Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown links appearing in firefox history, popups


  • This topic is locked This topic is locked
27 replies to this topic

#1 bellavida

bellavida

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 15 October 2011 - 08:32 AM

Everytime I open firefox, before I even begin to browse, these links show up in my history:


hxxp://my.trusted-content.com/tbc.html?zoneid=10261
hxxp://m.kr10a.com/mambo?srcid=Ivory-ado2
hxxp://b.hk121b.com/bingo?srcid=Ivory-ado2
hxxp://m.l0phtme.com/adam?srcid=Ivory-ado2
hxxp://i.l0phtme.com/ivory?srcid=ado2

I also get a popup at certain times and it is something regarding feed.tracking.analytics and other random popups that it says my Vipre Antivirus has restricted from opening.

I posted this http://www.bleepingcomputer.com/forums/topic422784.html/page__p__2435909__fromsearch__1#entry2435909 and since the links are still appearing, I was instructed to post DDS and GMER here.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by bella at 8:11:14 on 2011-10-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.415 [GMT -5:00]
.
AV: Sunbelt VIPRE *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Sunbelt VIPRE *Enabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\bella\Desktop\software\Defogger.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT3007394
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe"
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Free YouTube Download - c:\documents and settings\bella\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\bella\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
TCP: Interfaces\{BFE6EFF4-210E-4310-84AF-54896C0599BF} : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bella\application data\mozilla\firefox\profiles\d1dpmlwb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke Bar Customized Web Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\bella\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\photodex presenter\npPxPlay.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extentions.y2layers.installId - 77fa15f7-d222-4129-a1c2-33af06cea9af
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,DropDownDeals,
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-1-11 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2011-6-29 21592]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-6-29 332248]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 101720]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-6-29 212568]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2011-5-11 2804280]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-6-29 74968]
R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2011-5-11 181584]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2011-6-29 69208]
S0 cerc6;cerc6; [x]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys --> c:\windows\system32\drivers\nielprt.sys [?]
S2 srv720;srv720;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 CEUSBAudioSrv;CEntrance USB Audio Driver Service;c:\windows\system32\drivers\ceusbaud.sys [2010-9-4 104520]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-4-4 16968]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; [x]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-7-15 35088]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2011-6-29 69208]
S3 SbHips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-6-29 94040]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-8-9 123112]
S3 TuneConvertAudio;TuneConvertAudio;c:\windows\system32\drivers\TuneConvertAudio.sys [2010-10-17 23608]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\vmuvc.sys --> c:\windows\system32\drivers\VMUVC.sys [?]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftuvc.sys --> c:\windows\system32\drivers\vvftUVC.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-10-13 01:08:42 -------- d-----w- c:\documents and settings\bella\local settings\application data\TVU Networks
2011-10-13 01:08:42 -------- d-----w- c:\documents and settings\all users\application data\TVU Networks
2011-10-13 01:08:39 -------- d-----w- c:\documents and settings\bella\LocalLow
2011-10-13 01:08:10 -------- d-----w- c:\windows\system32\TVUAx
2011-10-11 13:49:29 -------- d-----w- c:\documents and settings\bella\application data\SUPERAntiSpyware.com
2011-10-11 13:48:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-11 13:48:58 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-10-07 11:00:27 388096 ----a-r- c:\documents and settings\bella\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-10-07 11:00:26 -------- d-----w- c:\program files\Trend Micro
2011-10-07 10:48:17 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-07 10:48:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-01 05:59:27 -------- d-----w- c:\documents and settings\bella\application data\LucasArts
2011-09-30 13:51:59 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2011-09-25 05:51:35 -------- d-----w- c:\program files\Yontoo Layers Runtime
.
==================== Find3M ====================
.
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 06:22:01 45056 ----a-w- c:\windows\ssunstl.exe
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ------w- c:\windows\system32\win32k.sys
2011-08-27 20:24:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ------w- c:\windows\system32\drivers\afd.sys
2011-07-15 13:29:31 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
.
============= FINISH: 8:12:40.67 ===============


Thank you in advance!

Attached Files


Edited by Orange Blossom, 15 October 2011 - 01:03 PM.
Deactivated links. ~ OB


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:27 AM

Posted 20 October 2011 - 08:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/423600 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 bellavida

bellavida
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 20 October 2011 - 01:54 PM

In addition to these links in the history: http ://i.l0phtme.com/ivory?srcid=ado2
http ://m.l0phtme.com/adam?srcid=Ivory-ado2
http ://m.kr10a.com/mambo?srcid=Ivory-ado2
http ://b.hk121b.com/bingo?srcid=Ivory-ado2
http ://my.trusted-content.com/tbc.html?zoneid=10261
a new link has appeared: http ://storage.conduit.com/MarketPlace/1e/0c/1ec55dac-8dca-406b-9697-5d68893c1c0c//63a0f902-207e-4f97-b38d-e6a54c1e5aca.html

The popups are still happening and the internet takes a long time to load; at startup and while browsing as well. Firefox takes up more cpu usage than usual. Also, audio/and or video playback is skipping, choppy, and has a distorted warbling sound.

DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by bella at 11:41:08 on 2011-10-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.673 [GMT -5:00]
.
AV: Sunbelt VIPRE *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Sunbelt VIPRE *Disabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT3007394
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Free YouTube Download - c:\documents and settings\bella\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\bella\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
TCP: Interfaces\{BFE6EFF4-210E-4310-84AF-54896C0599BF} : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bella\application data\mozilla\firefox\profiles\d1dpmlwb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke Bar Customized Web Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\bella\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\photodex presenter\npPxPlay.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extentions.y2layers.installId - 77fa15f7-d222-4129-a1c2-33af06cea9af
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,DropDownDeals,
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-1-11 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2011-6-29 21592]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-6-29 332248]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-6-29 212568]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-6-29 74968]
R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2011-5-11 181584]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2011-6-29 69208]
S0 cerc6;cerc6; [x]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys --> c:\windows\system32\drivers\nielprt.sys [?]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 101720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2011-5-11 2804280]
S2 srv720;srv720;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 CEUSBAudioSrv;CEntrance USB Audio Driver Service;c:\windows\system32\drivers\ceusbaud.sys [2010-9-4 104520]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-4-4 16968]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; [x]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-7-15 35088]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2011-6-29 69208]
S3 SbHips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-6-29 94040]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-8-9 123112]
S3 TuneConvertAudio;TuneConvertAudio;c:\windows\system32\drivers\TuneConvertAudio.sys [2010-10-17 23608]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\vmuvc.sys --> c:\windows\system32\drivers\VMUVC.sys [?]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftuvc.sys --> c:\windows\system32\drivers\vvftUVC.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
.
=============== Created Last 30 ================
.
2011-10-20 16:20:54 -------- d-----w- C:\Ignitedgames
2011-10-17 01:07:06 -------- d-----w- c:\documents and settings\bella\application data\WindSolutions
2011-10-17 01:07:05 -------- d-----w- c:\documents and settings\all users\application data\WindSolutions
2011-10-16 03:53:41 -------- d-----w- c:\program files\iPod
2011-10-13 01:08:42 -------- d-----w- c:\documents and settings\bella\local settings\application data\TVU Networks
2011-10-13 01:08:42 -------- d-----w- c:\documents and settings\all users\application data\TVU Networks
2011-10-13 01:08:39 -------- d-----w- c:\documents and settings\bella\LocalLow
2011-10-13 01:08:10 -------- d-----w- c:\windows\system32\TVUAx
2011-10-11 13:49:29 -------- d-----w- c:\documents and settings\bella\application data\SUPERAntiSpyware.com
2011-10-11 13:48:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-11 13:48:58 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-10-07 11:00:27 388096 ----a-r- c:\documents and settings\bella\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-10-07 11:00:26 -------- d-----w- c:\program files\Trend Micro
2011-10-07 10:48:17 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-07 10:48:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-01 05:59:27 -------- d-----w- c:\documents and settings\bella\application data\LucasArts
2011-09-30 13:51:59 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2011-09-25 05:51:35 -------- d-----w- c:\program files\Yontoo Layers Runtime
.
==================== Find3M ====================
.
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 06:22:01 45056 ----a-w- c:\windows\ssunstl.exe
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ------w- c:\windows\system32\win32k.sys
2011-08-31 04:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 04:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 04:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 04:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-27 20:24:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ------w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 11:42:30.96 ===============

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:27 AM

Posted 21 October 2011 - 12:35 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 bellavida

bellavida
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 21 October 2011 - 08:16 AM

Thank you very much for your help Gringo!

