Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Alureon.E trojan


  • This topic is locked This topic is locked
8 replies to this topic

#1 Bully601

Bully601

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 30 December 2011 - 02:02 PM

Hi was asked by Boopme to move my problem here the original post is at;
http://www.bleepingcomputer.com/forums/topic434723.html/page__pid__2527635#entry2527635

A brief overview of my problems, Microsoft Security Essentials is currently constantly telling me I have the Alureon.E trojan. However it isn't cleaned up by MSE and this leads to a constant circle of re-boot, scan, re-boot etc.
Other issues which may or may not be connected;
1. I cannot get connected to the internet via my home wireless network. However I can get on via my mobile broadband chip. I'm using a Samsung NC10 netbook.
2. Automatic Updates, which until recently worked quite happily, is stubbornly not updating. I've checked the setting is to automatic but it doesn't seem to work. When I tried to manually download from the Microsoft site I got a page unavailable message. This has happened several times, so i'm assuming it is blocked.

Under instruction I've downloaded DDS and gmer. It didn't seem to like either of them unfortunately. DDS got to the scan phase and then froze when the # were about three quarters of the way across the pop up. I could move the cursor initially but then the whole thing froze and I couldn't shut it down with ctrl, Alt, Delete, so I had to switch off. Tried this three times with the same result. Gmer was worse if anything, immediately I clicked on the icon I had a blue screen and windows went straight to restart. This happened twice.

I've now downloaded and run OTL and the two logs are attached.
OTL Extras logfile created on: 30/12/2011 18:20:02 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\David\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.36 Mb Total Physical Memory | 518.16 Mb Available Physical Memory | 51.08% Memory free
2.39 Gb Paging File | 1.96 Gb Available in Paging File | 82.13% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 41.90 Gb Free Space | 58.97% Space Free | Partition Type: NTFS
Drive D: | 72.00 Gb Total Space | 71.90 Gb Free Space | 99.86% Space Free | Partition Type: NTFS

Computer Name: DAVE | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1714:UDP" = 1714:UDP:*:Enabled:Windows Media Format SDK (ping.exe)
"1715:UDP" = 1715:UDP:*:Enabled:Windows Media Format SDK (ping.exe)
"1717:UDP" = 1717:UDP:*:Enabled:Windows Media Format SDK (ping.exe)
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\WINDOWS\TEMP\kpcytw\setup.exe" = C:\WINDOWS\TEMP\kpcytw\setup.exe:*:Enabled:setup -- ()
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09234F0D-5971-4701-94EE-89CB6926E273}" = Serif PhotoPlus SE
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1943A043-5C85-4A16-A0D0-D687B2C1A40F}" = VirtualCom driver
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 17
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5CBB720F-08E6-4043-B83F-76C277AF6DE7}" = Samsung Wallpaper
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Driver
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{d6bf2774-89f7-4fb3-9020-b727b4ce4205}" = Nero 9 Essentials
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{D98C9637-93DA-44DB-B73A-B11A1192AB26}" = GameShadow
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}" = Atheros WLAN Client
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
"HDMI" = Intel® Graphics Media Accelerator Driver
"Huawei Modems" = Huawei Modems
"ie8" = Windows Internet Explorer 8
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSNINST" = MSN
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"Rapport_msi" = Rapport
"SAMSUNG Android USB Modem" = SAMSUNG Android USB Modem Software
"SAMSUNG HSPA Modem" = SAMSUNG HSPA Modem Software
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29/12/2011 17:37:24 | Computer Name = DAVE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 29/12/2011 17:54:37 | Computer Name = DAVE | Source = Microsoft Security Client | ID = 5000
Description =

Error - 29/12/2011 18:04:49 | Computer Name = DAVE | Source = Microsoft Security Client | ID = 5000
Description =

Error - 29/12/2011 18:15:42 | Computer Name = DAVE | Source = Microsoft Security Client | ID = 5000
Description =

Error - 29/12/2011 18:23:27 | Computer Name = DAVE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 29/12/2011 18:50:53 | Computer Name = DAVE | Source = Microsoft Security Client | ID = 5000
Description =

Error - 29/12/2011 18:58:40 | Computer Name = DAVE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 29/12/2011 20:00:40 | Computer Name = DAVE | Source = MobileBroadband | ID = 0
Description = VmcStatus:AcquireVmcMutex: Object reference not set to an instance
of an object. PID=3740

