Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer running multiple processes


  • This topic is locked This topic is locked
26 replies to this topic

#1 rochelle bradley

rochelle bradley

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:U.K
  • Local time:11:47 PM

Posted 18 October 2011 - 04:40 PM

Hello

I recently had a virus on my laptop top which redirected my google searches to unknown websites and interferred with my internet banking.
After following some instructions online I managed to get rid of it, but recently I have noticed my laptop is running quite slow and when I open task manager and look at the processes using the CPU there are a number of them that keep appearing that I am unsure of and a few that appear several times.

I'm concerned my laptop is still infected. I've attached the details noted in the prep guide.

My laptop is running on windows xp, service pack 3, it runs on 1.58 ghz with a 1.37gb ram. Its normally quick and responsive despite its age.

Thanks in advance

Attached Files



BC AdBot (Login to Remove)

 


#2 rochelle bradley

rochelle bradley
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:U.K
  • Local time:11:47 PM

Posted 21 October 2011 - 02:37 AM

The processes running are named SVCHOST.EXE - thanks

Edited by Orange Blossom, 22 October 2011 - 10:02 AM.
Removed unnecessary quote. ~ OB


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:47 AM

Posted 22 October 2011 - 02:38 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 rochelle bradley

rochelle bradley
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:U.K
  • Local time:11:47 PM

Posted 24 October 2011 - 07:06 AM

OTL logfile created on: 24/10/2011 13:01:17 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.37 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 59.25% Memory free
2.16 Gb Paging File | 1.74 Gb Available in Paging File | 80.27% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.06 Gb Total Space | 1.12 Gb Free Space | 3.19% Space Free | Partition Type: FAT32
Drive D: | 35.54 Gb Total Space | 0.47 Gb Free Space | 1.32% Space Free | Partition Type: FAT32

Computer Name: ACER-684C9A655D | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/24 13:00:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2010/09/14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/03/28 22:11:38 | 003,445,152 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\Core.exe
PRC - [2008/04/14 01:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\EXPLORER.EXE
PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC207\Monitor.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/01/24 18:00:08 | 000,397,312 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe
PRC - [2005/12/27 15:50:28 | 000,069,632 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2005/11/08 10:19:28 | 000,081,920 | ---- | M] () -- C:\Program Files\Launch Manager\WButton.exe
PRC - [2005/10/24 16:45:32 | 002,462,208 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admtray.exe
PRC - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe
PRC - [2005/07/25 13:36:40 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exe
PRC - [2005/07/25 10:45:00 | 000,241,664 | ---- | M] () -- C:\Program Files\Launch Manager\OSDCtrl.exe
PRC - [2004/12/27 17:12:16 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2004/10/05 16:25:10 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2002/08/30 15:02:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Launch Manager\Powerkey.exe


========== Modules (No Company Name) ==========

MOD - [2011/05/26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2005/12/27 15:50:26 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\MSNChatHook.dll
MOD - [2005/11/08 10:19:28 | 000,081,920 | ---- | M] () -- C:\Program Files\Launch Manager\WButton.exe
MOD - [2005/09/05 16:31:56 | 000,229,472 | ---- | M] () -- C:\Acer\Empowering Technology\NetMonitor.dll
MOD - [2005/07/25 13:36:40 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exe
MOD - [2005/07/25 10:45:00 | 000,241,664 | ---- | M] () -- C:\Program Files\Launch Manager\OSDCtrl.exe
MOD - [2004/12/27 17:12:16 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
MOD - [2003/12/29 20:45:08 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ServiceControl.dll
MOD - [2002/08/30 15:02:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Launch Manager\Powerkey.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (SNMPTRAP)
SRV - File not found [Auto | Stopped] -- -- (SNMP)
SRV - File not found [Auto | Stopped] -- -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/09/14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/08/31 13:03:54 | 000,767,341 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)
SRV - [2004/12/27 17:12:16 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)


========== Driver Services (SafeList) ==========

DRV - [2009/12/02 22:23:52 | 000,020,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
DRV - [2009/12/02 22:23:52 | 000,018,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftvolxp.sys -- (Sftvol)
DRV - [2009/12/02 22:23:50 | 000,211,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftplayxp.sys -- (Sftplay)
DRV - [2009/12/02 22:23:46 | 000,554,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftfsxp.sys -- (Sftfs)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/04/13 19:40:50 | 000,149,376 | ---- | M] (M-Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tffsport.sys -- (tffsport)
DRV - [2008/02/13 13:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/01/13 17:13:18 | 004,137,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/12/20 21:51:46 | 001,419,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/08 15:12:18 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/11/08 15:11:34 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/11/08 15:11:30 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005/09/13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005/06/30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005/05/02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2005/01/10 15:47:14 | 000,449,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/12/22 01:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/12/02 16:36:08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/04/28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey)
DRV - [2000/12/19 18:29:52 | 000,002,343 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Launch Manager\POWERKEY.SYS -- (POWERKEY)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643



IE - HKU\S-1-5-21-1307327007-36217740-427612828-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1307327007-36217740-427612828-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1307327007-36217740-427612828-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 48 5C CB F0 57 CB 01 [binary data]
IE - HKU\S-1-5-21-1307327007-36217740-427612828-1006\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1307327007-36217740-427612828-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1307327007-36217740-427612828-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.4.5
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.2: C:\Documents and Settings\user\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A69FC36F-2CCB-4D57-9B54-DF59D1A1EC41}: C:\Documents and Settings\user\Local Settings\Application Data\{A69FC36F-2CCB-4D57-9B54-DF59D1A1EC41}

[2009/06/24 12:59:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2009/11/23 18:58:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/06/24 12:59:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\zo2e4pwm.default\extensions
[2009/06/29 18:05:32 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\zo2e4pwm.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}(2)
[2010/07/26 22:06:12 | 000,000,000 | ---D | M] (شريط أدوات فيس بوك) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\zo2e4pwm.default\extensions\firefox@facebook.com
[2010/07/25 17:42:34 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\zo2e4pwm.default\extensions\youtube2mp3@mondayx.de
[2009/06/25 01:09:52 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\zo2e4pwm.default\searchplugins\ask.xml
[2009/06/29 15:17:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/09/13 09:26:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

O1 HOSTS File: ([2011/09/21 18:56:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1307327007-36217740-427612828-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe (Wistron)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe ()
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PowerKey] C:\Program Files\Launch Manager\PowerKey.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe ()
O4 - HKU\S-1-5-21-1307327007-36217740-427612828-1006..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-1307327007-36217740-427612828-1006..\Run: [RprOxnes] C:\Documents and Settings\user\Local Settings\Application Data\jjadypsi\rproxnes.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1307327007-36217740-427612828-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1307327007-36217740-427612828-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1307327007-36217740-427612828-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1307327007-36217740-427612828-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_24.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA3D4DC0-D98C-4AF9-8FCD-F8875F22D276}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\EXPLORER.EXE (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\Userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\user\Local Settings\Application Data\jjadypsi\rproxnes.exe) -C:\Documents and Settings\user\Local Settings\Application Data\jjadypsi\rproxnes.exe File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - Services: "VTingWinIe"
MsConfig - Services: "gupdate"
MsConfig - StartUpReg: BluetoothAuthenticationAgent - hkey= - key= - File not found
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2


ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Camer@
[2011/10/24 13:00:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/10/23 13:11:54 | 000,000,000 | -HSD | C] -- C:\FOUND.000
[2011/10/18 22:21:53 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\user\Desktop\dds.scr
[2011/10/14 00:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/10/13 18:38:41 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2011/10/12 20:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/10/12 19:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/10/12 19:16:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/10/12 17:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/10/12 17:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\SoftGrid Client
[2011/10/12 17:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2011/10/12 17:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2011/10/12 17:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\TP
[2011/10/08 19:42:16 | 000,048,128 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\Remove.exe
[2011/10/08 19:42:14 | 000,000,000 | ---D | C] -- C:\Program Files\Salix
[2011/10/08 19:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PAC207
[2011/10/08 19:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\InstallShield
[2011/10/05 18:13:21 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\user\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\user\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/24 13:00:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/10/24 12:55:50 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/24 12:52:50 | 000,000,494 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2011/10/24 12:52:24 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/24 12:52:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/24 12:52:10 | 1474,531,328 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/23 16:46:18 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2011/10/23 16:23:14 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/22 12:11:50 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/21 08:18:24 | 001,684,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/18 22:53:38 | 000,508,032 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/18 22:53:38 | 000,090,402 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/18 22:38:52 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\user\Desktop\HiJackThis.lnk
[2011/10/18 22:25:38 | 000,418,143 | ---- | M] () -- C:\Documents and Settings\user\Desktop\2wlmphnj.exe
[2011/10/18 22:22:02 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\user\Desktop\dds.scr
[2011/10/18 22:21:34 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Defogger.exe
[2011/10/18 21:12:52 | 000,022,621 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/10/18 21:12:48 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\vcmmsulv.dat
[2011/10/18 20:52:54 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/13 20:55:18 | 000,090,624 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/12 22:50:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/12 22:44:42 | 000,121,847 | ---- | M] () -- C:\Documents and Settings\user\Desktop\valswebpage2.jpg
[2011/10/12 19:43:52 | 000,078,924 | ---- | M] () -- C:\Documents and Settings\user\Desktop\valswebpage.JPG
[2011/10/08 12:18:20 | 000,143,203 | ---- | M] () -- C:\Documents and Settings\user\Desktop\picturethis.JPG
[2011/10/05 18:13:22 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/04 21:08:04 | 000,000,854 | ---- | M] () -- C:\WINDOWS\System32\drivers\othvqmvv.dat
[2011/10/03 09:35:12 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/09/26 11:41:20 | 000,611,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011/09/26 11:41:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll
[2011/09/25 18:40:14 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\xedichxd.dat
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\user\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\user\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/18 22:25:33 | 000,418,143 | ---- | C] () -- C:\Documents and Settings\user\Desktop\2wlmphnj.exe
[2011/10/18 22:21:31 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Defogger.exe
[2011/10/18 21:12:44 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\vcmmsulv.dat
[2011/10/12 21:18:45 | 000,121,847 | ---- | C] () -- C:\Documents and Settings\user\Desktop\valswebpage2.jpg
[2011/10/12 18:46:20 | 000,078,924 | ---- | C] () -- C:\Documents and Settings\user\Desktop\valswebpage.JPG
[2011/10/08 19:42:16 | 000,000,399 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2011/10/08 11:28:05 | 000,143,203 | ---- | C] () -- C:\Documents and Settings\user\Desktop\picturethis.JPG
[2011/10/04 21:08:03 | 000,000,854 | ---- | C] () -- C:\WINDOWS\System32\drivers\othvqmvv.dat
[2011/09/25 18:40:12 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\xedichxd.dat
[2011/09/21 18:56:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\{EC2FD8F9-6F41-4AD5-9DA3-B768F708BCD9}
[2011/09/11 17:11:36 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndvvrnfe.dat
[2011/07/25 21:03:14 | 000,000,377 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2011/07/25 21:03:12 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2011/07/16 22:10:57 | 001,717,270 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1307327007-36217740-427612828-1006-0.dat
[2011/07/16 22:10:55 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2011/07/16 22:10:54 | 000,451,430 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/19 17:50:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/19 17:50:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/19 17:50:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/19 17:50:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/19 17:50:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/18 17:07:54 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011/06/18 17:07:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/02/09 17:52:43 | 000,000,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\wbjzkrmo.dat
[2011/01/18 00:13:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jcmkr32.INI
[2010/11/04 21:22:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Craxocali.bin
[2010/11/04 21:22:57 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Dqepuva.dat
[2010/10/29 11:24:44 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/10/25 13:27:49 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/09/18 23:42:53 | 000,022,621 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/18 23:42:51 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\drivers\yrejebkx.dat
[2010/07/25 21:58:00 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2010/07/13 19:54:15 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2010/06/30 17:24:00 | 000,084,912 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/09 23:38:45 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys
[2010/06/09 23:20:40 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2010/06/09 23:20:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2010/05/31 15:20:41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/26 18:34:59 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2010/05/26 18:34:29 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/05/26 18:34:27 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/05/26 18:34:25 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/19 12:49:54 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\RemoveDevice.dll
[2010/01/19 12:49:54 | 000,466,944 | ---- | C] () -- C:\WINDOWS\RemoveDevice.dll
[2009/12/03 21:53:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/12/03 21:51:30 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/11/08 14:20:38 | 000,104,593 | ---- | C] () -- C:\WINDOWS\System32\drivers\MPIXVID.SYS
[2009/10/15 23:50:14 | 000,000,652 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/09/13 12:07:53 | 000,004,387 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\profiles.xml
[2009/08/09 00:03:55 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/09 00:03:55 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/06/24 16:15:04 | 000,090,624 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/24 12:59:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/20 15:35:40 | 000,067,072 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin
[2009/06/20 15:35:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2009/06/20 15:35:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll
[2009/06/20 15:35:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll
[2009/06/20 15:35:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll
[2009/06/20 15:35:28 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll
[2009/06/20 15:33:50 | 000,159,821 | ---- | C] () -- C:\WINDOWS\EMEAPAGE.exe
[2009/06/20 15:33:42 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
[2006/11/02 09:27:46 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.INI
[2006/04/25 22:21:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/25 22:18:14 | 000,508,032 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/25 22:18:14 | 000,090,402 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/25 21:50:30 | 001,684,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/02/10 07:05:02 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2006/02/10 07:04:22 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2006/02/10 07:04:22 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2006/02/10 07:04:22 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2006/02/10 07:04:22 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/08/02 22:50:42 | 000,000,222 | ---- | C] () -- C:\WINDOWS\FlashSaver.dat
[2005/05/02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
[2005/04/02 10:44:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/04/02 09:19:24 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Apire Series.ini
[2005/01/26 09:44:14 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/12/20 17:48:50 | 000,112,421 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/12/17 16:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/09/14 13:04:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/14 13:02:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/05/14 13:04:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\XMLAUNCH.EXE
[2004/03/01 20:16:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\XMLforLaunch.exe
[2004/02/19 18:06:12 | 000,081,920 | ---- | C] () -- C:\WINDOWS\Capsule.dll
[2003/12/29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll
[2003/11/24 15:55:48 | 000,743,424 | ---- | C] () -- C:\WINDOWS\libxml2.dll
[2003/11/24 15:55:32 | 000,872,448 | ---- | C] () -- C:\WINDOWS\iconv.dll
[2003/07/21 16:52:40 | 000,001,150 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/09/12 22:41:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/12 22:41:26 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\EXPLORER.EXE
[2008/04/14 01:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\EXPLORER.EXE
[2008/04/14 01:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 01:12:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 01:12:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< >

