxdl_device) -- C:\WINDOWS\System32\lxdlcoms.exe ( )
SRV - (lxdlCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdlserv.exe ()
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe ()
SRV - (SonicStageMonitoring) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe ()
SRV - (MSSQL$VAIO_VEDB) -- C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe ()


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (SAVRKBootTasks) -- C:\WINDOWS\system32\SAVRKBootTasks.sys (Sophos Plc)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation)
DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (SI3132) -- C:\WINDOWS\system32\DRIVERS\SI3132.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-21-2224447418-400589747-12496642-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2224447418-400589747-12496642-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2224447418-400589747-12496642-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://forecast.weather.gov/MapClick.php?CityName=Lanexa&state=VA&site=AKQ&textField1=37.423&textField2=-76.9062&e=0
IE - HKU\S-1-5-21-2224447418-400589747-12496642-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2224447418-400589747-12496642-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\C Coyne\Local Settings\Application Data\Google\Chrome\Application\8.0.552.224\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\C Coyne\Local Settings\Application Data\Google\Chrome\Application\8.0.552.224\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\C Coyne\Local Settings\Application Data\Google\Chrome\Application\8.0.552.224\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U16 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\C Coyne\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/10/09 23:47:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110120114813.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKU\S-1-5-21-2224447418-400589747-12496642-1005\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2224447418-400589747-12496642-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-2224447418-400589747-12496642-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKU\S-1-5-21-2224447418-400589747-12496642-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ()
O4 - HKU\S-1-5-21-2224447418-400589747-12496642-1005..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\QuickBooks 2001 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2001.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2224447418-400589747-12496642-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2224447418-400589747-12496642-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2224447418-400589747-12496642-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2224447418-400589747-12496642-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} http://www3.authentium.com/cssrelease/bin/wizard.exe (CNavigationManager Object)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://cid-6aaa377c886dd77f.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} http://windsurfari.viewnetcam.com:50000/bl_camera.cab (Bl_camera Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF84C641-4254-46D0-998B-E9FCE72D4CDF}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O21 - SSODL: Dotehtab - {99B8B55A-B269-4C19-B046-09E16812E6CD} - C:\WINDOWS\system32\extiww32.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\C Coyne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\C Coyne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/14 08:59:32 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/11 09:15:58 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\C Coyne\Desktop\OTL.exe
[2011/10/11 01:43:03 | 001,558,832 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\C Coyne\Desktop\tdsskiller.exe
[2011/10/09 16:59:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/10/09 16:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/10/09 15:20:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/09 15:16:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/09 15:16:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/09 15:16:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/09 15:16:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/09 15:16:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/09 09:08:14 | 004,250,556 | R--- | C] (Swearware) -- C:\Documents and Settings\C Coyne\Desktop\ComboFix.exe
[2011/10/09 08:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\C Coyne\Desktop\DummyCreator
[2011/10/05 12:25:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\C Coyne\Desktop\gmer
[2011/10/05 12:20:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\C Coyne\Start Menu\Programs\Administrative Tools
[2011/10/04 12:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/10/04 12:08:23 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/15 08:17:16 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlhcp.dll
[2010/07/15 08:17:16 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlinpa.dll
[2010/07/15 08:17:15 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlserv.dll
[2010/07/15 08:17:15 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlusb1.dll
[2010/07/15 08:17:15 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdliesc.dll
[2010/07/15 08:17:15 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlprox.dll
[2010/07/15 08:17:14 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlpmui.dll
[2010/07/15 08:17:14 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdllmpm.dll
[2010/07/15 08:17:13 | 000,320,432 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlih.exe
[2010/07/15 08:17:12 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlhbn3.dll
[2010/07/15 08:17:10 | 000,598,960 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlcoms.exe
[2010/07/15 08:17:10 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlcomm.dll
[2010/07/15 08:17:09 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlcomc.dll
[2010/07/15 08:17:09 | 000,365,488 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdlcfg.exe
[26 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/11 09:16:00 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\C Coyne\Desktop\OTL.exe
[2011/10/11 01:43:14 | 001,558,832 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\C Coyne\Desktop\tdsskiller.exe
[2011/10/09 23:47:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/09 16:59:55 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/09 16:59:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/09 16:30:43 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2011/10/09 15:20:45 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/10/09 09:08:15 | 004,250,556 | R--- | M] (Swearware) -- C:\Documents and Settings\C Coyne\Desktop\ComboFix.exe
[2011/10/09 08:41:43 | 000,455,503 | ---- | M] () -- C:\Documents and Settings\C Coyne\Desktop\DummyCreator.zip
[2011/10/08 17:41:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/07 20:04:51 | 007,783,752 | ---- | M] () -- C:\Documents and Settings\C Coyne\Desktop\Lil Wayne - how to love.mp3
[2011/10/05 12:31:30 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\C Coyne\Desktop\gmer.zip
[2011/10/05 12:19:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\C Coyne\Desktop\dds.scr
[2011/10/05 12:17:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\C Coyne\defogger_reenable
[2011/10/05 12:16:47 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\C Coyne\Desktop\Defogger.exe
[2011/10/04 12:40:14 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/04 12:36:34 | 012,631,664 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\C Coyne\Desktop\SUPERAntiSpyware.exe
[2011/10/04 12:24:32 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/04 12:24:04 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/04 12:19:34 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\C Coyne\Desktop\uSeRiNiT.exe
[2011/10/04 12:14:54 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\C Coyne\Desktop\rkill1.com
[2011/10/04 11:53:25 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\C Coyne\Desktop\rkill.scr