Error - 30/12/2011 14:06:25 | Computer Name = DAVE | Source = Microsoft Security Client | ID = 5000
Description =

Error - 30/12/2011 14:13:33 | Computer Name = DAVE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 29/12/2011 18:50:52 | Computer Name = DAVE | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition3
(Type 17) Detection Origin: %%845 Detection Type: %%822 Detection Source: %%820 User:
DAVE\David Process Name: Unknown Action: %%809 Action Status: To finish removing
malware and other potentially unwanted software, restart the computer. To see how
to finish removing malware and other potentially unwanted software, see the support
article on the Microsoft Security website. Error Code: 0x80070032 Error description:
The request is not supported. Signature Version: AV: 1.117.1743.0, AS: 1.117.1743.0,
NIS: 0.0.0.0 Engine Version: AM: 1.1.7903.0, NIS: 0.0.0.0

Error - 29/12/2011 18:58:39 | Computer Name = DAVE | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.117.1743.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 29/12/2011 19:00:00 | Computer Name = DAVE | Source = Schedule | ID = 7901
Description = The At24.job command failed to start due to the following error: %%2147942402

Error - 29/12/2011 19:00:00 | Computer Name = DAVE | Source = Schedule | ID = 7901
Description = The At48.job command failed to start due to the following error: %%2147942402

Error - 30/12/2011 14:04:00 | Computer Name = DAVE | Source = Service Control Manager | ID = 7003
Description = The DHCP Client service depends on the following nonexistent service:
NetBT

Error - 30/12/2011 14:04:00 | Computer Name = DAVE | Source = Service Control Manager | ID = 7003
Description = The TCP/IP NetBIOS Helper service depends on the following nonexistent
service: NetBT

Error - 30/12/2011 14:04:01 | Computer Name = DAVE | Source = Service Control Manager | ID = 7000
Description = The Nero BackItUp Scheduler 4.0 service failed to start due to the
following error: %%2

Error - 30/12/2011 14:06:24 | Computer Name = DAVE | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition3
(Type 17) Detection Origin: %%845 Detection Type: %%822 Detection Source: %%820 User:
DAVE\David Process Name: Unknown Action: %%808 Action Status: To finish removing
malware and other potentially unwanted software, restart the computer. To see how
to finish removing malware and other potentially unwanted software, see the support
article on the Microsoft Security website. Error Code: 0x800704ec Error description:
Windows cannot open this program because it has been prevented by a software restriction
policy. For more information, open Event Viewer or contact your system administrator.
Signature Version: AV: 1.117.1743.0, AS: 1.117.1743.0, NIS: 0.0.0.0 Engine Version:
AM: 1.1.7903.0, NIS: 0.0.0.0

Error - 30/12/2011 14:06:24 | Computer Name = DAVE | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=2147650952

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition3
(Type 17) Detection Origin: %%845 Detection Type: %%822 Detection Source: %%820 User:
DAVE\David Process Name: Unknown Action: %%809 Action Status: To finish removing
malware and other potentially unwanted software, restart the computer. To see how
to finish removing malware and other potentially unwanted software, see the support
article on the Microsoft Security website. Error Code: 0x80070032 Error description:
The request is not supported. Signature Version: AV: 1.117.1743.0, AS: 1.117.1743.0,
NIS: 0.0.0.0 Engine Version: AM: 1.1.7903.0, NIS: 0.0.0.0

Error - 30/12/2011 14:13:32 | Computer Name = DAVE | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.117.1743.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.


< End of report >

OTL logfile created on: 30/12/2011 18:20:02 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\David\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.36 Mb Total Physical Memory | 518.16 Mb Available Physical Memory | 51.08% Memory free
2.39 Gb Paging File | 1.96 Gb Available in Paging File | 82.13% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 41.90 Gb Free Space | 58.97% Space Free | Partition Type: NTFS
Drive D: | 72.00 Gb Total Space | 71.90 Gb Free Space | 99.86% Space Free | Partition Type: NTFS