< End of report >


OTL Extras logfile created on: 24/10/2011 13:01:17 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.37 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 59.25% Memory free
2.16 Gb Paging File | 1.74 Gb Available in Paging File | 80.27% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.06 Gb Total Space | 1.12 Gb Free Space | 3.19% Space Free | Partition Type: FAT32
Drive D: | 35.54 Gb Total Space | 0.47 Gb Free Space | 1.32% Space Free | Partition Type: FAT32

Computer Name: ACER-684C9A655D | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1307327007-36217740-427612828-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"28362:TCP" = 28362:TCP:*:Enabled:spport
"6512:TCP" = 6512:TCP:*:Enabled:spport

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\WINDOWS\System32\dpvsetup.exe" = C:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\Sports Interactive\Football Manager 2011\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2011\fm.exe:*:Disabled:Football Manager 2011


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{218D629E-8D06-4B23-A238-EB869770B6CC}" = MSVC90_x86
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 24
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims 3 Late Night
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{499B65FF-C8A9-478C-BD83-3E25714D72C9}" = PC Connectivity Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DA416AE-6D1C-40D6-BCA3-A65A59DD60FC}" = Acer eDataSecurity Management
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims 3 High-End Loft Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims 3 Ambitions
"{92F31257-15BA-46EE-887D-3C18C0790ACE}" = Atheros Client Installation Program
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AF595D08-64AC-428B-8FB8-EEC70CCB8803}" = Ovi Desktop Sync Engine
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims 3 World Adventures
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = PC Camer@
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.0.9.4
"{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.26
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims 3 Generations
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims 3 Fast Lane Stuff
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BitTorrent" = BitTorrent
"BlackBerry_{F20D2884-D854-48A7-B0F0-2921F3A23F81}" = BlackBerry Desktop Software 4.3
"Digital Camera Driver" = Digital Camera Driver
"EADM" = EA Download Manager
"ePresentation" = Acer ePresentation Management
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Matroska Pack" = Matroska Pack
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MP3 Cutter_is1" = MP3 Cutter 1.3
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"RollerCoaster Tycoon Setup" = Roll
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1307327007-36217740-427612828-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05/10/2011 17:33:06 | Computer Name = ACER-684C9A655D | Source = Bonjour Service | ID = 100
Description = 440: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 05/10/2011 17:33:06 | Computer Name = ACER-684C9A655D | Source = Bonjour Service | ID = 100
Description = 436: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 09/10/2011 20:20:47 | Computer Name = ACER-684C9A655D | Source = Bonjour Service | ID = 100
Description = 264: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 09/10/2011 20:20:47 | Computer Name = ACER-684C9A655D | Source = Bonjour Service | ID = 100
Description = 436: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 09/10/2011 20:20:47 | Computer Name = ACER-684C9A655D | Source = Bonjour Service | ID = 100
Description = 440: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 12/10/2011 09:22:11 | Computer Name = ACER-684C9A655D | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4
1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL,
P10 NIL.

Error - 12/10/2011 12:34:37 | Computer Name = ACER-684C9A655D | Source = CVHSVC | ID = 100
Description = Information only. Error: Type: Http send request failed. WinHttpSendRequestFailed
ErrorCode: 12029(0x2efd).

Error - 18/10/2011 16:17:45 | Computer Name = ACER-684C9A655D | Source = MsiInstaller | ID = 11704
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1704.An
installation for Microsoft .NET Framework 4 Client Profile is currently suspended.
You must undo the changes made by that installation to continue. Do you want
to undo those changes?

Error - 18/10/2011 17:46:40 | Computer Name = ACER-684C9A655D | Source = MsiInstaller | ID = 11704
Description = Product: Microsoft .NET Framework 4 Client Profile -- Error 1704.
An installation for Microsoft .NET Framework 2.0 Service Pack 2 is currently suspended.
You must undo the changes made by that installation to continue. Do you want
to undo those changes?

Error - 21/10/2011 03:19:37 | Computer Name = ACER-684C9A655D | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

[ Application Events ]
Error - 05/10/2011 17:33:06 | Computer Name = ACER-684C9A655D | Source = Bonjour Service | ID = 100
Description = 440: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 05/10/2011 17:33:06 | Computer Name = ACER-684C9A655D | Source = Bonjour Service | ID = 100
Description = 436: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 09/10/2011 20:20:47 | Computer Name = ACER-684C9A655D | Source = Bonjour Service | ID = 100
Description = 264: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 09/10/2011 20:20:47 | Computer Name = ACER-684C9A655D | Source = Bonjour Service | ID = 100
Description = 436: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 09/10/2011 20:20:47 | Computer Name = ACER-684C9A655D | Source = Bonjour Service | ID = 100
Description = 440: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 12/10/2011 09:22:11 | Computer Name = ACER-684C9A655D | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4
1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL,
P10 NIL.

Error - 12/10/2011 12:34:37 | Computer Name = ACER-684C9A655D | Source = CVHSVC | ID = 100
Description = Information only. Error: Type: Http send request failed. WinHttpSendRequestFailed
ErrorCode: 12029(0x2efd).

Error - 18/10/2011 16:17:45 | Computer Name = ACER-684C9A655D | Source = MsiInstaller | ID = 11704
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1704.An
installation for Microsoft .NET Framework 4 Client Profile is currently suspended.
You must undo the changes made by that installation to continue. Do you want
to undo those changes?

Error - 18/10/2011 17:46:40 | Computer Name = ACER-684C9A655D | Source = MsiInstaller | ID = 11704
Description = Product: Microsoft .NET Framework 4 Client Profile -- Error 1704.
An installation for Microsoft .NET Framework 2.0 Service Pack 2 is currently suspended.
You must undo the changes made by that installation to continue. Do you want
to undo those changes?

Error - 21/10/2011 03:19:37 | Computer Name = ACER-684C9A655D | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

[ System Events ]
Error - 18/10/2011 16:33:45 | Computer Name = ACER-684C9A655D | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on
Windows Server 2003 and Windows XP x86 (KB2572073).