[2011/10/04 11:44:51 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\C Coyne\Desktop\iExplore.exe
[2011/10/04 11:25:05 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\C Coyne\Desktop\rkill.com
[2011/10/04 11:14:13 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\C Coyne\Desktop\zztoy.exe
[2011/09/27 18:14:59 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[26 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/09 15:16:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/09 15:16:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/09 15:16:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/09 15:16:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/09 15:16:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/09 08:42:00 | 000,455,503 | ---- | C] () -- C:\Documents and Settings\C Coyne\Desktop\DummyCreator.zip
[2011/10/07 20:04:44 | 007,783,752 | ---- | C] () -- C:\Documents and Settings\C Coyne\Desktop\Lil Wayne - how to love.mp3
[2011/10/05 12:24:40 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\C Coyne\Desktop\gmer.zip
[2011/10/05 12:17:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\C Coyne\defogger_reenable
[2011/10/05 12:16:47 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\C Coyne\Desktop\Defogger.exe
[2011/10/04 12:40:14 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/04 12:19:33 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\C Coyne\Desktop\uSeRiNiT.exe
[2011/10/04 12:15:41 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\C Coyne\Desktop\rkill1.com
[2011/10/04 11:53:25 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\C Coyne\Desktop\rkill.scr
[2011/10/04 11:44:51 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\C Coyne\Desktop\iExplore.exe
[2011/10/04 11:25:19 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\C Coyne\Desktop\rkill.com
[2011/09/27 18:14:59 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/08/21 02:41:03 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Pgazisawanulam.dat
[2011/08/21 02:41:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lzabez.bin
[2011/08/21 02:35:50 | 000,003,036 | ---- | C] () -- C:\Documents and Settings\C Coyne\Application Data\B0C6.E9A
[2011/04/16 08:56:44 | 000,012,310 | -HS- | C] () -- C:\Documents and Settings\C Coyne\Local Settings\Application Data\h35k8p3sg6s8b474131b7567vkw503h8q4736
[2011/04/16 08:56:44 | 000,012,310 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\h35k8p3sg6s8b474131b7567vkw503h8q4736
[2011/02/12 14:03:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MIDI Patch Names
[2011/02/12 14:03:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Limiter
[2011/01/09 11:40:52 | 000,041,216 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/15 08:21:05 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdlvs.dll
[2010/07/15 08:20:53 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdlcoin.dll
[2010/07/15 08:19:16 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdldrs.dll
[2010/07/15 08:19:16 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdlcaps.dll
[2010/07/15 08:19:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdlcnv4.dll
[2010/07/15 08:17:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdlinst.dll
[2010/07/15 08:17:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdlgrd.dll
[2009/06/27 12:23:16 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/06/27 12:23:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\C Coyne\Application Data\Machines
[2009/02/05 18:46:02 | 000,003,511 | ---- | C] () -- C:\WINDOWS\System32\tblevmid.dll
[2009/02/05 16:25:31 | 000,231,424 | ---- | C] () -- C:\WINDOWS\System32\sapopxml.dll
[2007/02/14 12:16:50 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/01/07 21:12:05 | 000,000,808 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/12/20 13:27:41 | 000,001,758 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/08/18 09:45:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2006/08/18 09:45:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2006/08/18 09:45:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2006/08/17 17:13:52 | 000,007,102 | ---- | C] () -- C:\WINDOWS\Icoadb32.dat
[2006/07/08 21:44:26 | 000,013,874 | ---- | C] () -- C:\Documents and Settings\C Coyne\Application Data\wklnhst.dat
[2006/07/08 08:03:58 | 000,000,686 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2006/06/25 13:46:16 | 000,000,313 | ---- | C] () -- C:\WINDOWS\SysMech6.ini
[2006/06/24 19:42:38 | 000,001,771 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/06/24 19:42:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/06/24 19:21:46 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\C Coyne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/24 13:24:54 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\C Coyne\Local Settings\Application Data\fusioncache.dat
[2006/03/29 17:13:07 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2006/03/29 17:01:13 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/03/29 16:58:56 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/03/29 16:58:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/03/29 16:58:14 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/03/29 16:58:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/03/29 16:58:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/03/29 16:58:14 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/03/29 16:58:14 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/03/29 16:57:43 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/03/29 16:51:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/17 20:55:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/16 18:43:52 | 000,610,304 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2006/03/16 15:45:15 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/16 15:24:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/03/15 21:47:56 | 000,000,033 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2006/03/15 21:23:59 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/15 21:19:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/03/15 21:12:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/03/15 19:57:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/15 19:56:49 | 000,000,758 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/03/15 19:56:01 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/15 19:55:58 | 000,463,768 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/15 19:55:58 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/15 19:55:58 | 000,080,526 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/15 19:55:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/15 19:55:58 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/03/15 19:55:56 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/03/15 19:55:56 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/03/15 19:55:51 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/15 19:55:51 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/15 19:55:49 | 006,238,208 | ---- | C] () -- C:\WINDOWS\System32\errevmat.exe
[2006/03/15 19:55:49 | 001,261,568 | ---- | C] () -- C:\WINDOWS\System32\imgorpop.dll
[2006/03/15 19:55:49 | 000,839,680 | ---- | C] () -- C:\WINDOWS\System32\extiww32.dll
[2006/03/15 19:55:49 | 000,803,691 | ---- | C] () -- C:\WINDOWS\System32\matipcat32.dll
[2006/03/15 19:55:49 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\kerohsec.dll
[2006/03/15 19:55:45 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/15 19:55:45 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\dwwin.exe
[2006/03/15 19:55:40 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/15 13:04:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/03/15 13:03:35 | 000,206,512 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/01/25 16:15:38 | 000,046,345 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2005/11/01 21:53:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 18:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/12 16:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 AM