Computer Name: DAVE | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\David\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Program Files\Samsung\MagicKBD\PerformanceManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\MagicKBD\MagicKBD.exe (SAMSUNG Electronics Co., Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Model.Conn#\653fd3c5042285fefc769377a8c5b7fc\Vodafone.Model.Connection.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Model.Shor#\61c325561b096d0a1b2cc20dbee28b9c\Vodafone.Model.Shortcut.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Manag#\aac05a545bb1208e5249a6a7c3ca9c95\Vodafone.View.ManagedToolTip.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Shared\1f7b6d551ae2ec4bae99a127ac22bbcd\Vodafone.View.Shared.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Secon#\92abcef972d4bc53295b6fe280276f04\Vodafone.View.SecondaryWindows.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.BusinessLo#\f1788b496266756174172e18e3feeb0a\Vodafone.BusinessLogic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Vpn\ce98b15fed44970aaa6c605224f7f5f7\Vodafone.Vpn.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.CoreI#\bce4a3988100faed0f620d15d974bcff\Vodafone.Core.CoreInstanceProvider.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.LanWlanMan#\9ac8d2e70fe8da665aa06ef4ce7654bc\Vodafone.LanWlanManager.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Inter#\4e8f15d2e4ff0474270044f4230f360b\Vodafone.Core.Interfaces.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.Shell32\b374e487a634d465b01895af510f2866\Interop.Shell32.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.WwanWrapper\d7799062515d9c3d702fd44585505ba4\Vodafone.WwanWrapper.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.TrafficOpt#\d92d80276d9cea4a620d3b9978c506ee\Vodafone.TrafficOptimiser.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Connection#\1946757432576625014c0acdd807d7cf\Vodafone.ConnectionServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.MbbManagem#\8cc27b9ad19d67b47bd5f12c0a83152f\Vodafone.MbbManagement.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\fb6569646c51dfb8f2eae4cd5263aa67\Vodafone.DeviceAccess.Internals.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\b6e5dc8fe5c582ccc04679c4820f40a8\Vodafone.DeviceAccess.Interfaces.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\af9663bcb18e40d8990f0ae90acd1ae5\Vodafone.DeviceAccess.Factory.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Remot#\d36c73def11bcba978028112394e9afd\Vodafone.Core.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Common.Logging\f1a66765197bfa9b64ea531e3884e0e1\Common.Logging.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Spring.Core\ea2736cbbbd2be296533e81b579535c5\Spring.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\7581493c53dd7e2b9d26157fa6da1198\Vodafone.Contracts.Adapter.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.InstancePr#\57190e561eca8f0ed429ea2a19c06cdb\Vodafone.InstanceProvider.Impl.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.U#\d9c2ecae91274a67ffdd7fe76bd71283\Infragistics2.Win.UltraWinEditors.v9.2.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.M#\23f539c66b6e264371821d5114840a37\Infragistics2.Win.Misc.v9.2.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.v#\9c4ca25a6423f118007d27e10125b8a5\Infragistics2.Win.v9.2.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Infragistics2.Share#\50f80f799604db1a7b12fa91daa22655\Infragistics2.Shared.v9.2.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.U#\6f00c977da49ede39140646c283a589a\Infragistics2.Win.UltraWinToolbars.v9.2.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\50626f0723492cbf9f8d745821a83f27\Vodafone.Contracts.View.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Contr#\9daaf62b6737fa8bea926e969976aa72\Vodafone.Core.Contracts.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\70ed55937e9a5b0d4d4c21e773b48d6e\Vodafone.DeviceAccess.Contracts.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\271e395b6c46a7fc35a5b2c55001189d\Interop.FNCClient11Lib.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\9fe66697c384e9635528dd56dc388020\Vodafone.Contracts.Model.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.UpdateMana#\b054a3588aa83d9e80d3f6cb353ac71c\Vodafone.UpdateManager.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Inter#\4d531965e1475c755de1b01fdc32021e\Vodafone.Base.Internals.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Facto#\1faece9b34ad9571b358a4bce1ff9fad\Vodafone.Base.Factory.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Connection#\00800734f2b7d8675a47ef751fafe91d\Vodafone.ConnectionManagement.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\be08c7a095cc99115261b644282eb94d\Vodafone.Contracts.Common.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.ReportingM#\799589d5f58160b46c58f27c690bfda5\Vodafone.ReportingManager.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\f3a7fee0c05e8267c53169b3b7ad1229\Vodafone.Contracts.Presenter.