Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

mediashifting virus - Possibly other infections


  • This topic is locked This topic is locked
15 replies to this topic

#1 Specter1075

Specter1075

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 25 January 2012 - 09:10 PM

Hello all,

I usually do a fairly good job of avoiding overly malicious software, but Ive picked up this mediashifting virus and have not made any progress against it. I ran Malwarebytes Anti Malware, Microsoft Security Essentials, SUPERAnti Spyware, and Spybot a couple of times each. (Not at the same time, of course). They found the usual cookies, and a couple trojan instances. By last night, Microsoft's program was no longer finding issues, but going on the net instantly reveals the mediashifting bug. Google search results are always redirected, and pop ups try to take me to mediashifting.com, but the website no longer exists. (Luckily)

So, having followed the procedures stuck to the top of this forum, I am attaching the required information.

Thank you in advance for your time! I really appreciate it!!

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_24
Run by Chris at 18:55:13 on 2012-01-25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1595 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ITECIR\RemoteControlService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
"C:\WINDOWS\system32\svchost.exe"
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge]
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 64.71.255.198
TCP: Interfaces\{57100854-6EF9-4869-9D6C-76FDFCFA064B} : DhcpNameServer = 64.71.255.198
TCP: Interfaces\{5F4E6888-1A23-455B-AD61-496786657550} : DhcpNameServer = 192.168.1.4 192.168.1.2
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\chris\application data\mozilla\firefox\profiles\bssczbqv.default\
FF - prefs.js: browser.startup.homepage - hxxp://grrm.livejournal.com/
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\chris\application data\neulion\adaptiveplugin\npadaptiveplugin_1_6_5_7131.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 ITECIRService;ITE Remote Controler service;c:\program files\itecir\RemoteControlService.exe [2010-2-26 656896]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-2-26 10384]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-3-10 86016]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [2006-4-21 70912]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 ITECIR;ITE EC CIR Driver (PMC);c:\windows\system32\drivers\ITECIR.sys [2010-2-26 7808]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
S1 MpKsl5391f7ec;MpKsl5391f7ec;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5756fdf1-e4f7-4292-869e-e576525bffe9}\mpksl5391f7ec.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5756fdf1-e4f7-4292-869e-e576525bffe9}\MpKsl5391f7ec.sys [?]
S1 MpKsldee015ff;MpKsldee015ff;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aa6ae902-9667-4465-b788-8bd8331a06b6}\mpksldee015ff.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{aa6ae902-9667-4465-b788-8bd8331a06b6}\MpKsldee015ff.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-13 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2011-5-13 16512]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-13 136176]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-5-13 84240]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-12-23 9216]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-10-24 30576]
S3 SinoTPM;Driver For SINOSUN Trusted Platform Module;c:\windows\system32\drivers\SinoTpm.sys [2010-2-26 34048]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM106.sys [2010-3-11 1506304]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-8-8 11520]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\ZTEusbvoice.sys [2010-12-23 105088]
.
=============== Created Last 30 ================
.
2012-01-25 03:11:00 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c3d47225-a4f2-4fde-91bd-d827b44e2543}\mpengine.dll
2012-01-23 22:31:02 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-01-23 22:29:23 295752 ----a-w- c:\windows\system32\shimg.dll
2012-01-23 22:29:17 -------- d-sh--w- c:\documents and settings\chris\local settings\application data\d8560de0
2012-01-14 03:25:21 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2012-01-14 03:07:41 -------- d-----w- c:\program files\MSXML 4.0
2012-01-13 00:12:04 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2012-01-13 00:12:04 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2012-01-12 23:35:28 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-12 23:35:28 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-12 23:35:28 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-12 23:35:28 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
.
==================== Find3M ====================
.
2012-01-13 00:12:39 240608 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-01-13 00:12:39 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-01-13 00:12:37 240608 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
============= FINISH: 18:56:04.96 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:15 PM

Posted 26 January 2012 - 04:19 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
Agent ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Specter1075

Specter1075
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 26 January 2012 - 03:35 PM

Hi Agent ST!

Thank you so much for your time and help! I appreciate it very much!

I have not used the computer since creating this topic, so I cant comment too much with regards to changes in the computer's behavior.

