Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ping.exe processes randomly starting and hogging memory


  • This topic is locked This topic is locked
26 replies to this topic

#1 David B B

David B B

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 04 December 2011 - 09:24 PM

Ok, here's the brief history (it's been days I've been at this)
1. Got hit by "System Fix" malware - cured
2. Got hit by XP Security 2012 malware - cured
3. Got hit by Privacy Protection malware and .exe's disabled - cured thanks to your help

... persisting through all this, I've had spurious "ping.exe" processes starting
on my system and then sucking up memory. pulls up to 500

Since I cured Privacy Protection, I've been running MBAM as my protection and it
keeps popping up messages saying:

Malwarebytes Anti-Malware:
Successfully blocked access to a potentially malicious
website 83.133.124.195

Type: Outgoing


I've been following the instructions to get the log files from OTL and GMER
as instructed by the previously posted information. Here's what I've gotten:

From OTL (which did run to completion):
OTL logfile created on: 12/4/2011 3:04:13 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\dbbianco\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.40 Mb Total Physical Memory | 381.28 Mb Available Physical Memory | 37.26% Memory free
2.40 Gb Paging File | 1.81 Gb Available in Paging File | 75.37% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.28 Gb Total Space | 1.25 Gb Free Space | 1.77% Space Free | Partition Type: NTFS

Computer Name: CLEMATIS | User Name: dbbianco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\dbbianco\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\system32\ping.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
PRC - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe (McAfee Corporation)
PRC - C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe (McAfee Security)
PRC - c:\Program Files\McAfee.com\Agent\Mcdetect.exe (McAfee, Inc)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
PRC - c:\Program Files\McAfee.com\Agent\McTskshd.exe (McAfee, Inc)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe ()
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\1XConfig.exe (Intel)
PRC - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)


========== Modules (No Company Name) ==========

MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_2486ff51\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_80a163cf\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_0496ff1d\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
MOD - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
MOD - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe ()
MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()
MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\Program Files\Dell\QuickSet\quickset.exe ()
MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()