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsContact#\9452230c542c2e6690567b97440008e0\Vodafone.SmsContactManager.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.OutlookCon#\d377ae9934cb7d8d1c72ec78a41dcba4\Vodafone.OutlookConnector.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.CommonDial#\61bf2ed3a249e3c0d43dfeaf4171b709\Vodafone.CommonDialogs.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Applicatio#\4396f5f2c049de070efed5461b9304ca\Vodafone.ApplicationHost.Impl.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsProfile#\c1566571011c365d3e99f979341cc5fc\Vodafone.SmsProfileManager.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.SettingsMa#\31305ba7214916b30bff9069b0b683b9\Vodafone.SettingsManager.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.DataAccess#\bfddb7c46741f6b332dcd553055c01b0\Vodafone.DataAccessor.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.NtServiceM#\90a336231466e500f288fa9170d675d3\Vodafone.NtServiceMessaging.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Win32\517385a5f1c625f452e75109106c767a\Vodafone.Base.Win32.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MobileBroadbandReso#\c0dbbc6d1f2c087d650dc7f6880d801d\MobileBroadbandResources.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.MobileBroa#\2693feb55c5468a29b3344ff8a59a333\Vodafone.MobileBroadband.CallbackHandler.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Common\97ce49466bbaa4a9e169f6945519e4dc\Vodafone.Common.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Data\3d9801a64a8a4bce2dd55e3b01b75924\Vodafone.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Contr#\56a5730b00a44855e3d06432c2b52e56\Vodafone.Base.Contracts.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.Platform\274ef6ae58cc506f8d413f374bf9222f\Vodafone.Platform.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Vodafone.LogEngine\9f17e21dd7daf1700c6848905e506e77\Vodafone.LogEngine.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MobileBroadband\92e8a611e8e366d5e0a81415b87caa3a\MobileBroadband.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6303e256d2ac0843c3e4c24172c90544\System.Web.Services.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll ()
MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\QuickTime\QTSystem\QTCF.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll ()
MOD - C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()
MOD - C:\Program Files\Samsung\MagicKBD\EasyBoxDll.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Nero BackItUp Scheduler 4.0) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (VmbService) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Samsung Update Plus) -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (MpKsl8f3fa7c1) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C2AE9808-EEBB-46AD-B1BB-11C9E5113AB7}\MpKsl8f3fa7c1.sys (Microsoft Corporation)
DRV - (RapportCerberus_34302) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ()
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (RapportIaso) -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys (Trusteer Ltd.)
DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (vodafone_K3805-z_dc_enum) -- C:\WINDOWS\system32\drivers\vodafone_K3805-z_dc_enum.sys (Vodafone)
DRV - (mdvrmng) -- C:\WINDOWS\system32\drivers\mdvrmng.sys ()
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (androidusb) -- C:\WINDOWS\system32\drivers\ssadadb.sys (Google Inc)
DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (hspamdm) -- C:\WINDOWS\system32\drivers\hspamdm.sys (MCCI Corporation)
DRV - (hspaserd) SAMSUNG HSPA Modem Diagnostic Serial Port (WDM) -- C:\WINDOWS\system32\drivers\hspaserd.sys (MCCI Corporation)
DRV - (hspamdfl) -- C:\WINDOWS\system32\drivers\hspamdfl.sys (MCCI Corporation)
DRV - (hspabus) SAMSUNG HSPA USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\hspabus.sys (MCCI Corporation)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (VMC326) -- C:\WINDOWS\system32\drivers\VMC326.sys (Vimicro Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI)
DRV - (DNSeFilter) -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS (Samsung Electronics,.LTD)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (SUEPD) -- C:\WINDOWS\system32\drivers\SUE_PD.sys (Samsung)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2867498254-2932619721-879753243-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKU\S-1-5-21-2867498254-2932619721-879753243-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2867498254-2932619721-879753243-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2867498254-2932619721-879753243-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2867498254-2932619721-879753243-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
IE - HKU\S-1-5-21-2867498254-2932619721-879753243-1008\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2867498254-2932619721-879753243-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2867498254-2932619721-879753243-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)