ComboFix 11-10-20.08 - bella 10/21/2011 7:48.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.534 [GMT -5:00]
Running from: c:\documents and settings\bella\Desktop\software\ComboFix.exe
AV: Sunbelt VIPRE *Disabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Sunbelt VIPRE *Disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\BELLA\LOCALS~1\Temp\swtlib-32\swt-gdip-win32-3650.dll
c:\docume~1\BELLA\LOCALS~1\Temp\swtlib-32\swt-win32-3650.dll
c:\documents and settings\bella\Local Settings\Temp\swtlib-32\swt-gdip-win32-3650.dll
c:\documents and settings\bella\Local Settings\Temp\swtlib-32\swt-win32-3650.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-09-21 to 2011-10-21 )))))))))))))))))))))))))))))))
.
.
2011-10-21 12:36 . 2011-10-21 12:36 -------- d-----w- c:\documents and settings\bella\.swt
2011-10-20 16:51 . 2011-06-08 04:08 4825776 ----a-w- c:\windows\system32\GameMon.des
2011-10-20 16:51 . 2004-12-30 12:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2011-10-20 16:51 . 2003-07-15 21:17 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2011-10-20 16:51 . 2011-10-20 16:51 -------- d-----w- c:\program files\Common Files\INCA Shared
2011-10-20 16:20 . 2011-10-20 16:20 -------- d-----w- C:\Ignitedgames
2011-10-20 03:50 . 2011-10-20 03:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-10-17 01:07 . 2011-10-17 01:12 -------- d-----w- c:\documents and settings\bella\Application Data\WindSolutions
2011-10-17 01:07 . 2011-10-17 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions
2011-10-16 03:53 . 2011-10-16 03:53 -------- d-----w- c:\program files\iPod
2011-10-16 03:44 . 2011-10-16 03:44 -------- d-----w- c:\program files\Apple Software Update
2011-10-16 03:42 . 2011-10-16 03:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-10-13 01:08 . 2011-10-13 01:08 -------- d-----w- c:\documents and settings\bella\Local Settings\Application Data\TVU Networks
2011-10-13 01:08 . 2011-10-13 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2011-10-13 01:08 . 2011-10-13 01:08 -------- d-----w- c:\documents and settings\bella\LocalLow
2011-10-13 01:08 . 2011-10-13 01:08 -------- d-----w- c:\windows\system32\TVUAx
2011-10-11 13:49 . 2011-10-11 13:49 -------- d-----w- c:\documents and settings\bella\Application Data\SUPERAntiSpyware.com
2011-10-11 13:48 . 2011-10-11 13:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-11 13:48 . 2011-10-11 13:48 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-10-07 11:00 . 2011-10-07 11:00 388096 ----a-r- c:\documents and settings\bella\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-07 11:00 . 2011-10-07 11:00 -------- d-----w- c:\program files\Trend Micro
2011-10-07 10:48 . 2011-10-07 10:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-07 10:48 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-01 05:59 . 2011-10-01 05:59 -------- d-----w- c:\documents and settings\bella\Application Data\LucasArts
2011-09-30 13:51 . 2008-07-30 11:20 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2011-09-30 13:15 . 2011-09-30 13:15 -------- d-----w- c:\program files\Recuva
2011-09-25 05:51 . 2011-09-26 21:58 -------- d-----w- c:\program files\Yontoo Layers Runtime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 16:41 . 2010-03-18 15:09 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2008-04-14 07:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2008-04-14 07:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 06:22 . 2011-09-13 06:22 45056 ----a-w- c:\windows\ssunstl.exe
2011-09-09 09:12 . 2008-04-14 07:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2008-04-14 07:00 1858944 ------w- c:\windows\system32\win32k.sys
2011-08-31 04:05 . 2011-08-31 04:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 04:05 . 2011-08-31 04:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 04:05 . 2011-08-31 04:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 04:05 . 2011-08-31 04:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-27 20:24 . 2011-08-27 20:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-22 23:48 . 2008-04-14 07:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2008-04-14 07:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2008-04-14 07:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2008-04-14 07:00 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2008-04-14 07:00 138496 ------w- c:\windows\system32\drivers\afd.sys
2011-10-10 13:18 . 2011-03-24 14:34 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU"="c:\program files\Atheros\ACU.exe" [2006-08-10 344187]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-05-11 1353040]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-11-24 15:36 73728 ------w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv720]
@="service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^bella^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\bella\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service]
2010-06-26 17:09 167936 ----a-w- c:\program files\Freecorder\FLVSrvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-04-05 17:21 77824 ------w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 23:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 20:14 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2011-05-22 14:52 107000 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2010-08-09 10:03 389352 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 18:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"YahooAUService"=2 (0x2)
"SbieSvc"=2 (0x2)
"RichVideo"=2 (0x2)
"ScsiAccess"=2 (0x2)
"!SASCORE"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56332:TCP"= 56332:TCP:Pando Media Booster
"56332:UDP"= 56332:UDP:Pando Media Booster
"58342:TCP"= 58342:TCP:Pando Media Booster
"58342:UDP"= 58342:UDP:Pando Media Booster
"67:UDP"= 67:UDP:DHCP Server
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/11/2011 12:28 PM 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [6/29/2011 8:58 AM 21592]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [6/29/2011 8:40 AM 332248]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [6/29/2011 8:40 AM 212568]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [6/29/2011 8:58 AM 74968]
R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [5/11/2011 4:54 PM 181584]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [6/29/2011 8:40 AM 69208]
S0 cerc6;cerc6; [x]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [4/29/2011 2:15 PM 101720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [5/11/2011 4:54 PM 2804280]
S2 srv720;srv720;c:\windows\system32\svchost.exe -k netsvcs [4/14/2008 2:00 AM 14336]
S3 CEUSBAudioSrv;CEntrance USB Audio Driver Service;c:\windows\system32\drivers\ceusbaud.sys [9/4/2010 6:03 PM 104520]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [4/4/2011 6:04 PM 16968]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; [x]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [7/15/2010 7:45 PM 35088]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [6/29/2011 8:40 AM 69208]
S3 SbHips;sbhips;c:\windows\system32\drivers\sbhips.sys [6/29/2011 8:40 AM 94040]
S3 TuneConvertAudio;TuneConvertAudio;c:\windows\system32\drivers\TuneConvertAudio.sys [10/17/2010 12:57 PM 23608]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys --> c:\windows\system32\Drivers\VMUVC.sys [?]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys --> c:\windows\system32\drivers\vvftUVC.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/10/2011 2:08 PM 685816]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
srv720
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2011-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1614895754-1417001333-1004Core.job
- c:\documents and settings\bella\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-03 16:19]
.
2011-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1614895754-1417001333-1004UA.job
- c:\documents and settings\bella\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-03 16:19]
.
2011-10-17 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-09-11 15:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT3007394
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Free YouTube Download - c:\documents and settings\bella\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\bella\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
FF - ProfilePath - c:\documents and settings\bella\Application Data\Mozilla\Firefox\Profiles\d1dpmlwb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke Bar Customized Web Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extentions.y2layers.installId - 77fa15f7-d222-4129-a1c2-33af06cea9af
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,DropDownDeals,
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Fjukuyocadisay - c:\windows\itufowasilarefo.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-21 08:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\srv720]
"servicedll"="\\?\globalroot\Device\HarddiskVolume1\DOCUME~1\BELLA\LOCALS~1\Temp\srv720.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1801674531-1614895754-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{24B2B735-7673-B09D-99CD-723B2BD55AEB}*]
"hageaokhkgijhbll"=hex:6a,61,6c,66,70,64,6b,65,67,64,67,6e,67,68,6d,6e,61,64,
67,6e,00,42
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\0a\05\15\0c$\1d"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1056)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\VESWinlogon.dll
.
Completion time: 2011-10-21 08:05:37
ComboFix-quarantined-files.txt 2011-10-21 13:05
.
Pre-Run: 16,307,159,040 bytes free
Post-Run: 16,331,513,856 bytes free
.
Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 8A0EE87A0DBD732A8CD8BB8BFD869BC6