========== Win32 Services (SafeList) ==========

SRV - (ThreatFire) -- File not found
SRV - (HidServ) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (MpfService) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe (McAfee Corporation)
SRV - (McDetect.exe) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe (McAfee, Inc)
SRV - (McTskshd.exe) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe (McAfee, Inc)
SRV - (mcupdmgr.exe) -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe (McAfee, Inc)
SRV - (WLANKEEPER) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (TFSysMon) -- C:\WINDOWS\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\WINDOWS\system32\drivers\TfNetMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\WINDOWS\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (NetBT) -- C:\WINDOWS\system32\drivers\netbt.sys ()
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (MPFIREWL) -- C:\WINDOWS\system32\drivers\MpFirewall.sys (McAfee)
DRV - (3xHybrid) -- C:\WINDOWS\system32\drivers\3xHybrid.sys (Philips Semiconductors GmbH)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (IWCA) -- C:\WINDOWS\system32\drivers\iwca.sys (Intel Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.frontiernet.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://home.frontiernet.net/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local,localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011/08/13 09:09:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 23:34:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/09/02 19:55:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dbbianco\Application Data\Mozilla\Extensions
[2011/10/16 08:27:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dbbianco\Application Data\Mozilla\Firefox\Profiles\skj7xcog.default\extensions
[2011/12/02 22:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/16 19:29:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/10 20:44:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/12/02 22:07:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DBBIANCO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SKJ7XCOG.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011/08/13 09:09:31 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/10 20:44:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/30 11:41:02 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2011/08/30 11:41:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/08/30 11:41:02 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2011/08/30 11:41:02 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2011/11/10 20:44:29 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2011/08/30 11:41:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2011/08/30 11:41:02 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: live.com ([login] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://frontier.webex.com/client/T26L/support/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9172A8FB-DBB1-4416-95A0-5061FA7FC7CA}: Domain = domain.invalid
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C620E5E0-9C1A-4565-9ADE-1E83AA44FF95}: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - (C:\Program Files\Intel\Wireless\Bin\LgNotify.dll) - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\dbbianco\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\dbbianco\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 14:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/04 15:02:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\dbbianco\Desktop\OTL.exe
[2011/12/04 08:00:34 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\dbbianco\Desktop\foo123.com
[2011/12/04 07:49:28 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\dbbianco\Desktop\1234.com
[2011/12/03 20:48:48 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\dbbianco\Desktop\iexplore.com.exe
[2011/12/03 17:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/03 17:40:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/03 17:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/03 17:09:33 | 000,349,184 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\dbbianco\Local Settings\Application Data\elv.exe
[2011/12/02 22:07:44 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/12/02 22:07:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/12/02 22:07:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/12/01 22:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dbbianco\Local Settings\Application Data\Threat Expert
[2011/12/01 21:32:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\dbbianco\IECompatCache
[2011/12/01 20:06:41 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/01 19:46:26 | 000,069,392 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2011/12/01 19:46:24 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2011/12/01 19:46:23 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2011/12/01 19:46:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\dbbianco\Recent
[2011/12/01 17:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/12/01 17:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/12/01 17:29:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/11/16 19:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/11/12 15:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/11 23:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/11/11 23:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/11/11 23:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/11/11 23:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/11 23:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/11 23:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2006/10/24 20:51:50 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\dbbianco\My Documents\*.tmp files -> C:\Documents and Settings\dbbianco\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/04 15:14:01 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/12/04 15:02:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dbbianco\Desktop\OTL.exe
[2011/12/04 14:52:18 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/04 14:52:15 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/04 12:07:02 | 000,232,544 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2011/12/04 10:13:46 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\dbbianco\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/04 10:13:46 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/04 09:51:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/04 09:50:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/04 09:50:44 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/12/04 09:50:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/04 09:50:29 | 1073,180,672 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/04 07:40:24 | 001,008,114 | ---- | M] () -- C:\Documents and Settings\dbbianco\Desktop\rkill.com
[2011/12/04 07:37:28 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\dbbianco\Desktop\foo123.com
[2011/12/04 07:37:28 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\dbbianco\Desktop\1234.com
[2011/12/03 19:48:22 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\dbbianco\Desktop\iexplore.com.exe
[2011/12/03 17:34:40 | 000,015,214 | -HS- | M] () -- C:\Documents and Settings\dbbianco\Local Settings\Application Data\u4ld08p3bp4lfq
[2011/12/03 17:34:40 | 000,015,214 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\u4ld08p3bp4lfq
[2011/12/02 21:54:32 | 002,163,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/02 21:50:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/02 20:38:52 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\dbbianco\Desktop\avenger.zip
[2011/12/02 14:07:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/12/02 00:31:56 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\dbbianco\Desktop\Family Tree.lnk
[2011/11/29 10:01:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/16 19:23:43 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/11/16 00:05:51 | 000,128,512 | ---- | M] () -- C:\Documents and Settings\dbbianco\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/13 19:52:14 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/11/12 15:58:45 | 000,001,951 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/11 23:36:27 | 000,001,640 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/11/11 23:30:13 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/11/11 22:47:25 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/11/09 08:29:56 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/09 08:26:12 | 000,400,090 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/09 08:26:12 | 000,061,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\dbbianco\My Documents\*.tmp files -> C:\Documents and Settings\dbbianco\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/04 08:05:53 | 1073,180,672 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/04 07:49:52 | 001,008,114 | ---- | C] () -- C:\Documents and Settings\dbbianco\Desktop\rkill.com
[2011/12/03 17:09:36 | 000,015,214 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\u4ld08p3bp4lfq
[2011/12/03 17:09:35 | 000,015,214 | -HS- | C] () -- C:\Documents and Settings\dbbianco\Local Settings\Application Data\u4ld08p3bp4lfq
[2011/12/02 20:38:37 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\dbbianco\Desktop\avenger.zip
[2011/12/02 00:41:50 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/12/02 00:41:50 | 000,001,841 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2011/12/02 00:41:50 | 000,001,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Simple Start Edition.lnk
[2011/12/02 00:41:50 | 000,001,640 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/12/02 00:41:50 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/12/02 00:41:50 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2011/12/02 00:41:50 | 000,000,441 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2011/12/02 00:41:49 | 000,001,951 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/12/02 00:41:49 | 000,001,773 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Age of Mythology.lnk
[2011/12/02 00:41:49 | 000,001,765 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/12/02 00:41:49 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\innoVUE 8.0.lnk
[2011/12/02 00:41:49 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/02 00:41:49 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fiesta Download Manager.lnk
[2011/12/02 00:41:49 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FLV Player.lnk
[2011/12/02 00:41:49 | 000,000,537 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Intellipoint Pro 6.52.lnk
[2011/12/02 00:41:44 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\dbbianco\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/12/02 00:41:44 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\dbbianco\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/12/02 00:41:43 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\dbbianco\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk
[2011/12/02 00:41:43 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\dbbianco\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/02 00:41:43 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\dbbianco\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/02 00:41:43 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\dbbianco\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2011/12/02 00:41:43 | 000,000,459 | ---- | C] () -- C:\Documents and Settings\dbbianco\Application Data\Microsoft\Internet Explorer\Quick Launch\RegCure.lnk
[2011/12/02 00:41:43 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\dbbianco\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/12/02 00:41:32 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2011/12/02 00:41:25 | 000,001,934 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Plus! Photo Story 2 LE.lnk
[2011/12/02 00:41:25 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/12/02 00:41:25 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/12/02 00:41:25 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD.lnk
[2011/12/02 00:41:25 | 000,001,681 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Media Experience.lnk
[2011/12/02 00:41:25 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/02 00:41:25 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/12/02 00:41:25 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/12/02 00:41:24 | 000,002,399 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat Elements 6.0.lnk
[2011/12/02 00:41:24 | 000,002,377 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 6.0.lnk
[2011/12/02 00:41:24 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2011/12/02 00:41:24 | 000,001,776 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2011/12/02 00:41:24 | 000,001,773 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2011/12/02 00:41:24 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help Center.lnk
[2011/12/02 00:41:24 | 000,001,726 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge.lnk
[2011/12/02 00:41:24 | 000,001,269 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Illustrator CS4.lnk
[2011/12/02 00:41:24 | 000,001,147 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Drive CS4.lnk
[2011/12/02 00:41:24 | 000,001,140 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
[2011/12/02 00:41:24 | 000,001,038 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Extension Manager CS4.lnk
[2011/12/02 00:41:24 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS4.lnk
[2011/12/02 00:41:24 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS4.lnk
[2011/12/02 00:31:56 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\dbbianco\Desktop\Family Tree.lnk
[2011/12/01 20:06:54 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\dbbianco\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/01 20:06:54 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/01 18:39:15 | 000,056,360 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/07 18:59:30 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\tiff2pdf.dll
[2009/05/14 08:57:05 | 000,000,143 | ---- | C] () -- C:\WINDOWS\MMLAW.INI
[2009/03/19 22:24:38 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/17 18:09:13 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/02/28 22:05:37 | 000,000,048 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/02/25 08:48:42 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/01/26 12:46:37 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/12/16 20:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 20:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/06/06 21:50:35 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2007/11/27 16:43:17 | 000,002,173 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/07 10:21:54 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\dbbianco\Local Settings\Application Data\fusioncache.dat
[2006/12/07 22:40:08 | 000,001,940 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/10/30 10:29:36 | 000,102,007 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2006/10/30 10:29:36 | 000,017,218 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2006/10/24 20:51:47 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll
[2006/09/06 15:46:19 | 000,001,444 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2006/04/01 08:19:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2006/02/15 22:22:53 | 000,128,512 | ---- | C] () -- C:\Documents and Settings\dbbianco\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/15 13:42:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\p3xunist.exe
[2006/02/15 13:42:21 | 000,002,611 | ---- | C] () -- C:\WINDOWS\TVP3XDrv.ini
[2006/02/15 13:40:27 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2005/06/10 21:06:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/04/27 15:58:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/04/27 15:54:58 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/04/27 15:49:53 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/04/27 15:36:09 | 000,000,682 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/27 15:32:29 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/04/27 15:07:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/04/27 15:07:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/04/27 15:06:06 | 000,000,372 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 21:12:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/12 05:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/08/11 14:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 14:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 14:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 14:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 14:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 14:06:43 | 002,163,568 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 14:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 14:00:28 | 000,400,090 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 14:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 14:00:28 | 000,061,488 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 14:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 14:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 14:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 14:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 14:00:23 | 000,162,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\netbt.sys
[2004/08/11 14:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 14:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 14:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 14:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 12:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/08/31 04:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fiesta Download Manager
[2010/09/09 07:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/09/08 22:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/02/01 13:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/12/02 19:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/04/27 15:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/07/26 22:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/29 21:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/15 22:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/02/23 21:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dbbianco\Application Data\Downloaded Installations
[2011/08/31 04:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dbbianco\Application Data\gtk-2.0
[2005/06/28 21:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dbbianco\Application Data\Leadertech
[2006/12/26 14:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dbbianco\Application Data\Opera
[2007/12/18 18:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dbbianco\Application Data\uTorrent
[2011/12/04 09:50:44 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2011/08/25 07:24:32 | 000,000,378 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >



Now, GMER isn't being quite so cooperative. It starts scanning and then
deadlocks my system right as it says it is scanning "SYSTEM\WPA\SigningHash-V44QMCFXKQCTQ".