[2009/10/20 18:31:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions
[2009/10/20 18:31:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions\mozswing@mozswing.org

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)
O4 - HKLM..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD)
O4 - HKLM..\Run: [MagicKeyboard] C:\Program Files\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [MobileConnectCommonDialogs] c:\program files\vodafone\vodafone mobile connect\bin\sl-si\vodafonemobile.exe File not found
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [setup2kInstallShield] C:\program files\installshield installation information\{bae68339-b0f6-4d33-9554-5a3db2dff5da}\setup2ksetup.exe File not found
O4 - HKLM..\Run: [setup7Setup] C:\program files\installshield installation information\{f132af7f-7bca-4ede-8a7c-958108fe7dbc}\setupsetup7.exe File not found
O4 - HKLM..\Run: [setup7setup7] c:\program files\installshield installation information\{f132af7f-7bca-4ede-8a7c-958108fe7dbc}\setupsetup7.exe File not found
O4 - HKU\S-1-5-21-2867498254-2932619721-879753243-1008..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\RunServices: [InstallShieldsetup2k] C:\program files\installshield installation information\{bae68339-b0f6-4d33-9554-5a3db2dff5da}\setup2ksetup.exe File not found
O4 - HKLM..\RunServices: [Setup2kISPNickel] c:\program files\installshield installation information\{bae68339-b0f6-4d33-9554-5a3db2dff5da}\setup2ksetup.exe File not found
O4 - HKLM..\RunServices: [Setupsetup7] C:\program files\installshield installation information\{f132af7f-7bca-4ede-8a7c-958108fe7dbc}\setupsetup7.exe File not found
O4 - HKLM..\RunServices: [WorksWorks9.06.0822.0] c:\program files\microsoft works\1033\workswkimglng.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Update Agent.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2867498254-2932619721-879753243-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab (TraderMediaImgX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2867498254-2932619721-879753243-1008 Winlogon: Shell - (硅汰牯牥攮數dows\w) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/02 01:50:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4755fce1-3e8e-11df-9717-0024540078e2}\Shell - "" = AutoRun
O33 - MountPoints2\{4755fce1-3e8e-11df-9717-0024540078e2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4755fce1-3e8e-11df-9717-0024540078e2}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7010fb9d-fe74-11e0-99c0-0024540078e2}\Shell - "" = AutoRun
O33 - MountPoints2\{7010fb9d-fe74-11e0-99c0-0024540078e2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7010fb9d-fe74-11e0-99c0-0024540078e2}\Shell\AutoRun\command - "" = E:\picasa36-setup.exe
O33 - MountPoints2\{aca6ffba-490f-11de-8e15-001377b526a5}\Shell - "" = AutoRun
O33 - MountPoints2\{aca6ffba-490f-11de-8e15-001377b526a5}\Shell\1\Command - "" = Recycle.exe
O33 - MountPoints2\{aca6ffba-490f-11de-8e15-001377b526a5}\Shell\2\Command - "" = Recycle.exe
O33 - MountPoints2\{aca6ffba-490f-11de-8e15-001377b526a5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aca6ffba-490f-11de-8e15-001377b526a5}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycle.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/30 18:16:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2011/12/29 22:11:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\gmer
[2011/12/29 21:42:13 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\David\Desktop\dds.scr
[2011/12/28 21:35:08 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/12/28 21:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\tdsskiller
[2011/12/27 16:39:37 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\73365391.sys
[2011/12/24 13:14:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Local Settings\Application Data\PCHealth
[2011/12/24 13:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/12/24 13:11:12 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/12/22 23:50:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/12/20 11:17:56 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/12/20 11:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/20 10:58:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/12/05 21:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Usg
[2011/12/05 21:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Yzisavf
[2011/12/02 10:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\Utility Bills
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/30 18:16:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2011/12/30 18:08:22 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/30 18:03:41 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/30 18:03:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/30 18:03:03 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/29 23:44:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/29 23:43:36 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/29 23:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2011/12/29 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/12/29 22:10:00 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\David\Desktop\gmer.zip
[2011/12/29 21:42:15 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\David\Desktop\dds.scr
[2011/12/28 22:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2011/12/28 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/12/28 21:29:25 | 001,558,406 | ---- | M] () -- C:\Documents and Settings\David\Desktop\tdsskiller.zip
[2011/12/28 21:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2011/12/28 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/12/28 15:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2011/12/28 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/12/28 14:55:25 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/28 14:55:25 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 14:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2011/12/28 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/12/27 17:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2011/12/27 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/12/27 16:39:38 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\73365391.sys
[2011/12/27 16:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2011/12/27 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/12/27 12:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2011/12/27 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/12/27 11:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2011/12/27 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/12/26 10:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2011/12/26 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/12/26 01:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2011/12/26 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/12/26 00:50:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2011/12/26 00:50:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/12/25 22:45:06 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/12/25 22:45:06 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Windows Media Player.lnk