Combofix did give a pev.3XE error and it said click to terminate but ran anyway. The links are still appearing in firefox and internet and other programs are still loading slowly.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:27 AM

Posted 21 October 2011 - 08:35 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\Yontoo Layers Runtime
c:\program files\Freecorder

DDS::
uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT3007394


Firefox::
FF - ProfilePath - c:\documents and settings\bella\Application Data\Mozilla\Firefox\Profiles\d1dpmlwb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke Bar Customized Web Search


RegNull::
[HKEY_USERS\S-1-5-21-1801674531-1614895754-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{24B2B735-7673-B09D-99CD-723B2BD55AEB}*]


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 bellavida

bellavida
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 21 October 2011 - 01:17 PM

ComboFix 11-10-20.08 - bella 10/21/2011 12:50:02.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.467 [GMT -5:00]
Running from: c:\documents and settings\bella\Desktop\software\ComboFix.exe
Command switches used :: c:\documents and settings\bella\Desktop\CFScript.txt
AV: Sunbelt VIPRE *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Sunbelt VIPRE *Disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Freecorder
c:\program files\Freecorder\audgopher.dll
c:\program files\Freecorder\audhook.dll
c:\program files\Freecorder\FCAudio.exe
c:\program files\Freecorder\FCConv.exe
c:\program files\Freecorder\FCSettings.exe
c:\program files\Freecorder\FCVideos.exe
c:\program files\Freecorder\ffmpeg.exe
c:\program files\Freecorder\FLVPlayer.exe
c:\program files\Freecorder\FLVSrvc.exe
c:\program files\Freecorder\freecorder.exe
c:\program files\Freecorder\Freecorder.xpi
c:\program files\Freecorder\lame_enc.dll
c:\program files\Freecorder\sdl.dll
c:\program files\Freecorder\Uninstall\IRIMG1.JPG
c:\program files\Freecorder\Uninstall\IRIMG2.JPG
c:\program files\Freecorder\Uninstall\uninstall.dat
c:\program files\Freecorder\Uninstall\uninstall.xml
c:\program files\Freecorder\VistaAudioLib.dll
c:\program files\Yontoo Layers Runtime
.
.
((((((((((((((((((((((((( Files Created from 2011-09-21 to 2011-10-21 )))))))))))))))))))))))))))))))
.
.
2011-10-21 12:36 . 2011-10-21 12:36 -------- d-----w- c:\documents and settings\bella\.swt
2011-10-20 16:51 . 2011-06-08 04:08 4825776 ----a-w- c:\windows\system32\GameMon.des
2011-10-20 16:51 . 2004-12-30 12:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2011-10-20 16:51 . 2003-07-15 21:17 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2011-10-20 16:51 . 2011-10-20 16:51 -------- d-----w- c:\program files\Common Files\INCA Shared
2011-10-20 16:20 . 2011-10-20 16:20 -------- d-----w- C:\Ignitedgames
2011-10-20 03:50 . 2011-10-20 03:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-10-17 01:07 . 2011-10-17 01:12 -------- d-----w- c:\documents and settings\bella\Application Data\WindSolutions
2011-10-17 01:07 . 2011-10-17 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions
2011-10-16 03:53 . 2011-10-16 03:53 -------- d-----w- c:\program files\iPod
2011-10-16 03:44 . 2011-10-16 03:44 -------- d-----w- c:\program files\Apple Software Update
2011-10-16 03:42 . 2011-10-16 03:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-10-13 01:08 . 2011-10-13 01:08 -------- d-----w- c:\documents and settings\bella\Local Settings\Application Data\TVU Networks
2011-10-13 01:08 . 2011-10-13 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2011-10-13 01:08 . 2011-10-13 01:08 -------- d-----w- c:\documents and settings\bella\LocalLow
2011-10-13 01:08 . 2011-10-13 01:08 -------- d-----w- c:\windows\system32\TVUAx
2011-10-11 13:49 . 2011-10-11 13:49 -------- d-----w- c:\documents and settings\bella\Application Data\SUPERAntiSpyware.com
2011-10-11 13:48 . 2011-10-11 13:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-11 13:48 . 2011-10-11 13:48 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-10-07 11:00 . 2011-10-07 11:00 388096 ----a-r- c:\documents and settings\bella\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-07 11:00 . 2011-10-07 11:00 -------- d-----w- c:\program files\Trend Micro
2011-10-07 10:48 . 2011-10-07 10:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-07 10:48 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-01 05:59 . 2011-10-01 05:59 -------- d-----w- c:\documents and settings\bella\Application Data\LucasArts
2011-09-30 13:51 . 2008-07-30 11:20 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2011-09-30 13:15 . 2011-09-30 13:15 -------- d-----w- c:\program files\Recuva
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 16:41 . 2010-03-18 15:09 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2008-04-14 07:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2008-04-14 07:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 06:22 . 2011-09-13 06:22 45056 ----a-w- c:\windows\ssunstl.exe
2011-09-09 09:12 . 2008-04-14 07:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2008-04-14 07:00 1858944 ------w- c:\windows\system32\win32k.sys
2011-08-31 04:05 . 2011-08-31 04:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 04:05 . 2011-08-31 04:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 04:05 . 2011-08-31 04:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 04:05 . 2011-08-31 04:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-27 20:24 . 2011-08-27 20:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-22 23:48 . 2008-04-14 07:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2008-04-14 07:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2008-04-14 07:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2008-04-14 07:00 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2008-04-14 07:00 138496 ------w- c:\windows\system32\drivers\afd.sys
2011-10-10 13:18 . 2011-03-24 14:34 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU"="c:\program files\Atheros\ACU.exe" [2006-08-10 344187]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-05-11 1353040]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-11-24 15:36 73728 ------w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv720]
@="service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^bella^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\bella\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-04-05 17:21 77824 ------w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 23:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 20:14 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2011-05-22 14:52 107000 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2010-08-09 10:03 389352 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 18:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"YahooAUService"=2 (0x2)
"SbieSvc"=2 (0x2)
"RichVideo"=2 (0x2)
"ScsiAccess"=2 (0x2)
"!SASCORE"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56332:TCP"= 56332:TCP:Pando Media Booster
"56332:UDP"= 56332:UDP:Pando Media Booster
"58342:TCP"= 58342:TCP:Pando Media Booster
"58342:UDP"= 58342:UDP:Pando Media Booster
"67:UDP"= 67:UDP:DHCP Server
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/11/2011 12:28 PM 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [6/29/2011 8:58 AM 21592]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [6/29/2011 8:40 AM 332248]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [6/29/2011 8:40 AM 212568]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [6/29/2011 8:58 AM 74968]
R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [5/11/2011 4:54 PM 181584]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [6/29/2011 8:40 AM 69208]
S0 cerc6;cerc6; [x]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [4/29/2011 2:15 PM 101720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [5/11/2011 4:54 PM 2804280]
S2 srv720;srv720;c:\windows\system32\svchost.exe -k netsvcs [4/14/2008 2:00 AM 14336]
S3 CEUSBAudioSrv;CEntrance USB Audio Driver Service;c:\windows\system32\drivers\ceusbaud.sys [9/4/2010 6:03 PM 104520]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [4/4/2011 6:04 PM 16968]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; [x]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [7/15/2010 7:45 PM 35088]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [6/29/2011 8:40 AM 69208]
S3 SbHips;sbhips;c:\windows\system32\drivers\sbhips.sys [6/29/2011 8:40 AM 94040]
S3 TuneConvertAudio;TuneConvertAudio;c:\windows\system32\drivers\TuneConvertAudio.sys [10/17/2010 12:57 PM 23608]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys --> c:\windows\system32\Drivers\VMUVC.sys [?]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys --> c:\windows\system32\drivers\vvftUVC.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/10/2011 2:08 PM 685816]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
srv720
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2011-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1614895754-1417001333-1004Core.job
- c:\documents and settings\bella\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-03 16:19]
.
2011-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1614895754-1417001333-1004UA.job
- c:\documents and settings\bella\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-03 16:19]
.
2011-10-17 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-09-11 15:22]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Free YouTube Download - c:\documents and settings\bella\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\bella\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
FF - ProfilePath - c:\documents and settings\bella\Application Data\Mozilla\Firefox\Profiles\d1dpmlwb.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extentions.y2layers.installId - 77fa15f7-d222-4129-a1c2-33af06cea9af
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,DropDownDeals,
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-21 13:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\srv720]
"servicedll"="\\?\globalroot\Device\HarddiskVolume1\DOCUME~1\BELLA\LOCALS~1\Temp\srv720.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\0a\05\15\0c$\1d"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1056)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\VESWinlogon.dll
.
Completion time: 2011-10-21 13:06:45
ComboFix-quarantined-files.txt 2011-10-21 18:06
ComboFix2.txt 2011-10-21 13:05
.
Pre-Run: 16,351,899,648 bytes free
Post-Run: 16,331,087,872 bytes free
.
Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - CEFBBB7041FDAF5EC933FB58249D7D83