Well, almost complete deadlock. I can move my cursor via mouse, but the only thing I can
do is click on "START" which will bring up the menu and then absolutely nothing else is
possible. Have to do a power cycle to reboot.

GMER deadlocks at exactly the same place very reproducably.

So, not sure what to do, since that's not anticipated behaviour based on the instructions.
Hopefully, one of you wonderful folks will be able to help me out.

THanks,
David

Edited by Budapest, 05 December 2011 - 12:55 AM.
Moved from AII ~Budapest


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:15 PM

Posted 07 December 2011 - 11:14 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 David B B

David B B
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 08 December 2011 - 11:54 PM

Hi Gringo,

Thanks for your reply...

Just going to add that I have one additional symptom that has been plaguing me since
the onset of the first malware hit (the "System Fix" malware)... I've been having
intermittent trouble with booting my system. It gets partway through boot and then
blue screens with the error being that there is an error in the registry hive file or
log. Sometimes I can't boot unless I "boot with last successful configuration". Sometimes
I can't boot that either. It's very confusing, but I hope it won't be an issue
running through combofix.

I'll be trying out combofix tomorrow AM. Too exhausted right now.

I'll report back shortly.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:15 PM

Posted 09 December 2011 - 12:35 AM

ok see you then


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 David B B

David B B
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 09 December 2011 - 12:11 PM

Hi Again Gringo,

Ok, I'm not overly enthralled with what happened... I did manage to summon up the
endurance to try combofix last night. Here's what I did:

1. Installed combofix.exe onto the desktop and copying the instructions into a notepad file

2. Shut off Malwarebytes Pro from being in active state
3. Shut off my wireless networking adaptor (not protected, I just don't need any more stuff to fight)
4. Turned off my firewall (only part of macafee I'm running)
5. made sure no other user processes were running (at least ones I control)
6. Started Task Manager so I could watch what was going on
7. Started combofix...

it started, did it's initial window of set up things and then after a brief pause that window went away and
a DOS-like window started up with the header "C: ." background color dark blue. and there it sat...
for 8 hours...

Task manager towards the end of this time period showed the following unusual processes running:
- 3 ping.exe processes, one using about 161 MB memory, the other two running at about 3-5 MB
- one PING.3XE process, running at about 7 MB
- no process titled combofix of any form.

At this point, (I'm a patient man, but this is rather less than productive) I tried to:
- stop the combofix window, unsuccessful
- kill the ping.exe processes, unsuccessful (by kill here I mean via "end process" from task manager)
- kill the PING.3XE process, unsuccessful
- Tried starting back up wireless network svcs, got stuck "acquiring network address"
- without much else being possible, I started trying to reboot... unsuccessful
- Tried manually to kill all non-essential non-OS processes, which was successful, but still reboot would not complete

Finally had to press the power button.

and now I'm back up and running, writing this to you...

Now for a couple questions. Please be aware that I've been in the computer/software industry as a UNIX kernel
level software tech support person for years, so I'm quite reasonably OS and S/W savvy...

I've previously reviewed other forum entries regarding people who have this ping.exe
issue, and one or more of the people helping debug had indicated that combofix shouldn't be used... so I'm
just curious, Under what circumstances should combofix be used for this problem versus not being used?

What precisely does combofix look for, and presumably fix?

This ping.exe problem appears to be quite common, yet there appears to be no baseline symantics that
the people help find the problem are using to find the "rogue" s/w component. Are we looking for a
DLL or are we looking for an exe?

Is there absolutely no way on windows to be able to connect to a running process to see it's stack
and find out which parent process started it? Clearly these rogue ping.exe processes are getting
started by some other library or dll or exe, and clearly if they can manage to persist for hours
gaining memory consumption (I just killed one that started shortly after I started typing this
response that was up to 165MB memory) there must be "options" to ping that allow it to be running
more than the standard 1 minute or so...

That's all I've got for now... Let me know what I should do next.

Thanks,
David

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:15 PM

Posted 09 December 2011 - 03:04 PM

Hello

I've previously reviewed other forum entries regarding people who have this ping.exe
issue, and one or more of the people helping debug had indicated that combofix shouldn't be used... so I'm
just curious, Under what circumstances should combofix be used for this problem versus not being used?

I like to start with combofix as it makes about three different types of backups that we can use if something goes wrong, It may not clear this infection all the time but gives me a base to start.

What precisely does combofix look for, and presumably fix?
this is a to long of a list and an open forum is not the place to talk about it. the people that do make virus watch us very closely to see how we beat them so they can make harder ones tomorrow

This ping.exe problem appears to be quite common, yet there appears to be no baseline symantics that
the people help find the problem are using to find the "rogue" s/w component. Are we looking for a
DLL or are we looking for an exe?

None, it gets its start from the MBR

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo

Edited by gringo_pr, 09 December 2011 - 03:05 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 David B B

David B B
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 09 December 2011 - 06:20 PM

OK,

I've run TDSSKiller within the last week, but it still appears to have been updated from 2.6.21 to 2.6.22
since I last ran it. The good news is that it seems to have found a new rootkit on my system (maybe that's
what was in the new update....). Apparently "NetBT ( Rootkit.Win32.ZAccess.k )" was what it found.

So, it ran, and required a reboot... Here's the log file:

15:08:16.0781 3032 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
15:08:18.0234 3032 ============================================================
15:08:18.0250 3032 Current date / time: 2011/12/09 15:08:18.0234
15:08:18.0250 3032 SystemInfo:
15:08:18.0250 3032
15:08:18.0250 3032 OS Version: 5.1.2600 ServicePack: 3.0
15:08:18.0250 3032 Product type: Workstation
15:08:18.0250 3032 ComputerName: CLEMATIS
15:08:18.0250 3032 UserName: dbbianco
15:08:18.0250 3032 Windows directory: C:\WINDOWS
15:08:18.0250 3032 System windows directory: C:\WINDOWS
15:08:18.0250 3032 Processor architecture: Intel x86
15:08:18.0250 3032 Number of processors: 1
15:08:18.0250 3032 Page size: 0x1000
15:08:18.0250 3032 Boot type: Normal boot
15:08:18.0250 3032 ============================================================
15:08:19.0656 3032 Initialize success
15:08:21.0781 3648 ============================================================
15:08:21.0781 3648 Scan started
15:08:21.0781 3648 Mode: Manual;
15:08:21.0781 3648 ============================================================
15:08:23.0609 3648 3xHybrid (baae94297a1a83cdd5eb81f3107bca43) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
15:08:23.0656 3648 3xHybrid - ok
15:08:23.0859 3648 Abiosdsk - ok
15:08:23.0906 3648 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:08:23.0906 3648 abp480n5 - ok
15:08:23.0953 3648 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:08:23.0953 3648 ACPI - ok
15:08:24.0000 3648 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:08:24.0000 3648 ACPIEC - ok
15:08:24.0062 3648 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
15:08:24.0062 3648 adfs - ok
15:08:24.0093 3648 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:08:24.0109 3648 adpu160m - ok
15:08:24.0156 3648 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
15:08:24.0156 3648 aec - ok
15:08:24.0203 3648 AegisP (076394a345ee5e9e3911fc0f058f4f38) C:\WINDOWS\system32\DRIVERS\AegisP.sys
15:08:24.0203 3648 AegisP - ok
15:08:24.0265 3648 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:08:24.0265 3648 AFD - ok
15:08:24.0390 3648 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:08:24.0390 3648 agp440 - ok
15:08:24.0421 3648 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:08:24.0421 3648 agpCPQ - ok
15:08:24.0468 3648 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:08:24.0468 3648 Aha154x - ok
15:08:24.0515 3648 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:08:24.0546 3648 aic78u2 - ok
15:08:24.0750 3648 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:08:24.0765 3648 aic78xx - ok
15:08:24.0812 3648 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:08:24.0828 3648 AliIde - ok
15:08:24.0859 3648 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:08:24.0859 3648 alim1541 - ok
15:08:24.0875 3648 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:08:24.0875 3648 amdagp - ok
15:08:24.0890 3648 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:08:24.0906 3648 amsint - ok
15:08:24.0968 3648 ApfiltrService (aeb775a2bae0f392ba6adc0bb706233a) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
15:08:24.0968 3648 ApfiltrService - ok
15:08:25.0031 3648 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
15:08:25.0031 3648 APPDRV - ok
15:08:25.0093 3648 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:08:25.0093 3648 Arp1394 - ok
15:08:25.0125 3648 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:08:25.0125 3648 asc - ok
15:08:25.0156 3648 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:08:25.0156 3648 asc3350p - ok
15:08:25.0203 3648 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:08:25.0203 3648 asc3550 - ok
15:08:25.0250 3648 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
15:08:25.0250 3648 ASCTRM - ok
15:08:25.0312 3648 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:08:25.0312 3648 AsyncMac - ok
15:08:25.0375 3648 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:08:25.0375 3648 atapi - ok
15:08:25.0390 3648 Atdisk - ok
15:08:25.0453 3648 ati2mtag (5b75176663f88e90f14a87e57b8562a4) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:08:25.0468 3648 ati2mtag - ok
15:08:25.0578 3648 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:08:25.0578 3648 Atmarpc - ok
15:08:25.0609 3648 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:08:25.0609 3648 audstub - ok
15:08:25.0625 3648 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
15:08:25.0625 3648 bcm4sbxp - ok
15:08:25.0687 3648 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:08:25.0687 3648 Beep - ok
15:08:25.0703 3648 bvrp_pci - ok
15:08:25.0734 3648 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:08:25.0734 3648 cbidf - ok
15:08:25.0750 3648 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:08:25.0750 3648 cbidf2k - ok
15:08:25.0812 3648 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:08:25.0843 3648 CCDECODE - ok
15:08:25.0906 3648 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:08:25.0921 3648 cd20xrnt - ok
15:08:26.0078 3648 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:08:26.0078 3648 Cdaudio - ok
15:08:26.0328 3648 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:08:26.0328 3648 Cdfs - ok
15:08:26.0359 3648 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:08:26.0359 3648 Cdrom - ok
15:08:26.0375 3648 Changer - ok
15:08:26.0437 3648 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:08:26.0437 3648 CmBatt - ok
15:08:26.0468 3648 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:08:26.0468 3648 CmdIde - ok
15:08:26.0484 3648 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:08:26.0484 3648 Compbatt - ok
15:08:26.0531 3648 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:08:26.0531 3648 Cpqarray - ok
15:08:26.0578 3648 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:08:26.0578 3648 dac2w2k - ok
15:08:26.0609 3648 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:08:26.0609 3648 dac960nt - ok
15:08:26.0703 3648 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
15:08:26.0703 3648 Disk - ok
15:08:26.0781 3648 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:08:26.0796 3648 dmboot - ok
15:08:26.0859 3648 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:08:26.0859 3648 dmio - ok
15:08:26.0890 3648 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:08:26.0890 3648 dmload - ok
15:08:26.0953 3648 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
15:08:26.0953 3648 DMusic - ok
15:08:27.0000 3648 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:08:27.0000 3648 dpti2o - ok
15:08:27.0046 3648 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
15:08:27.0046 3648 drmkaud - ok
15:08:27.0078 3648 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
15:08:27.0078 3648 drvmcdb - ok
15:08:27.0125 3648 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
15:08:27.0125 3648 drvnddm - ok
15:08:27.0218 3648 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
15:08:27.0234 3648 DSproct - ok
15:08:27.0296 3648 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
15:08:27.0296 3648 dsunidrv - ok
15:08:27.0343 3648 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:08:27.0343 3648 E100B - ok
15:08:27.0437 3648 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:08:27.0437 3648 Fastfat - ok
15:08:27.0515 3648 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:08:27.0515 3648 Fdc - ok
15:08:27.0593 3648 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:08:27.0593 3648 Fips - ok
15:08:27.0640 3648 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:08:27.0640 3648 Flpydisk - ok
15:08:27.0703 3648 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:08:27.0703 3648 FltMgr - ok
15:08:27.0765 3648 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:08:27.0765 3648 Fs_Rec - ok
15:08:27.0812 3648 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:08:27.0812 3648 Ftdisk - ok
15:08:27.0890 3648 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
15:08:27.0890 3648 GEARAspiWDM - ok
15:08:27.0906 3648 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:08:27.0906 3648 Gpc - ok
15:08:27.0984 3648 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:08:27.0984 3648 HidUsb - ok
15:08:28.0031 3648 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:08:28.0031 3648 hpn - ok
15:08:28.0125 3648 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
15:08:28.0140 3648 HSFHWICH - ok
15:08:28.0234 3648 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