Error - 21/10/2011 03:18:11 | Computer Name = ACER-684C9A655D | Source = Service Control Manager | ID = 7000
Description = The Cyberlink RichVideo Service(CRVS) service failed to start due
to the following error: %%2

Error - 21/10/2011 03:18:11 | Computer Name = ACER-684C9A655D | Source = Service Control Manager | ID = 7000
Description = The SNMP Service service failed to start due to the following error:
%%2

Error - 22/10/2011 07:12:06 | Computer Name = ACER-684C9A655D | Source = Service Control Manager | ID = 7000
Description = The Cyberlink RichVideo Service(CRVS) service failed to start due
to the following error: %%2

Error - 22/10/2011 07:12:06 | Computer Name = ACER-684C9A655D | Source = Service Control Manager | ID = 7000
Description = The SNMP Service service failed to start due to the following error:
%%2

Error - 23/10/2011 08:13:20 | Computer Name = ACER-684C9A655D | Source = Service Control Manager | ID = 7000
Description = The Cyberlink RichVideo Service(CRVS) service failed to start due
to the following error: %%2

Error - 23/10/2011 08:13:20 | Computer Name = ACER-684C9A655D | Source = Service Control Manager | ID = 7000
Description = The SNMP Service service failed to start due to the following error:
%%2

Error - 24/10/2011 07:52:30 | Computer Name = ACER-684C9A655D | Source = Service Control Manager | ID = 7000
Description = The osaio service failed to start due to the following error: %%32

Error - 24/10/2011 07:52:30 | Computer Name = ACER-684C9A655D | Source = Service Control Manager | ID = 7000
Description = The Cyberlink RichVideo Service(CRVS) service failed to start due
to the following error: %%2

Error - 24/10/2011 07:52:30 | Computer Name = ACER-684C9A655D | Source = Service Control Manager | ID = 7000
Description = The SNMP Service service failed to start due to the following error:
%%2


< End of report >

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:47 AM

Posted 24 October 2011 - 02:35 PM

Hi,

please run a scan with ComboFix next:

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 rochelle bradley

rochelle bradley
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:U.K
  • Local time:11:47 PM

Posted 24 October 2011 - 04:14 PM

Hello.

Whenever I try to run combo fix it runs the full scan but upon restarting my laptop I get a blue screen and it doesn't produce a log.

I've tried twice and it's happened both times.

Thanks

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:47 AM

Posted 24 October 2011 - 04:17 PM

Hi,

please try running it in safe mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 rochelle bradley

rochelle bradley
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:U.K
  • Local time:11:47 PM

Posted 24 October 2011 - 04:27 PM

It produced a log once my laptop restarted the third time.

ComboFix 11-10-24.04 - user 24/10/2011 22:01:42.7.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1406.918 [GMT 1:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\user\Local Settings\Application Data\jjadypsi\rproxnes.exe
c:\documents and settings\user\Local Settings\Application Data\mbufitaa.log
c:\documents and settings\user\Local Settings\Application Data\squkkohx.log
c:\documents and settings\user\Local Settings\Application Data\uernevrl.log
c:\documents and settings\user\Local Settings\Application Data\xapfpkbp.log
c:\windows\WindowsUpdate.log
.
---- Previous Run -------
.
c:\documents and settings\user\Local Settings\Application Data\jjadypsi\rproxnes.exe
c:\documents and settings\user\Local Settings\Application Data\mbufitaa.log
c:\documents and settings\user\Local Settings\Application Data\squkkohx.log
c:\documents and settings\user\Local Settings\Application Data\uernevrl.log
c:\documents and settings\user\Local Settings\Application Data\xapfpkbp.log
c:\windows\KB2393802.log
c:\windows\WindowsUpdate.log . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Micorsoft Windows Service
-------\Service_Micorsoft Windows Service
-------\Service_Micorsoft Windows Service
.
.
((((((((((((((((((((((((( Files Created from 2011-09-24 to 2011-10-24 )))))))))))))))))))))))))))))))
.
.
2011-10-24 21:17 . 2011-10-24 21:17 -------- d-----w- C:\FOUND.002
2011-10-24 20:54 . 2011-10-24 20:54 -------- d-----w- C:\FOUND.001
2011-10-24 20:49 . 2011-10-24 21:19 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{FB84FDBA-AC4C-4FE0-B027-03CE07BEDB1F}\offreg.dll
2011-10-24 12:49 . 2011-10-24 12:49 -------- d-----w- c:\documents and settings\user\Application Data\SoftGrid Client
2011-10-23 12:11 . 2011-10-23 12:11 -------- d-----w- C:\FOUND.000
2011-10-21 07:27 . 2011-10-07 03:48 6668624 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{FB84FDBA-AC4C-4FE0-B027-03CE07BEDB1F}\mpengine.dll
2011-10-18 20:12 . 2011-10-18 20:12 1024 ----a-w- c:\windows\system32\drivers\vcmmsulv.dat
2011-10-12 19:43 . 2011-10-12 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2011-10-12 18:21 . 2011-10-12 18:21 -------- d-----w- c:\documents and settings\user\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-10-12 18:16 . 2011-10-12 18:16 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-10-12 16:32 . 2011-10-12 16:32 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\SoftGrid Client
2011-10-12 16:27 . 2011-10-12 16:27 -------- d-----w- c:\documents and settings\user\Application Data\TP
2011-10-08 18:42 . 2007-10-04 16:42 48128 ------w- c:\windows\system32\Remove.exe
2011-10-08 18:42 . 2011-10-08 18:42 -------- d-----w- c:\program files\Salix
2011-10-08 18:42 . 2011-10-08 18:42 -------- d-----w- c:\program files\Common Files\PAC207
2011-10-08 18:41 . 2011-10-08 18:42 -------- d-----w- c:\documents and settings\user\Application Data\InstallShield
2011-10-05 17:13 . 2011-10-05 17:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-04 20:08 . 2011-10-04 20:08 854 ----a-w- c:\windows\system32\drivers\othvqmvv.dat