The links are still there and the comp is still running slow. Is there anything else that could be causing these links?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:27 AM

Posted 21 October 2011 - 01:34 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 bellavida

bellavida
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 21 October 2011 - 07:22 PM

19:16:27.0906 5336 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48
19:16:29.0921 5336 ============================================================
19:16:29.0921 5336 Current date / time: 2011/10/21 19:16:29.0921
19:16:29.0921 5336 SystemInfo:
19:16:29.0921 5336
19:16:29.0921 5336 OS Version: 5.1.2600 ServicePack: 3.0
19:16:29.0921 5336 Product type: Workstation
19:16:29.0921 5336 ComputerName: BELLA
19:16:29.0921 5336 UserName: bella
19:16:29.0921 5336 Windows directory: C:\WINDOWS
19:16:29.0921 5336 System windows directory: C:\WINDOWS
19:16:29.0921 5336 Processor architecture: Intel x86
19:16:29.0921 5336 Number of processors: 2
19:16:29.0921 5336 Page size: 0x1000
19:16:29.0921 5336 Boot type: Normal boot
19:16:29.0921 5336 ============================================================
19:16:38.0437 5336 Initialize success
19:17:01.0468 4708 ============================================================
19:17:01.0468 4708 Scan started
19:17:01.0468 4708 Mode: Manual;
19:17:01.0468 4708 ============================================================
19:17:15.0453 4708 Abiosdsk - ok
19:17:15.0937 4708 abp480n5 - ok
19:17:16.0421 4708 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:17:16.0515 4708 ACPI - ok
19:17:16.0921 4708 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:17:16.0968 4708 ACPIEC - ok
19:17:17.0281 4708 adpu160m - ok
19:17:17.0781 4708 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:17:17.0937 4708 aec - ok
19:17:18.0812 4708 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:17:18.0968 4708 AFD - ok
19:17:19.0421 4708 Aha154x - ok
19:17:19.0937 4708 aic78u2 - ok
19:17:20.0515 4708 aic78xx - ok
19:17:21.0078 4708 AliIde - ok
19:17:21.0468 4708 amsint - ok
19:17:22.0078 4708 AR5211 (2af8814f1063e05661c319dba6b733ec) C:\WINDOWS\system32\DRIVERS\ar5211.sys
19:17:22.0375 4708 AR5211 - ok
19:17:22.0875 4708 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:17:22.0937 4708 Arp1394 - ok
19:17:23.0421 4708 asc - ok
19:17:23.0875 4708 asc3350p - ok
19:17:24.0359 4708 asc3550 - ok
19:17:25.0000 4708 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:17:25.0062 4708 AsyncMac - ok
19:17:25.0812 4708 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:17:25.0859 4708 atapi - ok
19:17:26.0312 4708 Atdisk - ok
19:17:26.0968 4708 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:17:27.0046 4708 Atmarpc - ok
19:17:27.0640 4708 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:17:27.0718 4708 audstub - ok
19:17:28.0093 4708 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:17:28.0125 4708 Beep - ok
19:17:28.0359 4708 catchme - ok
19:17:28.0781 4708 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:17:28.0812 4708 cbidf2k - ok
19:17:29.0203 4708 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:17:29.0234 4708 CCDECODE - ok
19:17:29.0578 4708 cd20xrnt - ok
19:17:30.0046 4708 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:17:30.0140 4708 Cdaudio - ok
19:17:30.0843 4708 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:17:30.0984 4708 Cdfs - ok
19:17:31.0656 4708 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:17:31.0750 4708 Cdrom - ok
19:17:32.0218 4708 cerc6 - ok
19:17:32.0968 4708 CEUSBAudioSrv (11ec1ce00fa8e90e6e5194dedf688663) C:\WINDOWS\system32\drivers\ceusbaud.sys
19:17:33.0578 4708 CEUSBAudioSrv - ok
19:17:33.0953 4708 Changer - ok
19:17:34.0375 4708 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:17:34.0406 4708 CmBatt - ok
19:17:34.0734 4708 CmdIde - ok
19:17:35.0078 4708 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:17:35.0109 4708 Compbatt - ok
19:17:35.0500 4708 Cpqarray - ok
19:17:36.0015 4708 dac2w2k - ok
19:17:36.0453 4708 dac960nt - ok
19:17:37.0109 4708 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:17:37.0218 4708 Disk - ok
19:17:38.0453 4708 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:17:39.0000 4708 dmboot - ok
19:17:39.0421 4708 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
19:17:39.0437 4708 DMICall - ok
19:17:39.0890 4708 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:17:40.0000 4708 dmio - ok
19:17:40.0359 4708 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:17:40.0390 4708 dmload - ok
19:17:40.0921 4708 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:17:41.0078 4708 DMusic - ok
19:17:41.0593 4708 dpti2o - ok
19:17:42.0203 4708 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:17:42.0250 4708 drmkaud - ok
19:17:42.0796 4708 EagleNT - ok
19:17:43.0156 4708 EagleXNt - ok
19:17:43.0640 4708 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:17:43.0734 4708 Fastfat - ok
19:17:44.0093 4708 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
19:17:44.0140 4708 Fdc - ok
19:17:44.0546 4708 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:17:44.0593 4708 Fips - ok
19:17:45.0218 4708 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:17:45.0296 4708 Flpydisk - ok
19:17:46.0000 4708 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:17:46.0109 4708 FltMgr - ok
19:17:46.0640 4708 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:17:46.0718 4708 Fs_Rec - ok
19:17:47.0343 4708 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:17:47.0484 4708 Ftdisk - ok
19:17:48.0093 4708 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:17:48.0234 4708 GEARAspiWDM - ok
19:17:48.0828 4708 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:17:48.0937 4708 Gpc - ok
19:17:49.0421 4708 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:17:49.0500 4708 HDAudBus - ok
19:17:49.0890 4708 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:17:49.0921 4708 hidusb - ok
19:17:50.0375 4708 hitmanpro35 (30b90793a568281bef70fa57dde305a2) C:\WINDOWS\system32\drivers\hitmanpro35.sys
19:17:50.0421 4708 hitmanpro35 - ok
19:17:50.0750 4708 hpn - ok
19:17:51.0453 4708 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:17:51.0656 4708 HTTP - ok
19:17:52.0125 4708 i2omgmt - ok
19:17:52.0625 4708 i2omp - ok
19:17:53.0265 4708 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:17:53.0468 4708 i8042prt - ok
19:17:54.0703 4708 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:17:55.0390 4708 ialm - ok
19:17:55.0828 4708 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:17:55.0875 4708 Imapi - ok
19:17:56.0234 4708 ini910u - ok
19:17:59.0187 4708 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:18:01.0343 4708 IntcAzAudAddService - ok
19:18:01.0843 4708 IntelIde - ok
19:18:02.0375 4708 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:18:02.0437 4708 intelppm - ok
19:18:03.0031 4708 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:18:03.0156 4708 Ip6Fw - ok
19:18:03.0781 4708 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:18:03.0968 4708 IpFilterDriver - ok
19:18:04.0546 4708 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:18:04.0640 4708 IpInIp - ok
19:18:05.0125 4708 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:18:05.0203 4708 IpNat - ok
19:18:05.0625 4708 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:18:05.0687 4708 IPSec - ok
19:18:06.0062 4708 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:18:06.0109 4708 IRENUM - ok
19:18:06.0515 4708 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:18:06.0578 4708 isapnp - ok
19:18:07.0125 4708 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:18:07.0203 4708 Kbdclass - ok
19:18:07.0859 4708 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:18:08.0062 4708 kmixer - ok
19:18:08.0703 4708 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:18:08.0796 4708 KSecDD - ok
19:18:09.0343 4708 Lavasoft Kernexplorer - ok
19:18:09.0812 4708 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
19:18:09.0859 4708 Lbd - ok
19:18:10.0203 4708 lbrtfdc - ok
19:18:10.0718 4708 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
19:18:10.0765 4708 LVUSBSta - ok
19:18:11.0265 4708 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
19:18:11.0562 4708 MarvinBus - ok
19:18:12.0281 4708 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
19:18:12.0437 4708 mcdbus - ok
19:18:12.0906 4708 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:18:12.0968 4708 mnmdd - ok
19:18:13.0578 4708 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:18:13.0687 4708 Modem - ok
19:18:14.0296 4708 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:18:14.0390 4708 Mouclass - ok
19:18:15.0062 4708 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:18:15.0093 4708 mouhid - ok
19:18:15.0468 4708 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:18:15.0515 4708 MountMgr - ok
19:18:15.0875 4708 mraid35x - ok
19:18:16.0453 4708 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:18:16.0718 4708 MRxDAV - ok
19:18:18.0171 4708 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:18:18.0750 4708 MRxSmb - ok
19:18:19.0890 4708 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:18:20.0078 4708 Msfs - ok
19:18:21.0218 4708 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:18:21.0343 4708 MSKSSRV - ok
19:18:22.0562 4708 msloop (64e8b7c65eb4796939c0f64f8170821b) C:\WINDOWS\system32\DRIVERS\loop.sys
19:18:22.0718 4708 msloop - ok
19:18:24.0093 4708 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:18:24.0203 4708 MSPCLOCK - ok
19:18:25.0453 4708 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:18:25.0562 4708 MSPQM - ok
19:18:26.0750 4708 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:18:27.0078 4708 mssmbios - ok
19:18:28.0671 4708 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:18:29.0187 4708 MSTEE - ok
19:18:30.0578 4708 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:18:30.0703 4708 Mup - ok
19:18:32.0921 4708 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:18:33.0625 4708 NABTSFEC - ok
19:18:35.0562 4708 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:18:36.0093 4708 NDIS - ok
19:18:37.0531 4708 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:18:37.0718 4708 NdisIP - ok
19:18:39.0140 4708 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:18:39.0218 4708 NdisTapi - ok
19:18:40.0765 4708 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:18:40.0937 4708 Ndisuio - ok