15:08:28.0359 3648 HSF_DP - ok
15:08:28.0593 3648 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:08:28.0593 3648 HTTP - ok
15:08:28.0781 3648 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:08:28.0796 3648 i2omgmt - ok
15:08:28.0828 3648 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:08:28.0828 3648 i2omp - ok
15:08:28.0875 3648 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:08:28.0875 3648 i8042prt - ok
15:08:28.0906 3648 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:08:28.0906 3648 Imapi - ok
15:08:28.0953 3648 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:08:28.0953 3648 ini910u - ok
15:08:28.0984 3648 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:08:28.0984 3648 IntelIde - ok
15:08:29.0015 3648 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:08:29.0031 3648 intelppm - ok
15:08:29.0062 3648 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:08:29.0062 3648 Ip6Fw - ok
15:08:29.0109 3648 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:08:29.0109 3648 IpFilterDriver - ok
15:08:29.0156 3648 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:08:29.0156 3648 IpInIp - ok
15:08:29.0203 3648 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:08:29.0218 3648 IpNat - ok
15:08:29.0250 3648 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:08:29.0250 3648 IPSec - ok
15:08:29.0328 3648 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:08:29.0328 3648 IRENUM - ok
15:08:29.0359 3648 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:08:29.0359 3648 isapnp - ok
15:08:29.0406 3648 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
15:08:29.0421 3648 IWCA - ok
15:08:29.0515 3648 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:08:29.0515 3648 Kbdclass - ok
15:08:29.0593 3648 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
15:08:29.0593 3648 kmixer - ok
15:08:29.0718 3648 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:08:29.0718 3648 KSecDD - ok
15:08:29.0796 3648 lbrtfdc - ok
15:08:29.0843 3648 LVPr2Mon (f96cfb47903854f228baaf3e2d41a0a3) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
15:08:29.0843 3648 LVPr2Mon - ok
15:08:29.0953 3648 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
15:08:29.0953 3648 LVUSBSta - ok
15:08:30.0000 3648 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
15:08:30.0000 3648 MBAMProtector - ok
15:08:30.0015 3648 MBAMSwissArmy - ok
15:08:30.0078 3648 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:08:30.0078 3648 mdmxsdk - ok
15:08:30.0093 3648 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:08:30.0093 3648 mnmdd - ok
15:08:30.0140 3648 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:08:30.0140 3648 Modem - ok
15:08:30.0203 3648 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:08:30.0203 3648 Mouclass - ok
15:08:30.0265 3648 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:08:30.0265 3648 mouhid - ok
15:08:30.0296 3648 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:08:30.0296 3648 MountMgr - ok
15:08:30.0406 3648 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
15:08:30.0406 3648 MPE - ok
15:08:30.0531 3648 MPFIREWL (537b049dbaba4febcdaae711c0f2805b) C:\WINDOWS\system32\Drivers\MpFirewall.sys
15:08:30.0546 3648 MPFIREWL - ok
15:08:30.0765 3648 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:08:30.0781 3648 mraid35x - ok
15:08:30.0984 3648 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:08:30.0984 3648 MRxDAV - ok
15:08:31.0140 3648 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:08:31.0140 3648 MRxSmb - ok
15:08:31.0187 3648 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:08:31.0203 3648 Msfs - ok
15:08:31.0250 3648 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:08:31.0250 3648 MSKSSRV - ok
15:08:31.0296 3648 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:08:31.0296 3648 MSPCLOCK - ok
15:08:31.0328 3648 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
15:08:31.0328 3648 MSPQM - ok
15:08:31.0359 3648 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:08:31.0359 3648 mssmbios - ok
15:08:31.0421 3648 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
15:08:31.0421 3648 MSTEE - ok
15:08:31.0515 3648 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:08:31.0515 3648 Mup - ok
15:08:31.0562 3648 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:08:31.0578 3648 NABTSFEC - ok
15:08:31.0703 3648 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:08:31.0703 3648 NDIS - ok
15:08:31.0734 3648 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:08:31.0734 3648 NdisIP - ok
15:08:31.0796 3648 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:08:31.0796 3648 NdisTapi - ok
15:08:31.0843 3648 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:08:31.0843 3648 Ndisuio - ok
15:08:31.0875 3648 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:08:31.0875 3648 NdisWan - ok
15:08:31.0921 3648 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:08:31.0921 3648 NDProxy - ok
15:08:31.0953 3648 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:08:31.0953 3648 NetBIOS - ok
15:08:32.0000 3648 NetBT (0ae50956b77a07dd5ceb5c850b98b765) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:08:32.0015 3648 NetBT ( Rootkit.Win32.ZAccess.k ) - infected
15:08:32.0015 3648 NetBT - detected Rootkit.Win32.ZAccess.k (0)
15:08:32.0078 3648 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:08:32.0078 3648 NIC1394 - ok
15:08:32.0125 3648 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:08:32.0125 3648 Npfs - ok
15:08:32.0171 3648 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:08:32.0187 3648 Ntfs - ok
15:08:32.0234 3648 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:08:32.0234 3648 Null - ok
15:08:32.0328 3648 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:08:32.0375 3648 nv - ok
15:08:32.0484 3648 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:08:32.0484 3648 NwlnkFlt - ok
15:08:32.0500 3648 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:08:32.0500 3648 NwlnkFwd - ok
15:08:32.0593 3648 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:08:32.0593 3648 ohci1394 - ok
15:08:32.0671 3648 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
15:08:32.0671 3648 omci - ok
15:08:32.0750 3648 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:08:32.0750 3648 Parport - ok
15:08:32.0796 3648 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:08:32.0796 3648 PartMgr - ok
15:08:32.0828 3648 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:08:32.0828 3648 ParVdm - ok
15:08:32.0875 3648 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
15:08:32.0875 3648 PCI - ok
15:08:32.0890 3648 PCIDump - ok
15:08:32.0906 3648 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:08:32.0906 3648 PCIIde - ok
15:08:32.0937 3648 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:08:32.0937 3648 Pcmcia - ok
15:08:32.0968 3648 PDCOMP - ok
15:08:32.0984 3648 PDFRAME - ok
15:08:33.0000 3648 PDRELI - ok
15:08:33.0015 3648 PDRFRAME - ok
15:08:33.0046 3648 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:08:33.0046 3648 perc2 - ok
15:08:33.0062 3648 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:08:33.0078 3648 perc2hib - ok
15:08:35.0328 3648 PID_PEPI (4bb5ac2dd485b8eefccb977ee66a68ad) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
15:08:35.0562 3648 PID_PEPI - ok
15:08:35.0859 3648 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:08:35.0859 3648 PptpMiniport - ok
15:08:35.0875 3648 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:08:35.0875 3648 PSched - ok
15:08:35.0906 3648 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:08:35.0906 3648 Ptilink - ok
15:08:35.0937 3648 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:08:35.0937 3648 PxHelp20 - ok
15:08:35.0984 3648 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:08:35.0984 3648 ql1080 - ok
15:08:36.0015 3648 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:08:36.0015 3648 Ql10wnt - ok
15:08:36.0031 3648 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:08:36.0031 3648 ql12160 - ok
15:08:36.0062 3648 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:08:36.0062 3648 ql1240 - ok
15:08:36.0093 3648 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:08:36.0093 3648 ql1280 - ok
15:08:36.0125 3648 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:08:36.0125 3648 RasAcd - ok
15:08:36.0156 3648 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:08:36.0156 3648 Rasl2tp - ok