2011-09-25 17:40 . 2011-09-25 17:40 1024 ----a-w- c:\windows\system32\drivers\xedichxd.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 10:41 . 2007-10-09 12:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2004-08-04 04:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2004-08-04 04:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-21 17:56 . 2011-09-21 17:56 0 ---ha-w- c:\documents and settings\user\Local Settings\Application Data\BIT3.tmp
2011-09-12 23:14 . 2010-01-16 18:17 7269712 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-09-09 09:12 . 2004-08-04 04:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-04 04:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2006-01-09 10:08 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 04:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 04:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-04 04:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3445152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-11-08 81920]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 139676]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 541037]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\documents and settings\user\Local Settings\Application Data\jjadypsi\rproxnes.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-01-11 16:23 15961088 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VTingWinIe"=2 (0x2)
"gupdate"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"28362:TCP"= 28362:TCP:spport
"6512:TCP"= 6512:TCP:spport
.
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [28/07/2011 21:00 149376]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [09/06/2010 23:38 2343]
S1 zupsdlzz;zupsdlzz;\??\c:\windows\system32\drivers\zupsdlzz.sys --> c:\windows\system32\drivers\zupsdlzz.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19/04/2011 21:58 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [19/04/2011 21:58 136176]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [20/11/2006 08:48 618112]
S3 SI15CI;SI15CI;\??\c:\elements\1stboot\SI15CI.SYS --> c:\elements\1stboot\SI15CI.SYS [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MICORSOFT_WINDOWS_SERVICE
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
2011-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-19 20:58]
.
2011-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-19 20:58]
.
2011-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-RprOxnes - c:\documents and settings\user\Local Settings\Application Data\jjadypsi\rproxnes.exe
AddRemove-BitTorrent - c:\program files\BitTorrent\BitTorrent.exe
AddRemove-HaaliMkx - c:\program files\Matroska Pack\haali\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-24 22:20
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\user\Start Menu\Programs\Startup\rproxnes.exe 131072 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PEVSystemStart]
"ImagePath"="\"c:\combofix\pev.3XE\" EXEC /i \"c:\combofix\REGT.3XE\" /S \"c:\combofix\erunt.dat\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1307327007-36217740-427612828-1006\Software\G*e*n*i*e*"!\FM Genie Scout 11]
"GameDir"="c:\\Documents and Settings\\user\\My Documents\\Sports Interactive\\Football Manager 2011\\games"
"ShortlistDir"=""
"FMPath"="c:\\Program Files\\Sports Interactive\\Football Manager 2011\\"
"ScreenshotsDir"="c:\\Documents and Settings\\user\\My Documents\\Sports Interactive\\Football Manager 2011"
"SaveDir"="c:\\Documents and Settings\\user\\My Documents\\Sports Interactive\\Football Manager 2011\\"
"HistoryDir"="c:\\FM Genie Scout 11\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2011\\data\\db\\1100\\lang_db.dat"
"LastSaveGame"="c:\\Documents and Settings\\user\\My Documents\\Sports Interactive\\Football Manager 2011\\games\\RB.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="PSV Eindhoven"
"LastUpdateCheck"=dword:00009e72
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000080
"UniqueID"="06-F955-0E11"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000002
"StaffSearchFeatureNum"=dword:00000000
"ClubSearchFeatureNum"=dword:00000000
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000003
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000001
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1307327007-36217740-427612828-1006\Software\G*e*n*i*e*"!\FM Genie Scout 11g]
"PicturesNumber"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1307327007-36217740-427612828-1006\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"GameDir"="c:\\Documents and Settings\\user\\My Documents\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\user\\My Documents\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Documents and Settings\\user\\My Documents\\Sports Interactive\\Football Manager 2009\\"
"HistoryDir"="c:\\Documents and Settings\\user\\Desktop\\FM Genie Scout 2009 XE\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2009\\data\\db\\900\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000067
"UniqueID"="06-F955-0E11"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-1307327007-36217740-427612828-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e9,4f,44,cc,54,a7,78,26,fa,e0,01,e8,d1,fd,2c,ae,02,64,c6,7d,f4,41,51,
44,0f,10,64,6f,0f,63,24,7d,fd,fc,46,05,01,35,ba,7b,83,1a,34,9a,01,22,04,13,\
"??"=hex:d9,eb,e8,87,54,a1,8d,80,f0,7a,3a,0f,c2,c7,4d,2a
.
[HKEY_USERS\S-1-5-21-1307327007-36217740-427612828-1006\Software\SecuROM\License information*]
"datasecu"=hex:36,b2,16,d6,dd,7a,8a,20,1b,23,2a,1c,fc,97,c2,70,a6,20,f8,3d,3e,
fd,88,7d,04,c8,f1,c3,55,fc,a1,d2,34,14,a4,0d,18,bd,df,5a,df,7d,10,87,60,26,\
"rkeysecu"=hex:c7,ec,4e,a6,56,8d,c7,6a,bd,7e,c5,3f,0f,56,11,1c
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3020)
c:\windows\system32\WININET.dll
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\savedump.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\acer\Empowering Technology\admServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-10-24 22:23:52 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-24 21:23
.
Pre-Run: 3,937,009,664 bytes free
Post-Run: 3,802,857,472 bytes free
.
- - End Of File - - B5F0832434B87D497F9B41F640B2D2E0