Posted 11 October 2011 - 08:51 AM

Hello

I want you to run this custem OTL script for me and then let me know how things are after you finish.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    IE - HKU\.DEFAULT\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - No CLSID value found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O2 - BHO: (no name) - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
    O3 - HKU\S-1-5-21-2224447418-400589747-12496642-1005\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-2224447418-400589747-12496642-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKU\S-1-5-21-2224447418-400589747-12496642-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    [2011/04/16 08:56:44 | 000,012,310 | -HS- | C] () -- C:\Documents and Settings\C Coyne\Local Settings\Application Data\h35k8p3sg6s8b474131b7567vkw503h8q4736
    [2011/04/16 08:56:44 | 000,012,310 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\h35k8p3sg6s8b474131b7567vkw503h8q4736
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ccyne

ccyne
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 11 October 2011 - 09:07 AM

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C7195F6-D788-4D50-BA72-2EE212EDAC78}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C7195F6-D788-4D50-BA72-2EE212EDAC78}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2C0A5F28-48D8-408B-9172-9C6121025BCE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C0A5F28-48D8-408B-9172-9C6121025BCE}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
Registry value HKEY_USERS\S-1-5-21-2224447418-400589747-12496642-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2224447418-400589747-12496642-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-2224447418-400589747-12496642-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
C:\Documents and Settings\C Coyne\Local Settings\Application Data\h35k8p3sg6s8b474131b7567vkw503h8q4736 moved successfully.
C:\Documents and Settings\All Users\Application Data\h35k8p3sg6s8b474131b7567vkw503h8q4736 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\C Coyne\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\C Coyne\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: C Coyne
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 35818409 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6336465 bytes
->Flash cache emptied: 1781108 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 12237841 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 78991 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 54.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: C Coyne
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.29.1 log created on 10112011_100002

Files\Folders moved on Reboot...
C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\Content.IE5\U3PL3AJL\page__gopid__2437017[1].txt moved successfully.
C:\Documents and Settings\C Coyne\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 AM

Posted 11 October 2011 - 09:41 AM

How are things doing now?

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 ccyne

ccyne
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 11 October 2011 - 09:48 AM

Seems alot better. Startup is fast again, no weird redirects. The machine is even running cooler, cpu fan isn't working overtime anymore.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users