15:08:36.0203 3648 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:08:36.0203 3648 RasPppoe - ok
15:08:36.0234 3648 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:08:36.0234 3648 Raspti - ok
15:08:36.0265 3648 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:08:36.0265 3648 Rdbss - ok
15:08:36.0296 3648 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:08:36.0296 3648 RDPCDD - ok
15:08:36.0328 3648 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:08:36.0343 3648 rdpdr - ok
15:08:36.0406 3648 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:08:36.0421 3648 RDPWD - ok
15:08:36.0484 3648 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:08:36.0484 3648 redbook - ok
15:08:36.0671 3648 s24trans (81aa6f0d6a2be1c550f814b036215888) C:\WINDOWS\system32\DRIVERS\s24trans.sys
15:08:36.0671 3648 s24trans - ok
15:08:36.0750 3648 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:08:36.0750 3648 sdbus - ok
15:08:36.0875 3648 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:08:36.0875 3648 Secdrv - ok
15:08:36.0906 3648 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:08:36.0906 3648 serenum - ok
15:08:36.0937 3648 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:08:36.0937 3648 Serial - ok
15:08:36.0984 3648 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
15:08:36.0984 3648 sffdisk - ok
15:08:37.0000 3648 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
15:08:37.0000 3648 sffp_sd - ok
15:08:37.0031 3648 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:08:37.0031 3648 Sfloppy - ok
15:08:37.0046 3648 Simbad - ok
15:08:37.0093 3648 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:08:37.0093 3648 sisagp - ok
15:08:37.0156 3648 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:08:37.0156 3648 SLIP - ok
15:08:37.0203 3648 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:08:37.0203 3648 Sparrow - ok
15:08:37.0265 3648 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
15:08:37.0265 3648 splitter - ok
15:08:37.0343 3648 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:08:37.0359 3648 sr - ok
15:08:37.0781 3648 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:08:37.0796 3648 Srv - ok
15:08:38.0000 3648 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
15:08:38.0000 3648 sscdbhk5 - ok
15:08:38.0078 3648 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
15:08:38.0078 3648 ssrtln - ok
15:08:38.0140 3648 STAC97 (19fcec67aaffab07ba358860a602cb4a) C:\WINDOWS\system32\drivers\STAC97.sys
15:08:38.0156 3648 STAC97 - ok
15:08:38.0203 3648 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:08:38.0203 3648 streamip - ok
15:08:38.0250 3648 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:08:38.0250 3648 swenum - ok
15:08:38.0296 3648 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
15:08:38.0296 3648 swmidi - ok
15:08:38.0328 3648 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:08:38.0328 3648 symc810 - ok
15:08:38.0359 3648 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:08:38.0359 3648 symc8xx - ok
15:08:38.0390 3648 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:08:38.0390 3648 sym_hi - ok
15:08:38.0453 3648 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:08:38.0453 3648 sym_u3 - ok
15:08:38.0484 3648 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
15:08:38.0484 3648 sysaudio - ok
15:08:38.0609 3648 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:08:38.0609 3648 Tcpip - ok
15:08:38.0687 3648 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:08:38.0703 3648 TDPIPE - ok
15:08:38.0734 3648 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:08:38.0750 3648 TDTCP - ok
15:08:38.0781 3648 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:08:38.0781 3648 TermDD - ok
15:08:38.0812 3648 TfFsMon (1c7be4e77d42a93e6cd82ef742a50524) C:\WINDOWS\system32\drivers\TfFsMon.sys
15:08:38.0812 3648 TfFsMon - ok
15:08:38.0875 3648 TfNetMon (40d1ad5741204ea83661e1b4d3d0d0c5) C:\WINDOWS\system32\drivers\TfNetMon.sys
15:08:38.0875 3648 TfNetMon - ok
15:08:38.0968 3648 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
15:08:38.0968 3648 tfsnboio - ok
15:08:38.0984 3648 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
15:08:39.0000 3648 tfsncofs - ok
15:08:39.0015 3648 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
15:08:39.0015 3648 tfsndrct - ok
15:08:39.0031 3648 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
15:08:39.0031 3648 tfsndres - ok
15:08:39.0062 3648 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
15:08:39.0078 3648 tfsnifs - ok
15:08:39.0093 3648 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
15:08:39.0093 3648 tfsnopio - ok
15:08:39.0109 3648 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
15:08:39.0109 3648 tfsnpool - ok
15:08:39.0140 3648 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
15:08:39.0140 3648 tfsnudf - ok
15:08:39.0218 3648 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
15:08:39.0218 3648 tfsnudfa - ok
15:08:39.0250 3648 TFSysMon (5d30e224ac2183357cb478b5cb73bd31) C:\WINDOWS\system32\drivers\TfSysMon.sys
15:08:39.0250 3648 TFSysMon - ok
15:08:39.0312 3648 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:08:39.0312 3648 TosIde - ok
15:08:39.0375 3648 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:08:39.0375 3648 Udfs - ok
15:08:39.0437 3648 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:08:39.0453 3648 ultra - ok
15:08:39.0625 3648 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:08:39.0640 3648 Update - ok
15:08:39.0703 3648 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:08:39.0703 3648 USBAAPL - ok
15:08:39.0765 3648 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:08:39.0765 3648 usbccgp - ok
15:08:39.0812 3648 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:08:39.0812 3648 usbehci - ok
15:08:39.0843 3648 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:08:39.0843 3648 usbhub - ok
15:08:39.0875 3648 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:08:39.0875 3648 usbprint - ok
15:08:39.0953 3648 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:08:39.0953 3648 USBSTOR - ok
15:08:39.0984 3648 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:08:39.0984 3648 usbuhci - ok
15:08:40.0046 3648 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:08:40.0046 3648 VgaSave - ok
15:08:40.0250 3648 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:08:40.0281 3648 viaagp - ok
15:08:40.0390 3648 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:08:40.0406 3648 ViaIde - ok
15:08:40.0703 3648 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:08:40.0718 3648 VolSnap - ok
15:08:41.0171 3648 w29n51 (f0f902220910c4fbe42a51964bd33599) C:\WINDOWS\system32\DRIVERS\w29n51.sys
15:08:41.0234 3648 w29n51 - ok
15:08:41.0406 3648 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:08:41.0406 3648 Wanarp - ok
15:08:41.0421 3648 wanatw - ok
15:08:41.0437 3648 WDICA - ok
15:08:41.0484 3648 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
15:08:41.0484 3648 wdmaud - ok
15:08:41.0656 3648 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:08:41.0671 3648 winachsf - ok
15:08:41.0718 3648 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:08:41.0734 3648 WS2IFSL - ok
15:08:41.0781 3648 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:08:41.0781 3648 WSTCODEC - ok
15:08:41.0843 3648 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:08:41.0843 3648 WudfPf - ok
15:08:41.0937 3648 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:08:41.0937 3648 WudfRd - ok
15:08:42.0015 3648 MBR (0x1B8) (ea478e71e39ae36bcf8908f8ee718fd3) \Device\Harddisk0\DR0
15:08:42.0015 3648 \Device\Harddisk0\DR0 - ok
15:08:42.0031 3648 Boot (0x1200) (ff1b56e1fe4c6717eaf76218df8ff745) \Device\Harddisk0\DR0\Partition0
15:08:42.0031 3648 \Device\Harddisk0\DR0\Partition0 - ok
15:08:42.0031 3648 ============================================================
15:08:42.0031 3648 Scan finished
15:08:42.0031 3648 ============================================================
15:08:42.0046 3500 Detected object count: 1
15:08:42.0046 3500 Actual detected object count: 1
15:09:01.0578 3500 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813
15:09:10.0375 3500 Backup copy found, using it..
15:09:10.0562 3500 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
15:09:12.0546 3500 NetBT ( Rootkit.Win32.ZAccess.k ) - User select action: Cure
15:09:35.0265 3172 Deinitialize success