19:18:42.0484 4708 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:18:42.0921 4708 NdisWan - ok
19:18:44.0796 4708 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:18:45.0468 4708 NDProxy - ok
19:18:47.0328 4708 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:18:47.0578 4708 NetBIOS - ok
19:18:49.0015 4708 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:18:49.0453 4708 NetBT - ok
19:18:50.0437 4708 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:18:50.0515 4708 NIC1394 - ok
19:18:50.0953 4708 NielGfx - ok
19:18:52.0031 4708 nielprt - ok
19:18:53.0625 4708 npf (b48dc6abcd3aeff8618350ccbdc6b09a) C:\WINDOWS\system32\drivers\npf.sys
19:18:53.0828 4708 npf - ok
19:18:55.0265 4708 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:18:55.0406 4708 Npfs - ok
19:18:56.0890 4708 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:18:57.0406 4708 Ntfs - ok
19:18:57.0875 4708 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:18:57.0890 4708 Null - ok
19:18:58.0515 4708 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:18:58.0546 4708 NwlnkFlt - ok
19:18:58.0921 4708 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:18:58.0968 4708 NwlnkFwd - ok
19:18:59.0562 4708 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:18:59.0593 4708 ohci1394 - ok
19:19:00.0234 4708 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
19:19:00.0453 4708 Parport - ok
19:19:01.0203 4708 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:19:01.0281 4708 PartMgr - ok
19:19:01.0875 4708 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:19:01.0953 4708 ParVdm - ok
19:19:02.0890 4708 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:19:03.0125 4708 PCI - ok
19:19:03.0765 4708 PCIDump - ok
19:19:04.0593 4708 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:19:04.0671 4708 PCIIde - ok
19:19:05.0093 4708 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
19:19:05.0187 4708 Pcmcia - ok
19:19:05.0578 4708 PDCOMP - ok
19:19:05.0906 4708 PDFRAME - ok
19:19:06.0265 4708 PDRELI - ok
19:19:06.0875 4708 PDRFRAME - ok
19:19:07.0562 4708 perc2 - ok
19:19:08.0187 4708 perc2hib - ok
19:19:09.0890 4708 PID_08A0 (cebefeae6156f4fee41f56be89ea9c96) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
19:19:10.0828 4708 PID_08A0 - ok
19:19:11.0609 4708 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:19:11.0718 4708 PptpMiniport - ok
19:19:12.0234 4708 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:19:12.0312 4708 PSched - ok
19:19:12.0812 4708 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:19:12.0859 4708 Ptilink - ok
19:19:13.0265 4708 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:19:13.0312 4708 PxHelp20 - ok
19:19:13.0828 4708 ql1080 - ok
19:19:14.0281 4708 Ql10wnt - ok
19:19:14.0843 4708 ql12160 - ok
19:19:15.0265 4708 ql1240 - ok
19:19:15.0906 4708 ql1280 - ok
19:19:16.0500 4708 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:19:16.0562 4708 RasAcd - ok
19:19:17.0062 4708 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:19:17.0125 4708 Rasl2tp - ok
19:19:17.0546 4708 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:19:17.0578 4708 RasPppoe - ok
19:19:17.0906 4708 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:19:17.0953 4708 Raspti - ok
19:19:18.0484 4708 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:19:18.0625 4708 Rdbss - ok
19:19:19.0218 4708 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:19:19.0296 4708 RDPCDD - ok
19:19:19.0968 4708 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:19:20.0156 4708 rdpdr - ok
19:19:20.0984 4708 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:19:21.0078 4708 RDPWD - ok
19:19:21.0703 4708 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:19:21.0765 4708 redbook - ok
19:19:22.0000 4708 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:19:22.0046 4708 SASDIFSV - ok
19:19:22.0125 4708 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:19:22.0171 4708 SASKUTIL - ok
19:19:22.0703 4708 sbaphd (65a36563c0207824c8240662043c5304) C:\WINDOWS\system32\drivers\sbaphd.sys
19:19:22.0750 4708 sbaphd - ok
19:19:23.0140 4708 sbapifs (3d6ba67c758735918e323d4d6f64449a) C:\WINDOWS\system32\drivers\sbapifs.sys
19:19:23.0203 4708 sbapifs - ok
19:19:23.0843 4708 SbFw (eb4a2b5faa3decd33ed682a5569e287f) C:\WINDOWS\system32\drivers\SbFw.sys
19:19:24.0171 4708 SbFw - ok
19:19:24.0906 4708 SBFWIMCL (f27b38d70b7621378161d6f48be04d2c) C:\WINDOWS\system32\DRIVERS\sbfwim.sys
19:19:24.0953 4708 SBFWIMCL - ok
19:19:25.0468 4708 SBFWIMCLMP (f27b38d70b7621378161d6f48be04d2c) C:\WINDOWS\system32\DRIVERS\SBFWIM.sys
19:19:25.0468 4708 SBFWIMCLMP - ok
19:19:26.0156 4708 SbHips (53e5e7dc26bb920b97f258bbd52abfdc) C:\WINDOWS\system32\drivers\sbhips.sys
19:19:26.0328 4708 SbHips - ok
19:19:26.0578 4708 SbieDrv (9842b0829f6a19b7cd9f4d423c534735) C:\Program Files\Sandboxie\SbieDrv.sys
19:19:26.0843 4708 SbieDrv - ok
19:19:27.0546 4708 SBRE (0505da5d357f18a5d42fc5dede6bc9a0) C:\WINDOWS\system32\drivers\SBREDrv.sys
19:19:27.0656 4708 SBRE - ok
19:19:28.0265 4708 SbTis (44062a740434b7c3946096d615aaa91c) C:\WINDOWS\system32\drivers\sbtis.sys
19:19:28.0406 4708 SbTis - ok
19:19:28.0906 4708 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:19:28.0953 4708 Secdrv - ok
19:19:29.0375 4708 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
19:19:29.0421 4708 Serial - ok
19:19:29.0812 4708 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:19:29.0843 4708 Sfloppy - ok
19:19:30.0203 4708 Simbad - ok
19:19:30.0703 4708 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:19:30.0765 4708 SLIP - ok
19:19:31.0343 4708 SNC (1a992c8136c015453e82041c35b299da) C:\WINDOWS\system32\DRIVERS\SonyNC.sys
19:19:31.0406 4708 SNC - ok
19:19:31.0937 4708 Sparrow - ok
19:19:32.0625 4708 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:19:32.0718 4708 splitter - ok
19:19:33.0562 4708 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\System32\Drivers\sptd.sys
19:19:34.0000 4708 sptd - ok
19:19:34.0437 4708 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:19:34.0500 4708 sr - ok
19:19:35.0078 4708 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:19:35.0296 4708 Srv - ok
19:19:35.0890 4708 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:19:35.0953 4708 streamip - ok
19:19:36.0640 4708 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:19:36.0734 4708 swenum - ok
19:19:37.0390 4708 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:19:37.0500 4708 swmidi - ok
19:19:38.0000 4708 symc810 - ok
19:19:38.0468 4708 symc8xx - ok
19:19:38.0796 4708 sym_hi - ok
19:19:39.0234 4708 sym_u3 - ok
19:19:39.0640 4708 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:19:39.0703 4708 sysaudio - ok
19:19:40.0343 4708 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:19:40.0578 4708 Tcpip - ok
19:19:41.0109 4708 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:19:41.0218 4708 TDPIPE - ok
19:19:41.0843 4708 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:19:41.0906 4708 TDTCP - ok
19:19:42.0468 4708 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:19:42.0593 4708 TermDD - ok
19:19:43.0156 4708 TosIde - ok
19:19:43.0671 4708 TuneConvertAudio (ff6e54b49607cc0f37d675b763735570) C:\WINDOWS\system32\drivers\TuneConvertAudio.sys
19:19:43.0750 4708 TuneConvertAudio - ok
19:19:44.0312 4708 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:19:44.0375 4708 Udfs - ok
19:19:44.0718 4708 ultra - ok
19:19:45.0312 4708 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:19:45.0531 4708 Update - ok
19:19:46.0109 4708 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:19:46.0203 4708 USBAAPL - ok
19:19:48.0203 4708 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:19:48.0484 4708 usbaudio - ok
19:19:50.0218 4708 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:19:50.0312 4708 usbccgp - ok
19:19:51.0515 4708 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:19:51.0562 4708 usbehci - ok
19:19:52.0375 4708 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:19:52.0546 4708 usbhub - ok
19:19:53.0484 4708 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:19:53.0687 4708 usbprint - ok
19:19:54.0984 4708 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:19:55.0156 4708 usbscan - ok
19:19:56.0125 4708 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:19:56.0203 4708 USBSTOR - ok
19:19:56.0687 4708 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:19:56.0734 4708 usbuhci - ok
19:19:57.0671 4708 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
19:19:57.0750 4708 usbvideo - ok
19:19:58.0375 4708 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:19:58.0453 4708 VgaSave - ok
19:19:59.0125 4708 ViaIde - ok
19:19:59.0812 4708 VMUVC - ok
19:20:00.0546 4708 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:20:00.0718 4708 VolSnap - ok
19:20:01.0265 4708 vvftUVC - ok
19:20:01.0875 4708 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:20:01.0953 4708 Wanarp - ok
19:20:02.0593 4708 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
19:20:02.0890 4708 Wdf01000 - ok
19:20:03.0218 4708 WDICA - ok
19:20:03.0875 4708 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:20:04.0078 4708 wdmaud - ok
19:20:04.0953 4708 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
19:20:05.0062 4708 WinUSB - ok
19:20:05.0796 4708 WSIMD (33bcfd50929aa6876c54c3768818e685) C:\WINDOWS\system32\DRIVERS\wsimd.sys
19:20:06.0406 4708 WSIMD - ok
19:20:06.0968 4708 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:20:07.0015 4708 WSTCODEC - ok
19:20:07.0593 4708 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:20:07.0671 4708 WudfPf - ok
19:20:08.0109 4708 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:20:08.0187 4708 WudfRd - ok
19:20:09.0015 4708 yukonwxp (228d0403f0210d6d67a9acf907597efe) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
19:20:09.0187 4708 yukonwxp - ok
19:20:09.0859 4708 ZTEusbmdm6k - ok
19:20:10.0437 4708 ZTEusbnmea - ok
19:20:10.0906 4708 ZTEusbser6k - ok
19:20:10.0984 4708 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:20:12.0468 4708 \Device\Harddisk0\DR0 - ok
19:20:12.0484 4708 Boot (0x1200) (bb97dcd5aa5c484a28973fc1c5804c1d) \Device\Harddisk0\DR0\Partition0
19:20:12.0500 4708 \Device\Harddisk0\DR0\Partition0 - ok
19:20:12.0500 4708 ============================================================
19:20:12.0500 4708 Scan finished
19:20:12.0500 4708 ============================================================
19:20:12.0500 5888 Detected object count: 0
19:20:12.0500 5888 Actual detected object count: 0