Thanks

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:47 AM

Posted 24 October 2011 - 04:39 PM

Hi,

could you please run another scan with ComboFix and let me know if that one freezes as well.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 rochelle bradley

rochelle bradley
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:U.K
  • Local time:11:47 PM

Posted 24 October 2011 - 04:53 PM

Yes,

Again once restarting it brings up the blue combofix box but then when producing the log the computer gives me a blue screen an then shuts down. It said something about a crash dump?

The computer then restarts as normal.

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:47 AM

Posted 24 October 2011 - 04:58 PM

Hi,

in that case, please try running TDSSKiller next:
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

We will try to rerun ComboFix when the main infection is removed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 rochelle bradley

rochelle bradley
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:U.K
  • Local time:11:47 PM

Posted 24 October 2011 - 05:24 PM

23:22:33.0359 3928 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48
23:22:33.0562 3928 ============================================================
23:22:33.0562 3928 Current date / time: 2011/10/24 23:22:33.0562
23:22:33.0562 3928 SystemInfo:
23:22:33.0562 3928
23:22:33.0562 3928 OS Version: 5.1.2600 ServicePack: 3.0
23:22:33.0562 3928 Product type: Workstation
23:22:33.0562 3928 ComputerName: ACER-684C9A655D
23:22:33.0562 3928 UserName: user
23:22:33.0562 3928 Windows directory: C:\WINDOWS
23:22:33.0562 3928 System windows directory: C:\WINDOWS
23:22:33.0562 3928 Processor architecture: Intel x86
23:22:33.0562 3928 Number of processors: 1
23:22:33.0562 3928 Page size: 0x1000
23:22:33.0562 3928 Boot type: Normal boot
23:22:33.0562 3928 ============================================================
23:22:34.0781 3928 Initialize success
23:22:45.0015 1632 ============================================================
23:22:45.0015 1632 Scan started
23:22:45.0015 1632 Mode: Manual;
23:22:45.0015 1632 ============================================================
23:22:45.0750 1632 Abiosdsk - ok
23:22:45.0875 1632 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
23:22:45.0875 1632 abp480n5 - ok
23:22:46.0000 1632 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:22:46.0000 1632 ACPI - ok
23:22:46.0062 1632 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:22:46.0062 1632 ACPIEC - ok
23:22:46.0187 1632 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
23:22:46.0187 1632 adpu160m - ok
23:22:46.0406 1632 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:22:46.0406 1632 aec - ok
23:22:46.0593 1632 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
23:22:46.0593 1632 AegisP - ok
23:22:46.0687 1632 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:22:46.0703 1632 AFD - ok
23:22:46.0781 1632 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
23:22:46.0781 1632 agp440 - ok
23:22:46.0875 1632 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
23:22:46.0875 1632 agpCPQ - ok
23:22:46.0984 1632 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
23:22:46.0984 1632 Aha154x - ok
23:22:47.0109 1632 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
23:22:47.0125 1632 aic78u2 - ok
23:22:47.0234 1632 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
23:22:47.0234 1632 aic78xx - ok
23:22:47.0609 1632 ALCXWDM - ok
23:22:47.0765 1632 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
23:22:47.0765 1632 AliIde - ok
23:22:47.0890 1632 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
23:22:47.0890 1632 alim1541 - ok
23:22:47.0984 1632 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
23:22:47.0984 1632 amdagp - ok
23:22:48.0156 1632 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
23:22:48.0156 1632 AmdK8 - ok
23:22:48.0312 1632 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
23:22:48.0312 1632 amsint - ok
23:22:48.0390 1632 AR5211 (67f7d2c3a9265ee0534e36fe952f2ac4) C:\WINDOWS\system32\DRIVERS\ar5211.sys
23:22:48.0406 1632 AR5211 - ok
23:22:48.0750 1632 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:22:48.0750 1632 Arp1394 - ok
23:22:48.0906 1632 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
23:22:48.0906 1632 asc - ok
23:22:49.0046 1632 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
23:22:49.0046 1632 asc3350p - ok
23:22:49.0203 1632 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
23:22:49.0203 1632 asc3550 - ok
23:22:49.0500 1632 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:22:49.0515 1632 AsyncMac - ok
23:22:49.0671 1632 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:22:49.0687 1632 atapi - ok
23:22:49.0953 1632 Atdisk - ok
23:22:50.0203 1632 ati2mtag (0959c83f18f8a5966afa2ec33bb96d14) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:22:50.0218 1632 ati2mtag - ok
23:22:50.0500 1632 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:22:50.0500 1632 Atmarpc - ok
23:22:50.0640 1632 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:22:50.0640 1632 audstub - ok
23:22:50.0859 1632 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
23:22:50.0875 1632 BCM43XX - ok
23:22:50.0921 1632 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:22:50.0921 1632 Beep - ok
23:22:51.0125 1632 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
23:22:51.0125 1632 BthEnum - ok
23:22:51.0265 1632 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
23:22:51.0265 1632 BthPan - ok
23:22:51.0437 1632 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
23:22:51.0437 1632 BTHPORT - ok
23:22:51.0625 1632 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
23:22:51.0625 1632 BTHUSB - ok
23:22:51.0703 1632 catchme - ok
23:22:51.0781 1632 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
23:22:51.0781 1632 cbidf - ok
23:22:51.0812 1632 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:22:51.0828 1632 cbidf2k - ok
23:22:51.0984 1632 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:22:51.0984 1632 CCDECODE - ok
23:22:52.0125 1632 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
23:22:52.0125 1632 cd20xrnt - ok
23:22:52.0171 1632 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:22:52.0171 1632 Cdaudio - ok
23:22:52.0453 1632 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:22:52.0453 1632 Cdfs - ok
23:22:52.0671 1632 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:22:52.0671 1632 Cdrom - ok
23:22:52.0937 1632 Changer - ok
23:22:53.0250 1632 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:22:53.0250 1632 CmBatt - ok
23:22:53.0390 1632 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
23:22:53.0390 1632 CmdIde - ok
23:22:53.0562 1632 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:22:53.0578 1632 Compbatt - ok
23:22:53.0718 1632 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
23:22:53.0718 1632 Cpqarray - ok
23:22:53.0875 1632 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
23:22:53.0875 1632 dac2w2k - ok
23:22:54.0015 1632 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
23:22:54.0015 1632 dac960nt - ok
23:22:54.0171 1632 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:22:54.0171 1632 Disk - ok
23:22:54.0453 1632 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:22:54.0484 1632 dmboot - ok
23:22:54.0750 1632 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:22:54.0750 1632 dmio - ok
23:22:54.0828 1632 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:22:54.0828 1632 dmload - ok
23:22:55.0078 1632 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:22:55.0078 1632 DMusic - ok
23:22:55.0250 1632 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
23:22:55.0250 1632 dpti2o - ok
23:22:55.0500 1632 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:22:55.0500 1632 drmkaud - ok
23:22:55.0765 1632 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:22:55.0765 1632 Fastfat - ok
23:22:55.0984 1632 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:22:55.0984 1632 Fdc - ok
23:22:56.0125 1632 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
23:22:56.0125 1632 FETNDIS - ok
23:22:56.0359 1632 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:22:56.0359 1632 Fips - ok
23:22:56.0562 1632 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:22:56.0562 1632 Flpydisk - ok
23:22:56.0671 1632 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:22:56.0671 1632 FltMgr - ok
23:22:56.0734 1632 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:22:56.0734 1632 Fs_Rec - ok
23:22:56.0906 1632 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:22:56.0906 1632 Ftdisk - ok
23:22:56.0984 1632 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
23:22:57.0000 1632 gagp30kx - ok
23:22:57.0187 1632 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:22:57.0187 1632 GEARAspiWDM - ok
23:22:57.0453 1632 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:22:57.0453 1632 Gpc - ok
23:22:57.0578 1632 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:22:57.0578 1632 HDAudBus - ok
23:22:57.0734 1632 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:22:57.0734 1632 HidUsb - ok
23:22:57.0875 1632 Hotkey (8b566ea71d5b76157a9cdb78f25a5731) C:\WINDOWS\system32\drivers\Hotkey.sys
23:22:57.0875 1632 Hotkey - ok
23:22:58.0015 1632 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