As per your instructions:

TDSSKiller results:

15:13:32.0140 0624 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
15:13:32.0453 0624 ============================================================
15:13:32.0453 0624 Current date / time: 2012/01/26 15:13:32.0453
15:13:32.0453 0624 SystemInfo:
15:13:32.0453 0624
15:13:32.0453 0624 OS Version: 5.1.2600 ServicePack: 3.0
15:13:32.0453 0624 Product type: Workstation
15:13:32.0453 0624 ComputerName: ADMIN-F8FA5483E
15:13:32.0453 0624 UserName: Chris
15:13:32.0453 0624 Windows directory: C:\WINDOWS
15:13:32.0453 0624 System windows directory: C:\WINDOWS
15:13:32.0453 0624 Processor architecture: Intel x86
15:13:32.0453 0624 Number of processors: 2
15:13:32.0453 0624 Page size: 0x1000
15:13:32.0453 0624 Boot type: Normal boot
15:13:32.0453 0624 ============================================================
15:13:34.0109 0624 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:13:34.0156 0624 Initialize success
15:14:01.0687 2276 ============================================================
15:14:01.0687 2276 Scan started
15:14:01.0687 2276 Mode: Manual; SigCheck; TDLFS;
15:14:01.0687 2276 ============================================================
15:14:01.0968 2276 Abiosdsk - ok
15:14:02.0000 2276 abp480n5 - ok
15:14:02.0046 2276 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:14:02.0796 2276 ACPI - ok
15:14:02.0906 2276 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:14:03.0015 2276 ACPIEC - ok
15:14:03.0062 2276 adpu160m - ok
15:14:03.0109 2276 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:14:03.0203 2276 aec - ok
15:14:03.0250 2276 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:14:03.0296 2276 AFD - ok
15:14:03.0312 2276 Aha154x - ok
15:14:03.0312 2276 aic78u2 - ok
15:14:03.0328 2276 aic78xx - ok
15:14:03.0328 2276 AliIde - ok
15:14:03.0343 2276 amsint - ok
15:14:03.0375 2276 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:14:03.0484 2276 Arp1394 - ok
15:14:03.0484 2276 asc - ok
15:14:03.0500 2276 asc3350p - ok
15:14:03.0515 2276 asc3550 - ok
15:14:03.0531 2276 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
15:14:03.0546 2276 ASPI ( UnsignedFile.Multi.Generic ) - warning
15:14:03.0546 2276 ASPI - detected UnsignedFile.Multi.Generic (1)
15:14:03.0546 2276 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:14:03.0625 2276 AsyncMac - ok
15:14:03.0640 2276 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:14:03.0718 2276 atapi - ok
15:14:03.0718 2276 Atdisk - ok
15:14:03.0781 2276 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
15:14:03.0796 2276 atksgt - ok
15:14:03.0843 2276 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:14:03.0906 2276 Atmarpc - ok
15:14:03.0937 2276 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:14:04.0015 2276 audstub - ok
15:14:04.0031 2276 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:14:04.0125 2276 Beep - ok
15:14:04.0171 2276 Cam5603D (ec69687165bfe4eecbee29dcb2ee3121) C:\WINDOWS\system32\Drivers\BisonCam.sys
15:14:04.0234 2276 Cam5603D - ok
15:14:04.0250 2276 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:14:04.0328 2276 cbidf2k - ok
15:14:04.0328 2276 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:14:04.0406 2276 CCDECODE - ok
15:14:04.0406 2276 cd20xrnt - ok
15:14:04.0421 2276 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:14:04.0484 2276 Cdaudio - ok
15:14:04.0500 2276 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:14:04.0578 2276 Cdfs - ok
15:14:04.0593 2276 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:14:04.0671 2276 Cdrom - ok
15:14:04.0687 2276 Changer - ok
15:14:04.0687 2276 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:14:04.0765 2276 CmBatt - ok
15:14:04.0765 2276 CmdIde - ok
15:14:04.0781 2276 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:14:04.0859 2276 Compbatt - ok
15:14:04.0859 2276 Cpqarray - ok
15:14:04.0875 2276 dac2w2k - ok
15:14:04.0875 2276 dac960nt - ok
15:14:04.0890 2276 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:14:04.0968 2276 Disk - ok
15:14:05.0015 2276 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:14:05.0109 2276 dmboot - ok
15:14:05.0140 2276 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:14:05.0218 2276 dmio - ok
15:14:05.0234 2276 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:14:05.0328 2276 dmload - ok
15:14:05.0359 2276 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:14:05.0421 2276 DMusic - ok
15:14:05.0437 2276 dpti2o - ok
15:14:05.0453 2276 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:14:05.0531 2276 drmkaud - ok