[2011/12/22 23:39:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/21 20:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2011/12/21 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/12/20 12:01:26 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/20 11:05:37 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/12/18 13:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2011/12/18 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/12/12 07:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2011/12/12 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/09 09:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2011/12/09 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/12/06 19:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2011/12/06 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/12/04 08:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2011/12/04 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/12/04 07:26:10 | 000,015,038 | -HS- | M] () -- C:\Documents and Settings\David\Local Settings\Application Data\atvt6u57u8v850sj3n62hup2cpkk41m827e7h6f6x2
[2011/12/04 07:26:10 | 000,015,038 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\atvt6u57u8v850sj3n62hup2cpkk41m827e7h6f6x2
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/29 22:10:06 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\David\Desktop\gmer.zip
[2011/12/28 21:29:21 | 001,558,406 | ---- | C] () -- C:\Documents and Settings\David\Desktop\tdsskiller.zip
[2011/12/28 14:55:25 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/28 14:55:25 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/20 11:10:27 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/20 11:05:37 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/12/20 11:05:07 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/02 23:25:00 | 000,015,038 | -HS- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\atvt6u57u8v850sj3n62hup2cpkk41m827e7h6f6x2
[2011/12/02 23:25:00 | 000,015,038 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\atvt6u57u8v850sj3n62hup2cpkk41m827e7h6f6x2
[2011/11/21 22:50:52 | 000,000,017 | ---- | C] () -- C:\WINDOWS\keys.ini
[2011/11/13 00:58:19 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/11/12 23:36:29 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6k20NnT8.exe_.b
[2011/11/12 23:36:29 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6k20NnT8.exe.b
[2011/11/12 23:34:11 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ej3rBvy4.dat
[2011/11/08 00:10:18 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SimReader.dll
[2011/11/08 00:10:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ToolBx.dll
[2011/11/08 00:10:15 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\CallSimReader.dll
[2011/11/07 14:08:09 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/26 14:10:03 | 000,183,536 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/31 11:48:56 | 000,208,552 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2010/04/02 19:34:49 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2010/04/02 19:33:09 | 000,069,361 | ---- | C] () -- C:\WINDOWS\Huawei ModemsUninstall.exe
[2010/02/25 23:38:14 | 000,000,207 | ---- | C] () -- C:\Documents and Settings\David\Application Data\default.rss
[2010/02/25 23:36:01 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/22 14:52:15 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/02/22 14:52:15 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/02/22 14:51:57 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\David\Application Data\$_hpcst$.hpc
[2010/02/22 13:29:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010/02/22 13:24:59 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/10/20 18:17:26 | 000,056,136 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/26 21:40:56 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/25 17:56:22 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\David_KBD.ini
[2009/08/21 16:58:40 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\AitVirtualComInstall.exe
[2009/07/20 20:10:48 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\InstallVCOM.exe
[2009/07/17 09:33:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/04/02 02:09:46 | 000,307,200 | ---- | C] () -- C:\WINDOWS\SetDisplayResolution.exe
[2009/04/02 02:03:01 | 000,000,002 | ---- | C] () -- C:\WINDOWS\HotFixList.ini
[2009/04/02 02:02:55 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2009/04/02 02:02:55 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Owner_KBD.ini
[2009/04/02 02:02:52 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2009/04/02 02:02:52 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2009/04/02 02:02:52 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2009/04/02 02:02:52 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2009/04/02 02:02:52 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2009/04/02 02:02:52 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2009/04/02 02:02:52 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2009/04/02 02:02:52 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2009/04/02 02:02:52 | 000,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI
[2009/04/02 02:02:52 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2009/04/02 02:02:52 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2009/04/02 02:02:52 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI
[2009/04/02 02:02:52 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2009/04/02 02:02:52 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
[2009/04/02 02:02:52 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI
[2009/04/02 02:02:52 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2009/04/02 02:02:52 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2009/04/02 02:00:41 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini
[2009/04/02 02:00:41 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini
[2009/04/02 01:57:20 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/04/02 01:54:51 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Marker.exe
[2009/04/02 01:54:50 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2009/04/02 01:53:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/02 01:48:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/04/02 00:30:56 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/04/02 00:30:22 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/04/02 00:30:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/04/02 00:30:21 | 000,483,614 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/02 00:30:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/04/02 00:30:21 | 000,087,158 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/02 00:30:21 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/04/02 00:30:21 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/04/02 00:30:19 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/04/02 00:30:17 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/04/02 00:30:17 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/04/02 00:30:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/04/02 00:30:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/04/01 17:42:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/01 17:41:55 | 000,271,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/04 17:39:34 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\ViaClassCoInstaller.dll_rename
[2008/05/04 17:39:34 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\ViaClassCoInstaller.dll
[2007/02/27 00:49:12 | 006,139,774 | ---- | C] () -- C:\WINDOWS\imagine digital freedom.dat