23:22:58.0015 1632 hpn - ok
23:22:58.0234 1632 HSFHWAZL (a30d7011c1b80a0bc16602d99218d522) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
23:22:58.0234 1632 HSFHWAZL - ok
23:22:58.0484 1632 HSF_DPV (5a5a7721d9c62d77fc0faba9b2cf5be9) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
23:22:58.0515 1632 HSF_DPV - ok
23:22:58.0781 1632 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:22:58.0796 1632 HTTP - ok
23:22:59.0031 1632 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
23:22:59.0031 1632 i2omgmt - ok
23:22:59.0234 1632 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
23:22:59.0234 1632 i2omp - ok
23:22:59.0437 1632 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:22:59.0437 1632 i8042prt - ok
23:22:59.0656 1632 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:22:59.0656 1632 Imapi - ok
23:22:59.0843 1632 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
23:22:59.0843 1632 ini910u - ok
23:22:59.0875 1632 int15.sys - ok
23:23:00.0593 1632 IntcAzAudAddService (90e1b42e49d9e91e5accaaaaefa10ce8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:23:00.0640 1632 IntcAzAudAddService - ok
23:23:00.0953 1632 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:23:00.0953 1632 IntelIde - ok
23:23:01.0046 1632 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:23:01.0046 1632 Ip6Fw - ok
23:23:01.0187 1632 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:23:01.0187 1632 IpFilterDriver - ok
23:23:02.0453 1632 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:23:02.0453 1632 IpInIp - ok
23:23:03.0984 1632 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:23:03.0984 1632 IpNat - ok
23:23:04.0343 1632 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:23:04.0359 1632 IPSec - ok
23:23:04.0640 1632 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
23:23:04.0656 1632 irda - ok
23:23:04.0937 1632 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:23:04.0937 1632 IRENUM - ok
23:23:05.0156 1632 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:23:05.0171 1632 isapnp - ok
23:23:05.0375 1632 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:23:05.0390 1632 Kbdclass - ok
23:23:05.0687 1632 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:23:05.0687 1632 kmixer - ok
23:23:05.0828 1632 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys
23:23:05.0843 1632 KMWDFILTER - ok
23:23:06.0000 1632 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:23:06.0000 1632 KSecDD - ok
23:23:06.0328 1632 lbrtfdc - ok
23:23:06.0656 1632 massfilter - ok
23:23:06.0875 1632 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:23:06.0875 1632 mdmxsdk - ok
23:23:06.0968 1632 Micorsoft Windows Service - ok
23:23:07.0062 1632 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:23:07.0062 1632 mnmdd - ok
23:23:07.0375 1632 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:23:07.0375 1632 Modem - ok
23:23:07.0531 1632 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:23:07.0531 1632 Mouclass - ok
23:23:07.0718 1632 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:23:07.0718 1632 mouhid - ok
23:23:07.0968 1632 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:23:07.0968 1632 MountMgr - ok
23:23:08.0109 1632 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
23:23:08.0125 1632 mraid35x - ok
23:23:08.0390 1632 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:23:08.0406 1632 MRxDAV - ok
23:23:09.0078 1632 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:23:09.0109 1632 MRxSmb - ok
23:23:09.0796 1632 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:23:09.0796 1632 Msfs - ok
23:23:10.0109 1632 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:23:10.0109 1632 MSKSSRV - ok
23:23:10.0359 1632 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:23:10.0359 1632 MSPCLOCK - ok
23:23:10.0625 1632 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:23:10.0625 1632 MSPQM - ok
23:23:10.0703 1632 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:23:10.0703 1632 mssmbios - ok
23:23:10.0906 1632 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:23:10.0906 1632 MSTEE - ok
23:23:11.0015 1632 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:23:11.0015 1632 Mup - ok
23:23:11.0218 1632 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:23:11.0218 1632 NABTSFEC - ok
23:23:11.0437 1632 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:23:11.0437 1632 NDIS - ok
23:23:11.0640 1632 NdisFilt (1f76996253071cbae0a5ab5d8551ef88) C:\WINDOWS\system32\Drivers\NdisFilt.sys
23:23:11.0640 1632 NdisFilt - ok
23:23:11.0828 1632 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:23:11.0828 1632 NdisIP - ok
23:23:11.0953 1632 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:23:11.0968 1632 NdisTapi - ok
23:23:12.0234 1632 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:23:12.0250 1632 Ndisuio - ok
23:23:12.0562 1632 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:23:12.0562 1632 NdisWan - ok
23:23:12.0718 1632 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:23:12.0718 1632 NDProxy - ok
23:23:12.0937 1632 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:23:12.0937 1632 NetBIOS - ok
23:23:13.0156 1632 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:23:13.0171 1632 NetBT - ok
23:23:13.0421 1632 NETMNT (6a25f27202f3122a44a6b74ee46e7a76) C:\WINDOWS\system32\DRIVERS\NETMNT.sys
23:23:13.0421 1632 NETMNT - ok
23:23:13.0687 1632 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:23:13.0687 1632 NIC1394 - ok
23:23:13.0890 1632 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:23:13.0890 1632 Npfs - ok
23:23:14.0109 1632 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
23:23:14.0109 1632 NSCIRDA - ok
23:23:14.0359 1632 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:23:14.0375 1632 Ntfs - ok
23:23:14.0562 1632 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
23:23:14.0562 1632 NTIDrvr - ok
23:23:14.0625 1632 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:23:14.0625 1632 Null - ok
23:23:14.0718 1632 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:23:14.0718 1632 NwlnkFlt - ok
23:23:14.0765 1632 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:23:14.0765 1632 NwlnkFwd - ok
23:23:15.0000 1632 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:23:15.0000 1632 ohci1394 - ok
23:23:15.0218 1632 OsaFsLoc (26c4a4b64d1dd8e6fdfb2f4897be029c) C:\WINDOWS\system32\drivers\OsaFsLoc.sys
23:23:15.0218 1632 OsaFsLoc - ok
23:23:15.0343 1632 osaio (9d1177c2a8de936b33d85ff75e8cbf1a) C:\WINDOWS\system32\drivers\osaio.sys
23:23:15.0343 1632 osaio - ok
23:23:15.0578 1632 osanbm (3245bee5176697faf0744a2e1288dc77) C:\WINDOWS\system32\drivers\osanbm.sys
23:23:15.0578 1632 osanbm - ok
23:23:15.0765 1632 PAC207 (4a410c7aea51123519c20d43a20bce96) C:\WINDOWS\system32\DRIVERS\PFC027.SYS
23:23:15.0781 1632 PAC207 - ok
23:23:16.0062 1632 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
23:23:16.0062 1632 Parport - ok
23:23:16.0296 1632 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:23:16.0296 1632 PartMgr - ok
23:23:16.0359 1632 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:23:16.0359 1632 ParVdm - ok
23:23:16.0593 1632 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:23:16.0593 1632 PCI - ok
23:23:16.0890 1632 PCIDump - ok
23:23:17.0062 1632 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:23:17.0062 1632 PCIIde - ok
23:23:17.0296 1632 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:23:17.0296 1632 Pcmcia - ok
23:23:17.0593 1632 PDCOMP - ok
23:23:17.0906 1632 PDFRAME - ok
23:23:18.0218 1632 PDRELI - ok
23:23:18.0500 1632 PDRFRAME - ok
23:23:18.0656 1632 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
23:23:18.0656 1632 perc2 - ok
23:23:18.0796 1632 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
23:23:18.0796 1632 perc2hib - ok
23:23:18.0968 1632 POWERKEY (582099b89753bdc29db151e73c3fd4d9) C:\Program Files\Launch Manager\POWERKEY.sys
23:23:18.0968 1632 POWERKEY - ok
23:23:19.0281 1632 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:23:19.0281 1632 PptpMiniport - ok
23:23:19.0500 1632 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
23:23:19.0500 1632 Processor - ok
23:23:19.0781 1632 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:23:19.0781 1632 PSched - ok
23:23:19.0828 1632 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:23:19.0828 1632 Ptilink - ok
23:23:19.0984 1632 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
23:23:19.0984 1632 ql1080 - ok
23:23:20.0109 1632 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
23:23:20.0109 1632 Ql10wnt - ok
23:23:20.0250 1632 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
23:23:20.0250 1632 ql12160 - ok
23:23:20.0375 1632 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
23:23:20.0375 1632 ql1240 - ok
23:23:20.0515 1632 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
23:23:20.0515 1632 ql1280 - ok
23:23:20.0546 1632 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:23:20.0546 1632 RasAcd - ok
23:23:20.0703 1632 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
23:23:20.0703 1632 Rasirda - ok
23:23:20.0921 1632 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:23:20.0921 1632 Rasl2tp - ok
23:23:21.0171 1632 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:23:21.0171 1632 RasPppoe - ok