Not yet seen any new ping.exe processes since the reboot, but I'm observing closely...

#8 David B B

David B B
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 09 December 2011 - 06:40 PM

OK, I admit it... I love Kaspersky's TDSSKiller... that's twice in the last 2 weeks
it has saved my hyney.

No new invocations of ping.exe since rebooting. And also, somewhere along the way
the mysterious "random sound file" being played at full volume from my speakers has
been resolved. Very cool, I no longer am periodically scared out of my skin by unexpected
things being blasted out of my speakers.

Gringo, thanks for your help!!!

So, should I take it that we've gotten it finally, or is there anything else you'd like
to do?

David

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:15 PM

Posted 09 December 2011 - 09:45 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 David B B

David B B
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 09 December 2011 - 10:21 PM

Hi there,

C:\Qoobox\Add-Remove doesn't exist... quite possibly because of the rather incomplete run of
combofix previously noted (above).

Do you want me to try to re-run it?

-D

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:15 PM

Posted 10 December 2011 - 03:51 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo

Edited by gringo_pr, 10 December 2011 - 03:52 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 David B B

David B B
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 12 December 2011 - 12:02 PM

Sorry for the delay... I've been out of town for the weekend. I'll start the safe mode combofix in a
few minutes.

Regards,
David

#13 David B B

David B B
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 12 December 2011 - 08:36 PM

Hi again,

Ran combofix as directed. Actually ran it from Safe Mode with Networking
which it turned out was good as it wanted to get a newer version of itself
and it did install Microsoft recovery console first.

It found another rootkit very early on, which it said was infecting my TCP/IP stack.

Here's the log:

ComboFix 11-12-12.02 - dbbianco 12/12/2011 14:33:25.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.802 [GMT -8:00]
Running from: c:\documents and settings\dbbianco\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\336.tmp
C:\34C.tmp
C:\3D2.tmp
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\dbbianco\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\documents and settings\dbbianco\My Documents\~WRL1644.tmp
c:\documents and settings\dbbianco\WINDOWS
c:\windows\$NtUninstallKB26342$
c:\windows\$NtUninstallKB26342$\2479824278
c:\windows\$NtUninstallKB26342$\3262686366\@
c:\windows\$NtUninstallKB26342$\3262686366\bckfg.tmp
c:\windows\$NtUninstallKB26342$\3262686366\cfg.ini
c:\windows\$NtUninstallKB26342$\3262686366\Desktop.ini
c:\windows\$NtUninstallKB26342$\3262686366\keywords
c:\windows\$NtUninstallKB26342$\3262686366\kwrd.dll
c:\windows\$NtUninstallKB26342$\3262686366\L\iahonoel
c:\windows\$NtUninstallKB26342$\3262686366\lsflt7.ver
c:\windows\$NtUninstallKB26342$\3262686366\U\00000001.@
c:\windows\$NtUninstallKB26342$\3262686366\U\00000002.@
c:\windows\$NtUninstallKB26342$\3262686366\U\00000004.@
c:\windows\$NtUninstallKB26342$\3262686366\U\80000000.@
c:\windows\$NtUninstallKB26342$\3262686366\U\80000004.@
c:\windows\$NtUninstallKB26342$\3262686366\U\80000032.@
c:\windows\CSC\d6
c:\windows\Downloaded Installations\BMP
c:\windows\Downloaded Installations\BMP\{A9A9EAFE-569D-4F22-8013-ADDCCEF13A7E}\0x0409.ini
c:\windows\Downloaded Installations\BMP\{A9A9EAFE-569D-4F22-8013-ADDCCEF13A7E}\1033.MST
c:\windows\Downloaded Installations\BMP\{A9A9EAFE-569D-4F22-8013-ADDCCEF13A7E}\BACS.msi
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
c:\windows\system32\bszip.dll
.
Infected copy of c:\windows\system32\drivers\i8042prt.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((( Files Created from 2011-11-12 to 2011-12-12 )))))))))))))))))))))))))))))))
.
.
2011-12-03 05:55 . 2011-12-03 05:55 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-12-02 06:23 . 2011-12-02 06:23 -------- d-----w- c:\documents and settings\dbbianco\Local Settings\Application Data\Threat Expert
2011-12-02 05:32 . 2011-12-02 05:32 -------- d-sh--w- c:\documents and settings\dbbianco\IECompatCache
2011-12-02 04:06 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-02 03:46 . 2010-12-31 17:36 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-12-02 03:46 . 2010-12-31 17:36 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-12-02 03:46 . 2010-12-31 17:36 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-12-02 01:36 . 2011-12-03 03:54 -------- d-----w- c:\program files\PC Tools Security
2011-12-02 01:29 . 2011-12-03 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-09 23:10 . 2004-08-11 22:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-11-09 16:29 . 2011-09-04 04:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 22:29 . 2011-10-24 22:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 22:29 . 2011-10-24 22:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-10 14:22 . 2004-08-11 22:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 13:06 . 2011-08-13 17:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 10:37 . 2011-08-13 17:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2004-08-11 22:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2011-09-26 18:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2004-08-11 22:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2004-08-11 22:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-11 04:44 . 2011-09-03 03:54 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
.
[7] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys
.
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\ksuser.dll
.
[7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-04 03:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys
.
[-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-09-15 17:27 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2004-09-15 17:27 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 10:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-04 344064]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-02-07 606208]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-23 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-12 1005096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-29 217195]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^dbbianco^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\dbbianco\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 14:58 611712 -c--a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-09-13 21:33 155648 ----a-w- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2009-08-04 07:49 318096 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 18:09 460784 -c--a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 17:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 17:24 16384 -c--a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-10-12 21:54 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-12-18 18:24 197928 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-12 01:15 290816 ------w- c:\program files\Dell\Media Experience\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2008-08-21 01:18 443968 -c--a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVR Agent]
2005-04-13 19:46 751104 -c--a-w- c:\program files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 22:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-04-27 23:51 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 17:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-13 22:38 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CbEvtSvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [12/1/2011 7:46 PM 51984]
S0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [12/1/2011 7:46 PM 69392]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 10:25 AM 189736]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 9:52 AM 135664]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/8/2011 9:32 PM 366152]
S2 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?]
S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [4/1/2006 8:19 AM 584960]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 9:52 AM 135664]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/1/2011 8:06 PM 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [12/1/2011 7:46 PM 33552]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2011-12-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-16 02:33]
.
2011-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 17:51]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 17:51]
.
2011-12-10 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-08-25 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.frontiernet.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: live.com\login
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
FF - ProfilePath - c:\documents and settings\dbbianco\Application Data\Mozilla\Firefox\Profiles\skj7xcog.default\
FF - prefs.js: browser.startup.homepage - hxxp://home.frontiernet.net/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{F6BD6330-76F8-44D9-B775-87614E2D8374} - (no file)
SafeBoot-47325213.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-12 14:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
- - - - - - - > 'explorer.exe'(744)
c:\windows\system32\WININET.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
.
**************************************************************************
.
Completion time: 2011-12-12 15:02:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-12 23:02
.
Pre-Run: 4,180,082,688 bytes free
Post-Run: 4,983,005,184 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0200E1B981FE494EA945853815013821

Oh, and now for the "extra combofix report" previously requested:

µTorrent
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Acrobat Elements 6.0
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge 1.0
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Common File Installer
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Center 1.0
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS2
Adobe Reader 6.0.1
Adobe Reader 8.1.1
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Reader 8.1.4
Adobe Reader 8.2.0
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Age of Mythology
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Yahoo! Internet Mail
ATI Control Panel
ATI Display Driver
Autodesk DWF Viewer 7
Bonjour
Broadcom Management Programs 2
Business Contact Manager for Outlook 2003
Carbonite Online Backup Setup
Compatibility Pack for the 2007 Office system
Conexant D110 MDC V.9x Modem
Connect
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Dell Media Experience
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Line Detect
EarthLink setup files
Family Tree Maker
Fiesta Download Manager
FLV Player 2.0 (build 25)
Get High Speed Internet!
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® PROSet/Wireless Software
Intellipoint Pro 6.52
InterActual Player
Internal Network Card Power Management
Internet Explorer Default Page
interneTIFF 8.0-FREE (IE Browser)
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java™ 6 Update 29
kuler
KWorld NB-TV 100 Drivers
Learn2 Player (Uninstall Only)
Lizardtech Express View Browser Plug-in
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Updater
Macromedia Flash Player
Malwarebytes' Anti-Malware version 1.51.2.1300
MapSource
McAfee Personal Firewall Plus
McAfee SecurityCenter
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Small Business Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 6-9 Converter
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Move Networks Media Player for Internet Explorer
Mozilla Firefox 8.0 (x86 en-US)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MSXML4 Parser
mToolkit
Musicmatch for Windows Media Player
mWlsSafe
mXML
mZConfig
Netflix Movie Viewer
NetWaiting
NetZeroInstallers
PDF Settings CS4
Photoshop Camera Raw
Picasa 3
PowerDVD 5.3
PVR Plus
Qualxserve Service Agreement
QuickBooks Simple Start Special Edition
QuickSet
QuickTime
RealPlayer Basic
RegCure
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Skype Click to Call
Skype™ 5.5
Sonic DLA
Sonic MyDVD
Sonic RecordNow! Plus
Sonic Update Manager
Suite Shared Configuration CS4
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebEx
WebFldrs XP
WinAce Archiver
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Install Manager
Yahoo! Toolbar

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:15 PM

Posted 12 December 2011 - 08:49 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 David B B

David B B
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 12 December 2011 - 09:06 PM

You were asking how the system is running now:

- Unless I'm just feeling more optimistic, it feels as though its much more
responsive, both typing and application starts, etc.

Odd Behaviors:
- I have been noting a rather aggravating text editing issue when
in text edit mode on things such as email (or like in these posting windows)... every
so often, it would suddenly decide that the cursor needed to be in some other location
(usually where the mouse cursor got left behind further up the text box) and would reset
itself to be inserting the typed text at that location, not where your text edit cursor
had been... Odd behavior, I know.
- Also, this machine, a dell laptop, has a touchpad. It still works to move the
"mouse cursor", and both left and right buttonclicks are functional. But it
no longer supports the scrolling functions (by sliding along
right side or across bottom of touchpad). Not that I care that much, I mostly use
a USB mouse with the system anyway, so only catches me while on the road without my
mouse. It is just an interesting subfunction that's disappeared over the last week
or so.

Cured parts:
- all periodic "stopped outgoing packet to xxx.xxx.xxx.xxx ip address" warning messages
from Malwarebytes Pro have ceased.
- Still no more ping.exe's getting started, which is great!

I think that's everything I've noticed so far.

Oh, not expecting you to solve the other "odd behaviors" but thought that
maybe they might be another "infection" you've seen or heard of before.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users