15:14:05.0562 2276 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
15:14:05.0562 2276 ElbyCDIO - ok
15:14:05.0593 2276 EMSCR (80d2b63eddfb3e0fa5b3a26623fa6ca2) C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
15:14:05.0625 2276 EMSCR - ok
15:14:05.0656 2276 ESDCR (1bc911fd442b1188912aaad39e0f3af9) C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
15:14:05.0671 2276 ESDCR - ok
15:14:05.0687 2276 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:14:05.0765 2276 Fastfat - ok
15:14:05.0781 2276 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:14:05.0875 2276 Fdc - ok
15:14:05.0906 2276 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:14:06.0000 2276 Fips - ok
15:14:06.0015 2276 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:14:06.0078 2276 Flpydisk - ok
15:14:06.0093 2276 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:14:06.0156 2276 FltMgr - ok
15:14:06.0187 2276 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:14:06.0265 2276 Fs_Rec - ok
15:14:06.0281 2276 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:14:06.0343 2276 Ftdisk - ok
15:14:06.0390 2276 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:14:06.0390 2276 GEARAspiWDM - ok
15:14:06.0421 2276 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:14:06.0500 2276 Gpc - ok
15:14:06.0515 2276 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:14:06.0593 2276 HDAudBus - ok
15:14:06.0625 2276 HECI (2df64415a28ce036ac6acec7645a996f) C:\WINDOWS\system32\DRIVERS\HECI.sys
15:14:06.0640 2276 HECI - ok
15:14:06.0671 2276 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:14:06.0734 2276 HidUsb - ok
15:14:06.0750 2276 hpn - ok
15:14:06.0781 2276 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:14:06.0843 2276 HPZid412 - ok
15:14:06.0859 2276 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:14:06.0890 2276 HPZipr12 - ok
15:14:06.0921 2276 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:14:06.0968 2276 HPZius12 - ok
15:14:07.0015 2276 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:14:07.0062 2276 HTTP - ok
15:14:07.0062 2276 i2omgmt - ok
15:14:07.0062 2276 i2omp - ok
15:14:07.0109 2276 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:14:07.0187 2276 i8042prt - ok
15:14:07.0218 2276 ialm (b19a3d4ef89effd994dc8db933c25441) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:14:07.0328 2276 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\igxpmp32.sys. Real md5: b19a3d4ef89effd994dc8db933c25441, Fake md5: 2da364ee62d4949620b6fae4ffea16a7
15:14:07.0343 2276 ialm ( ForgedFile.Multi.Generic ) - warning
15:14:07.0343 2276 ialm - detected ForgedFile.Multi.Generic (1)
15:14:07.0359 2276 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:14:07.0421 2276 Imapi - ok
15:14:07.0437 2276 ini910u - ok
15:14:07.0484 2276 IntcAzAudAddService (384d4d19b0efafb67cd38776edd8049e) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:14:07.0515 2276 Suspicious file (Forged): C:\WINDOWS\system32\drivers\RtkHDAud.sys. Real md5: 384d4d19b0efafb67cd38776edd8049e, Fake md5: b2957d6c1226f029230dac2c46d34286
15:14:07.0531 2276 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - warning
15:14:07.0531 2276 IntcAzAudAddService - detected ForgedFile.Multi.Generic (1)
15:14:07.0531 2276 IntelIde - ok
15:14:07.0546 2276 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:14:07.0609 2276 intelppm - ok
15:14:07.0640 2276 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:14:07.0718 2276 Ip6Fw - ok
15:14:07.0734 2276 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:14:07.0812 2276 IpFilterDriver - ok
15:14:07.0828 2276 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:14:07.0890 2276 IpInIp - ok
15:14:07.0921 2276 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:14:08.0000 2276 IpNat - ok
15:14:08.0015 2276 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:14:08.0109 2276 IPSec - ok
15:14:08.0125 2276 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:14:08.0156 2276 IRENUM - ok
15:14:08.0203 2276 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:14:08.0296 2276 isapnp - ok
15:14:08.0312 2276 ITECIR (0f4809812bcd6f23d21608818355d821) C:\WINDOWS\system32\DRIVERS\ITECIR.sys
15:14:08.0343 2276 ITECIR - ok
15:14:08.0343 2276 JMCR (dedb6cc1b166928a8f3f68def1766db0) C:\WINDOWS\system32\DRIVERS\jmcr.sys
15:14:08.0390 2276 JMCR - ok
15:14:08.0390 2276 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:14:08.0468 2276 Kbdclass - ok
15:14:08.0500 2276 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:14:08.0578 2276 kbdhid - ok
15:14:08.0593 2276 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:14:08.0703 2276 kmixer - ok