23:23:21.0203 1632 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:23:21.0203 1632 Raspti - ok
23:23:21.0406 1632 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:23:21.0406 1632 Rdbss - ok
23:23:21.0453 1632 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:23:21.0453 1632 RDPCDD - ok
23:23:21.0703 1632 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:23:21.0703 1632 rdpdr - ok
23:23:21.0921 1632 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
23:23:21.0937 1632 RDPWD - ok
23:23:22.0125 1632 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:23:22.0125 1632 redbook - ok
23:23:22.0250 1632 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
23:23:22.0250 1632 RFCOMM - ok
23:23:22.0546 1632 RimUsb - ok
23:23:22.0671 1632 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
23:23:22.0671 1632 RimVSerPort - ok
23:23:22.0750 1632 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
23:23:22.0750 1632 ROOTMODEM - ok
23:23:22.0921 1632 RTL8023xp (4a0ae7891fcf74acc848b109294cb80f) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
23:23:22.0921 1632 RTL8023xp - ok
23:23:23.0078 1632 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
23:23:23.0078 1632 rtl8139 - ok
23:23:23.0171 1632 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
23:23:23.0171 1632 sdbus - ok
23:23:23.0406 1632 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:23:23.0406 1632 Secdrv - ok
23:23:23.0640 1632 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:23:23.0640 1632 Serenum - ok
23:23:23.0875 1632 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
23:23:23.0875 1632 Serial - ok
23:23:24.0203 1632 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
23:23:24.0203 1632 Sfloppy - ok
23:23:24.0281 1632 SI15CI - ok
23:23:24.0531 1632 Simbad - ok
23:23:24.0734 1632 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
23:23:24.0734 1632 sisagp - ok
23:23:24.0843 1632 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:23:24.0843 1632 SLIP - ok
23:23:25.0000 1632 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
23:23:25.0000 1632 Sparrow - ok
23:23:25.0218 1632 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:23:25.0234 1632 splitter - ok
23:23:25.0421 1632 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:23:25.0421 1632 sr - ok
23:23:25.0531 1632 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:23:25.0531 1632 Srv - ok
23:23:25.0734 1632 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
23:23:25.0750 1632 StarOpen - ok
23:23:25.0937 1632 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:23:25.0937 1632 streamip - ok
23:23:26.0171 1632 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:23:26.0171 1632 swenum - ok
23:23:26.0421 1632 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:23:26.0421 1632 swmidi - ok
23:23:26.0609 1632 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
23:23:26.0609 1632 symc810 - ok
23:23:26.0734 1632 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
23:23:26.0734 1632 symc8xx - ok
23:23:26.0812 1632 SYMIDSCO - ok
23:23:26.0937 1632 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
23:23:26.0937 1632 sym_hi - ok
23:23:27.0093 1632 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
23:23:27.0093 1632 sym_u3 - ok
23:23:27.0250 1632 SynTP (1a8e6b04907687a8eed75c8031b679fd) C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:23:27.0250 1632 SynTP - ok
23:23:27.0515 1632 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:23:27.0515 1632 sysaudio - ok
23:23:27.0671 1632 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:23:27.0687 1632 Tcpip - ok
23:23:27.0953 1632 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:23:27.0953 1632 TDPIPE - ok
23:23:28.0187 1632 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:23:28.0187 1632 TDTCP - ok
23:23:28.0421 1632 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:23:28.0437 1632 TermDD - ok
23:23:28.0656 1632 tffsport (d9d5e4ca72270e9f3eca97da0983ab87) C:\WINDOWS\system32\DRIVERS\tffsport.sys
23:23:28.0656 1632 tffsport - ok
23:23:28.0937 1632 tifm21 - ok
23:23:29.0078 1632 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
23:23:29.0078 1632 TosIde - ok
23:23:29.0296 1632 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
23:23:29.0296 1632 UBHelper - ok
23:23:29.0531 1632 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:23:29.0531 1632 Udfs - ok
23:23:29.0671 1632 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
23:23:29.0687 1632 ultra - ok
23:23:30.0000 1632 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:23:30.0015 1632 Update - ok
23:23:30.0343 1632 upperdev - ok
23:23:30.0515 1632 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
23:23:30.0515 1632 USBAAPL - ok
23:23:30.0734 1632 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
23:23:30.0734 1632 usbaudio - ok
23:23:30.0937 1632 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:23:30.0937 1632 usbccgp - ok
23:23:31.0250 1632 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:23:31.0265 1632 usbehci - ok
23:23:31.0531 1632 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:23:31.0531 1632 usbhub - ok
23:23:31.0781 1632 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:23:31.0781 1632 usbohci - ok
23:23:32.0000 1632 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:23:32.0000 1632 usbscan - ok
23:23:32.0218 1632 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:23:32.0218 1632 usbstor - ok
23:23:32.0468 1632 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:23:32.0468 1632 usbuhci - ok
23:23:32.0718 1632 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:23:32.0734 1632 VgaSave - ok
23:23:33.0796 1632 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
23:23:33.0796 1632 viaagp - ok
23:23:34.0140 1632 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:23:34.0140 1632 ViaIde - ok
23:23:34.0343 1632 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:23:34.0343 1632 VolSnap - ok
23:23:35.0312 1632 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:23:35.0328 1632 Wanarp - ok
23:23:38.0500 1632 Wbutton - ok
23:23:39.0859 1632 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
23:23:39.0937 1632 Wdf01000 - ok
23:23:40.0593 1632 WDICA - ok
23:23:41.0000 1632 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:23:41.0015 1632 wdmaud - ok
23:23:41.0437 1632 winachsf (e0a00b06ea067c84e124b407dffa1af1) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:23:41.0546 1632 winachsf - ok
23:23:42.0203 1632 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:23:42.0203 1632 WmiAcpi - ok
23:23:42.0453 1632 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:23:42.0453 1632 WpdUsb - ok
23:23:42.0890 1632 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:23:42.0937 1632 WSTCODEC - ok
23:23:43.0312 1632 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:23:43.0312 1632 WudfPf - ok
23:23:43.0546 1632 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:23:43.0546 1632 WudfRd - ok
23:23:44.0250 1632 ZTEusbmdm6k - ok
23:23:44.0609 1632 ZTEusbnmea - ok
23:23:44.0906 1632 ZTEusbser6k - ok
23:23:45.0234 1632 zupsdlzz - ok
23:23:45.0312 1632 MBR (0x1B8) (99852d5c3a78447c3d6d82b6155fe848) \Device\Harddisk0\DR0
23:23:46.0421 1632 \Device\Harddisk0\DR0 - ok
23:23:46.0437 1632 Boot (0x1200) (4f7ca606f0d0ebb7cf726139e759cecb) \Device\Harddisk0\DR0\Partition0
23:23:46.0437 1632 \Device\Harddisk0\DR0\Partition0 - ok
23:23:46.0468 1632 Boot (0x1200) (e83e6f10c74fa145db0649b1d7e844f7) \Device\Harddisk0\DR0\Partition1
23:23:46.0468 1632 \Device\Harddisk0\DR0\Partition1 - ok
23:23:46.0468 1632 ============================================================
23:23:46.0468 1632 Scan finished
23:23:46.0468 1632 ============================================================
23:23:46.0500 3724 Detected object count: 0
23:23:46.0500 3724 Actual detected object count: 0
23:23:55.0656 0116 Deinitialize success

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:47 AM

Posted 24 October 2011 - 05:55 PM

Hi,

hmm, that didn't pick up anything. Can you please rename combofix to fun.com and see if it will run through normally then.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 rochelle bradley

rochelle bradley
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:U.K
  • Local time:11:47 PM

Posted 24 October 2011 - 06:17 PM

No it crashed again.

Once it's done its scan the laptop restarts.
I get the message

"Preparing Log Report...
Do not run any program until ComboFix has finished"


and then the whole screen goes blue with white writing telling me about a crash dump and then the laptop restarts again.

It's only when it tries to produce the log.

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:47 AM

Posted 25 October 2011 - 02:27 AM

Hi,
We need to scan the system with this special tool.
  • Please download Junction.zip and save it.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Go to Start => Run... => Copy and paste the following command in the run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

    A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.

Please also try to run the following script with ComboFix:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\documents and settings\user\Start Menu\Programs\Startup\rproxnes.exe
rootkit::
c:\documents and settings\user\Start Menu\Programs\Startup\rproxnes.exe


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users