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:27 AM

Posted 21 October 2011 - 08:47 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 bellavida

bellavida
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 22 October 2011 - 08:20 AM

Hey Gringo, here is the report:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-21 23:39:10
-----------------------------
23:39:10.468 OS Version: Windows 5.1.2600 Service Pack 3
23:39:10.468 Number of processors: 2 586 0xE0C
23:39:10.484 ComputerName: BELLA UserName: bella
23:39:16.968 Initialize success
23:40:12.906 AVAST engine defs: 11102101
00:00:56.765 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
00:00:56.781 Disk 0 Vendor: FUJITSU_MHW2080BH 00000012 Size: 76319MB BusType: 3
00:00:56.828 Disk 0 MBR read successfully
00:00:56.828 Disk 0 MBR scan
00:00:57.265 Disk 0 Windows XP default MBR code
00:00:57.296 Disk 0 scanning sectors +135186975
00:00:58.437 Disk 0 scanning C:\WINDOWS\system32\drivers
00:03:01.781 Service scanning
00:03:10.671 Modules scanning
00:03:55.703 Disk 0 trace - called modules:
00:03:55.718 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
00:03:55.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x870faab8]
00:03:55.734 3 CLASSPNP.SYS[f766efd7] -> nt!IofCallDriver -> \Device\0000008b[0x8715c3e8]
00:03:55.734 5 ACPI.sys[f74d5620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8713c940]
00:04:03.109 AVAST engine scan C:\
06:08:03.265 Scan finished successfully
08:18:00.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\bella\Desktop\MBR.dat"
08:18:00.468 The log file has been saved successfully to "C:\Documents and Settings\bella\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:27 AM

Posted 22 October 2011 - 11:54 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 bellavida

bellavida
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 22 October 2011 - 07:27 PM

Hi there, here is the OTL log.