< End of report >

Thanks for your help guys.

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,631 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:38 PM

Posted 05 January 2012 - 04:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/435381 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Bully601

Bully601
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 05 January 2012 - 05:16 PM

An overview of my problems, Microsoft Security Essentials is currently constantly telling me I have the Alureon.E trojan. However it isn't cleaned up by MSE and this leads to a constant circle of re-boot, scan, re-boot etc.
Other issues which may or may not be connected;
1. I cannot get connected to the internet via my home wireless network. However I can get on via my mobile broadband chip. I'm using a Samsung NC10 netbook.
2. Automatic Updates, which until recently worked quite happily, is stubbornly not updating. Every time I boot up I get a warning box saying Automatic Updates is switched off. I've checked the setting is to automatic but it doesn't seem to work. When I tried to manually download from the Microsoft site I got a page unavailable message. This has happened several times, so i'm assuming it is blocked.

Under instruction I've downloaded DDS and gmer. It didn't seem to like either of them unfortunately. DDS got to the scan phase and then froze when the # were about three quarters of the way across the pop up. I could move the cursor initially but then the whole thing froze and I couldn't shut it down with ctrl, Alt, Delete, so I had to switch off. Tried this four times now with the same result. Gmer was worse if anything, immediately I clicked on the icon I had a blue screen and windows went straight to restart. This happened twice and a third time just now when I tried again.
I've now downloaded and run OTL and the two logs are above.

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:38 PM

Posted 06 January 2012 - 11:46 AM

Hi,

ok. Can you create a live flash drive?

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK and make sure to select the downloaded ISO file as source and don't let the installer get the linux from th internet.
  • It will install a little bootable OS on your USB
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • You will see a list of folders: sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB, please open that and confirm it's your flash drive.
  • If it is your flash drive press Tool at the top
  • Choose Open Terminal
  • Type in: dd if=/dev/sda of=MBRbackup.zip bs=512 count=1 and hit Enter.

MBRbackup.zip should be created on your flash drive, please attach it to your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Bully601

Bully601
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 07 January 2012 - 11:19 AM

Hi, thanks for taking the time to help. I've got the xpud on a USB stick but I can't seem to get it to boot up via the USB. I'm using a Samsung NC10 netbook. When I press F12 it goes to the black screen with cursor and typing temporarily but after a few seconds it carries on loading windows. There's some sort of inbuilt system restore which can be triggered by pressing F4 on boot up but there was no option to boot from the USB. Shall I try all the F buttons to see if I can get one of them to do it or is there another method for re-booting?

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:38 PM

Posted 07 January 2012 - 11:35 AM

Hi,

try pressing F2 to enter the BIOS. The reset menu will reset the PC to factory settings. This is only advisable if you have all data on the PC backed up as it will be gone otherwise.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Bully601

Bully601
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 10 January 2012 - 04:25 PM

Hi sorry for the delay in replying but I can't get internet access at work at the moment. Before I do the next step just a quick question. My netbook wasn't loaded with Microsoft office when I got it, I downloaded it afterwards. Will I lose it if I do the USB boot and if so how do I back it up?

Thanks

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:38 PM

Posted 11 January 2012 - 04:32 PM

Hi,

if you only boot from the USB to get the MBR dump nothing will change. We only read something from your system, and don't do any physical changes.

If you reset the PC to factory settings, your office version would be lost.
Depending on your version you may be able to download it form here again: http://www.microsoft.com/office/downloads/

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:38 PM

Posted 17 January 2012 - 10:37 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users