OTL logfile created on: 10/22/2011 6:21:55 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\bella\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.11 Mb Total Physical Memory | 413.50 Mb Available Physical Memory | 40.77% Memory free
2.38 Gb Paging File | 1.67 Gb Available in Paging File | 70.12% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.46 Gb Total Space | 14.75 Gb Free Space | 22.88% Space Free | Partition Type: NTFS

Computer Name: BELLA | User Name: bella | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\bella\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
PRC - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
PRC - C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe (Sunbelt Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
PRC - C:\WINDOWS\system32\acs.exe (Atheros)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Sunbelt Software\VIPRE\Definitions\libMachoUniv.dll ()
MOD - C:\Program Files\Sunbelt Software\VIPRE\Definitions\libBase64.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Documents and Settings\bella\Application Data\Mozilla\Firefox\Profiles\d1dpmlwb.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko7.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Sunbelt Software\VIPRE\vipre.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll ()
MOD - C:\Program Files\Sunbelt Software\VIPRE\unrar.dll ()
MOD - C:\Program Files\VDMSound\LaunchPad.dll ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBKPP5C.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (srv720) -- File not found
SRV - (gusvc) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (ScsiAccess) -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe ()
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (SBAMSvc) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
SRV - (SBPIMSvc) -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe (Sunbelt Software)
SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)


========== Driver Services (SafeList) ==========

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (sbapifs) -- C:\WINDOWS\system32\drivers\sbapifs.sys (Sunbelt Software)
DRV - (sbaphd) -- C:\WINDOWS\system32\drivers\sbaphd.sys (Sunbelt Software)
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SbFw) -- C:\WINDOWS\system32\drivers\SbFw.sys (Sunbelt Software, Inc.)
DRV - (SbTis) -- C:\WINDOWS\system32\drivers\sbtis.sys (Sunbelt Software, Inc.)
DRV - (SbHips) -- C:\WINDOWS\system32\drivers\sbhips.sys (Sunbelt Software, Inc.)
DRV - (hitmanpro35) -- C:\WINDOWS\system32\drivers\hitmanpro35.sys ()
DRV - (SBFWIMCLMP) -- C:\WINDOWS\system32\drivers\SbFwIm.sys (Sunbelt Software, Inc.)
DRV - (SBFWIMCL) -- C:\WINDOWS\system32\drivers\SbFwIm.sys (Sunbelt Software, Inc.)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (TuneConvertAudio) -- C:\WINDOWS\system32\drivers\TuneConvertAudio.sys (Windows ® Codename Longhorn DDK provider)
DRV - (CEUSBAudioSrv) -- C:\WINDOWS\system32\drivers\ceusbaud.sys (CEntrance, Inc.)
DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (PID_08A0) QuickCam IM(PID_08A0) -- C:\WINDOWS\system32\drivers\LV302AV.SYS (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (msloop) -- C:\WINDOWS\system32\drivers\loop.sys (Microsoft Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1801674531-1614895754-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1801674531-1614895754-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1801674531-1614895754-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E 24 2C 08 5A 90 CC 01 [binary data]
IE - HKU\S-1-5-21-1801674531-1614895754-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1801674531-1614895754-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1801674531-1614895754-1417001333-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\bella\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\bella\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/10 08:18:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/25 08:41:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/05/22 10:05:57 | 000,000,000 | ---D | M]

[2011/06/02 15:03:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bella\Application Data\Mozilla\Extensions
[2010/05/28 01:12:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bella\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/06/02 15:03:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bella\Application Data\Mozilla\Extensions\uploadr@flickr.com
[2011/10/12 20:08:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bella\Application Data\Mozilla\Firefox\Profiles\d1dpmlwb.default\extensions
[2011/09/27 12:23:05 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Documents and Settings\bella\Application Data\Mozilla\Firefox\Profiles\d1dpmlwb.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/10/13 11:45:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\bella\Application Data\Mozilla\Firefox\Profiles\d1dpmlwb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/18 09:56:18 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\bella\Application Data\Mozilla\Firefox\Profiles\d1dpmlwb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/08/08 12:13:04 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Documents and Settings\bella\Application Data\Mozilla\Firefox\Profiles\d1dpmlwb.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2011/03/24 09:36:21 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\bella\Application Data\Mozilla\Firefox\Profiles\d1dpmlwb.default\extensions\engine@conduit.com
[2011/10/12 20:08:15 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\bella\Application Data\Mozilla\Firefox\Profiles\d1dpmlwb.default\extensions\firefox@tvunetworks.com
[2011/09/25 00:51:37 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\bella\Application Data\Mozilla\Firefox\Profiles\d1dpmlwb.default\extensions\plugin@yontoo.com
[2011/09/24 18:15:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/02 19:45:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/05/15 14:13:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/10/10 08:18:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2011/10/10 08:18:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT3007394
CHR - default_search_provider: suggest_url = http://search.conduit.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\bella\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\bella\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\bella\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\bella\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Program Files\Photodex Presenter\npPxPlay.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\bella\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: FB Layouts & Extras = C:\Documents and Settings\bella\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\maeijollgfmffkncnabiigmkoomhjnhf\2.0.2_0\
CHR - Extension: Poppit = C:\Documents and Settings\bella\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/10/21 13:03:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-1801674531-1614895754-1417001333-1004\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-1614895754-1417001333-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1801674531-1614895754-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1801674531-1614895754-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1801674531-1614895754-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1801674531-1614895754-1417001333-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1801674531-1614895754-1417001333-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\bella\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\bella\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFE6EFF4-210E-4310-84AF-54896C0599BF}: DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\bella\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\bella\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/06 21:14:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/22 18:20:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bella\Desktop\OTL.exe
[2011/10/22 08:21:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\bella\Recent
[2011/10/21 22:53:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/21 07:45:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/21 07:45:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/21 07:45:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/21 07:45:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/21 07:44:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/21 07:36:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bella\.swt
[2011/10/20 11:51:59 | 004,825,776 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des
[2011/10/20 11:51:09 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys
[2011/10/20 11:51:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2011/10/20 11:20:54 | 000,000,000 | ---D | C] -- C:\Ignitedgames
[2011/10/19 22:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011/10/16 20:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bella\Application Data\WindSolutions
[2011/10/16 20:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2011/10/15 22:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/10/15 22:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/15 22:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/10/15 22:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/10/12 20:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bella\Local Settings\Application Data\TVU Networks
[2011/10/12 20:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TVU Networks
[2011/10/12 20:08:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bella\LocalLow
[2011/10/12 20:08:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\TVUAx
[2011/10/11 08:49:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bella\Application Data\SUPERAntiSpyware.com
[2011/10/11 08:49:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/10/11 08:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/10/11 08:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/10/07 06:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bella\Start Menu\Programs\HiJackThis
[2011/10/07 06:00:26 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/07 05:48:17 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/07 05:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/01 20:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bella\My Documents\webkit
[2011/10/01 00:59:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bella\Application Data\LucasArts
[2011/09/30 08:52:15 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2011/09/30 08:52:14 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2011/09/30 08:52:13 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2011/09/30 08:52:11 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2011/09/30 08:52:11 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2011/09/30 08:52:09 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2011/09/30 08:52:08 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2011/09/30 08:52:07 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2011/09/30 08:52:07 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2011/09/30 08:52:06 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2011/09/30 08:52:04 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2011/09/30 08:52:04 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2011/09/30 08:52:03 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2011/09/30 08:52:01 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2011/09/30 08:51:59 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2011/09/30 08:51:59 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2011/09/30 08:51:58 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2011/09/30 08:51:57 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2011/09/30 08:51:57 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2011/09/30 08:51:55 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2011/09/30 08:51:53 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2011/09/30 08:51:53 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2011/09/30 08:51:52 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2011/09/30 08:51:51 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2011/09/30 08:51:49 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2011/09/30 08:51:49 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2011/09/30 08:51:47 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2011/09/30 08:51:46 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2011/09/30 08:51:44 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2011/09/30 08:51:43 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2011/09/30 08:51:41 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2011/09/30 08:51:41 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2011/09/30 08:51:39 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2011/09/30 08:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011/09/30 08:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bella\My Documents\Documents and Settings
[2011/09/24 12:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bella\My Documents\My Cheat Tables
[2011/06/02 21:06:59 | 000,122,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll

========== Files - Modified Within 30 Days ==========

[2011/10/22 18:51:01 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1614895754-1417001333-1004UA.job
[2011/10/22 18:20:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bella\Desktop\OTL.exe
[2011/10/22 18:19:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1614895754-1417001333-1006UA.job
[2011/10/22 13:19:04 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1614895754-1417001333-1006Core.job
[2011/10/21 22:51:01 | 000,000,948 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1614895754-1417001333-1004Core.job
[2011/10/21 13:33:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/21 13:03:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/21 07:36:26 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\bella\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/10/20 07:56:05 | 003,516,740 | ---- | M] () -- C:\Documents and Settings\bella\Desktop\Chris Brown So Cold.mp3
[2011/10/19 22:50:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/18 08:21:28 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/17 20:37:06 | 008,598,664 | ---- | M] () -- C:\Documents and Settings\bella\Desktop\Bruno Mars It Will Rain.mp3
[2011/10/17 20:33:16 | 008,519,001 | ---- | M] () -- C:\Documents and Settings\bella\Desktop\Ne-Yo Lonely Again.mp3
[2011/10/17 20:17:41 | 004,405,321 | ---- | M] () -- C:\Documents and Settings\bella\Desktop\Nicki Minaj Fly ft Rihanna.mp3
[2011/10/17 13:38:09 | 003,421,863 | ---- | M] () -- C:\Documents and Settings\bella\Desktop\Stereo Hearts.mp3
[2011/10/16 20:12:41 | 000,000,647 | ---- | M] () -- C:\Documents and Settings\bella\Desktop\Shortcut to CopyTransManager.lnk
[2011/10/16 20:04:07 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2011/10/16 08:37:24 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\bella\Desktop\iTunes.lnk
[2011/10/15 23:11:16 | 000,000,391 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2011/10/15 21:49:28 | 000,495,500 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/15 21:49:28 | 000,085,670 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/13 15:37:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/13 08:10:22 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\bella\defogger_reenable
[2011/10/13 08:03:58 | 003,777,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/04 18:48:02 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\bella\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/04 18:48:01 | 000,002,369 | ---- | M] () -- C:\Documents and Settings\bella\Desktop\Google Chrome.lnk
[2011/10/03 03:35:11 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/09/29 01:43:54 | 000,089,600 | ---- | M] () -- C:\Documents and Settings\bella\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/26 11:41:20 | 000,611,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011/09/26 11:41:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll

========== Files Created - No Company Name ==========

[2011/10/22 13:14:29 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1614895754-1417001333-1006UA.job
[2011/10/22 13:14:26 | 000,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1614895754-1417001333-1006Core.job
[2011/10/21 07:45:08 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/21 07:45:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/21 07:45:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/21 07:45:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/21 07:45:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/20 11:51:09 | 000,005,174 | ---- | C] () -- C:\WINDOWS\System32\nppt9x.vxd
[2011/10/20 07:55:26 | 003,516,740 | ---- | C] () -- C:\Documents and Settings\bella\Desktop\Chris Brown So Cold.mp3
[2011/10/17 20:35:44 | 008,598,664 | ---- | C] () -- C:\Documents and Settings\bella\Desktop\Bruno Mars It Will Rain.mp3
[2011/10/17 20:32:04 | 008,519,001 | ---- | C] () -- C:\Documents and Settings\bella\Desktop\Ne-Yo Lonely Again.mp3
[2011/10/17 20:16:51 | 004,405,321 | ---- | C] () -- C:\Documents and Settings\bella\Desktop\Nicki Minaj Fly ft Rihanna.mp3
[2011/10/17 13:30:57 | 003,421,863 | ---- | C] () -- C:\Documents and Settings\bella\Desktop\Stereo Hearts.mp3
[2011/10/16 20:12:41 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\bella\Desktop\Shortcut to CopyTransManager.lnk
[2011/10/16 20:04:04 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2011/10/16 08:37:24 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\bella\Desktop\iTunes.lnk
[2011/10/15 22:44:23 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/15 22:44:17 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/10/13 08:10:00 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\bella\defogger_reenable
[2011/09/13 01:22:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\ssunstl.exe
[2011/08/12 01:24:36 | 000,337,182 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/07/22 01:30:35 | 000,004,943 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pyknfeyt.slj
[2011/07/10 01:22:33 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2011/07/09 13:12:05 | 000,001,289 | ---- | C] () -- C:\WINDOWS\Qgugadodex.dat
[2011/07/09 13:12:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Fniriruxecabaf.bin
[2011/07/03 23:44:24 | 000,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\1ÌØ13.sys
[2011/06/24 08:12:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhotoNow.INI
[2011/06/21 06:11:35 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2011/06/21 06:11:13 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/06/19 16:07:57 | 000,106,496 | RHS- | C] () -- C:\WINDOWS\System32\odexl32A.dll
[2011/06/19 03:44:23 | 001,343,840 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/19 01:09:39 | 000,066,625 | ---- | C] () -- C:\Documents and Settings\bella\Application Data\BELLA Johansson 0 MicroDump 2011 6 19 1 2804.cab
[2011/06/12 19:22:33 | 000,000,221 | ---- | C] () -- C:\WINDOWS\WaterIllusion.ini
[2011/06/02 21:07:07 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/06/02 21:07:01 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/06/02 21:06:58 | 000,631,808 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/06/02 21:06:58 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/06/02 21:06:53 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/05/14 18:36:49 | 000,000,288 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/04/10 23:41:50 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\4E37A837910D.ini
[2011/04/04 18:04:01 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/04/02 02:15:46 | 000,000,118 | ---- | C] () -- C:\Documents and Settings\bella\Application Data\netstat.bat
[2010/12/29 21:33:06 | 000,000,041 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2010/10/04 12:27:00 | 000,001,576 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/08/08 12:09:29 | 000,000,468 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2010/08/08 12:07:04 | 000,006,751 | ---- | C] () -- C:\WINDOWS\System32\secushr.dat
[2010/08/08 12:06:34 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2010/07/15 19:45:44 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/07/15 02:32:21 | 000,000,391 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2010/07/15 02:31:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbkvs.dll
[2010/07/15 02:31:22 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini
[2010/06/06 21:02:19 | 000,089,600 | ---- | C] () -- C:\Documents and Settings\bella\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/26 18:50:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\bella\Local Settings\Application Data\prvlcl.dat
[2010/05/15 19:10:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/07 16:05:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/05/06 22:40:08 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/05/06 21:17:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/06 21:10:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/06 14:21:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/06 14:20:27 | 003,777,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/03 16:03:11 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\msm-caotd.dll
[2009/08/04 16:24:41 | 000,014,046 | ---- | C] () -- C:\WINDOWS\System32\msw-naote.dll
[2008/04/14 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 02:00:00 | 000,495,500 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 02:00:00 | 000,085,670 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 02:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/04/27 10:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2005/04/15 06:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/15 06:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/05/15 21:41:35 | 000,000,330 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\saopts.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\drivers\etc\HOSTSbackup:SummaryInformation
@Alternate Data Stream - 362 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8927A071
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BFE23423
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:010ADD2C
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0E39261

< End of report >


Edit: I was transferring a file from my comp to a flash drive and the comp suddenly went to the "blue screen". I just restarted and the comp booted up but I'm guessing this is something with the hard drive? Also, chk dsk runs EVERY single time I boot, even if I let it run completely and shut down normally. I do not remember the last time chk dsk did not try to run at startup.

Edited by bellavida, 23 October 2011 - 08:38 AM.


#14 bellavida

bellavida
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 25 October 2011 - 01:25 PM

bump

Edited by bellavida, 25 October 2011 - 01:25 PM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:27 AM

Posted 25 October 2011 - 05:06 PM

Hello

I want you to run this custem OTL script for me and then let me know how things are after you finish.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    @Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\drivers\etc\HOSTSbackup:SummaryInformation
    @Alternate Data Stream - 362 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8927A071
    @Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33
    @Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BFE23423
    @Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:010ADD2C
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0E39261    
    [2011/09/27 12:23:05 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Documents and Settings\bella\Application Data\Mozilla\Firefox\Profiles\d1dpmlwb.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    [2011/07/18 09:56:18 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\bella\Application Data\Mozilla\Firefox\Profiles\d1dpmlwb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2011/03/24 09:36:21 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\bella\Application Data\Mozilla\Firefox\Profiles\d1dpmlwb.default\extensions\engine@conduit.com
    [2011/09/25 00:51:37 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\bella\Application Data\Mozilla\Firefox\Profiles\d1dpmlwb.default\extensions\plugin@yontoo.com
    CHR - default_search_provider: Conduit (Enabled)
    CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT3007394
    CHR - default_search_provider: suggest_url = http://search.conduit.com/
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users