15:14:08.0718 2276 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:14:08.0750 2276 KSecDD - ok
15:14:08.0781 2276 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
15:14:08.0781 2276 LBeepKE - ok
15:14:08.0875 2276 lbrtfdc - ok
15:14:08.0921 2276 LEqdUsb (70035567754bed4e6ad353ca3f175127) C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
15:14:08.0921 2276 LEqdUsb - ok
15:14:08.0937 2276 LHidEqd (32491b6bae0afad1d7a62c0ef0af4321) C:\WINDOWS\system32\Drivers\LHidEqd.Sys
15:14:08.0937 2276 LHidEqd - ok
15:14:08.0968 2276 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
15:14:08.0984 2276 LHidFilt - ok
15:14:09.0015 2276 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
15:14:09.0031 2276 lirsgt ( UnsignedFile.Multi.Generic ) - warning
15:14:09.0031 2276 lirsgt - detected UnsignedFile.Multi.Generic (1)
15:14:09.0031 2276 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
15:14:09.0046 2276 LMouFilt - ok
15:14:09.0093 2276 massfilter (09721f2c56681a83c93ecdfab8b102a9) C:\WINDOWS\system32\drivers\massfilter.sys
15:14:09.0125 2276 massfilter - ok
15:14:09.0156 2276 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
15:14:09.0187 2276 mcdbus ( UnsignedFile.Multi.Generic ) - warning
15:14:09.0187 2276 mcdbus - detected UnsignedFile.Multi.Generic (1)
15:14:09.0218 2276 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:14:09.0296 2276 mnmdd - ok
15:14:09.0343 2276 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:14:09.0437 2276 Modem - ok
15:14:09.0468 2276 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:14:09.0546 2276 Mouclass - ok
15:14:09.0562 2276 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:14:09.0656 2276 mouhid - ok
15:14:09.0687 2276 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:14:09.0765 2276 MountMgr - ok
15:14:09.0781 2276 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
15:14:09.0796 2276 MpFilter - ok
15:14:09.0875 2276 MpKsl5391f7ec - ok
15:14:09.0890 2276 MpKsldee015ff - ok
15:14:09.0890 2276 mraid35x - ok
15:14:09.0906 2276 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:14:09.0968 2276 MRxDAV - ok
15:14:10.0031 2276 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:14:10.0078 2276 MRxSmb - ok
15:14:10.0093 2276 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:14:10.0171 2276 Msfs - ok
15:14:10.0187 2276 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\WINDOWS\system32\Drivers\nx6000.sys
15:14:10.0203 2276 MSHUSBVideo - ok
15:14:10.0218 2276 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:14:10.0281 2276 MSKSSRV - ok
15:14:10.0312 2276 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:14:10.0375 2276 MSPCLOCK - ok
15:14:10.0390 2276 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:14:10.0468 2276 MSPQM - ok
15:14:10.0484 2276 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:14:10.0562 2276 mssmbios - ok
15:14:10.0578 2276 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:14:10.0640 2276 MSTEE - ok
15:14:10.0671 2276 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:14:10.0687 2276 Mup - ok
15:14:10.0718 2276 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:14:10.0781 2276 NABTSFEC - ok
15:14:10.0812 2276 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:14:10.0890 2276 NDIS - ok
15:14:10.0921 2276 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:14:10.0984 2276 NdisIP - ok
15:14:11.0031 2276 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:14:11.0046 2276 NdisTapi - ok
15:14:11.0078 2276 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:14:11.0156 2276 Ndisuio - ok
15:14:11.0156 2276 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:14:11.0234 2276 NdisWan - ok
15:14:11.0265 2276 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:14:11.0281 2276 NDProxy - ok
15:14:11.0296 2276 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:14:11.0359 2276 NetBIOS - ok
15:14:11.0390 2276 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:14:11.0453 2276 NetBT - ok
15:14:11.0562 2276 NETw5x32 (0888844230083ce3b47395102bca8207) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
15:14:11.0687 2276 NETw5x32 - ok
15:14:11.0703 2276 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:14:11.0781 2276 NIC1394 - ok
15:14:11.0843 2276 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
15:14:12.0015 2276 nmwcd - ok
15:14:12.0046 2276 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
15:14:12.0093 2276 nmwcdc - ok
15:14:12.0125 2276 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:14:12.0187 2276 Npfs - ok
15:14:12.0203 2276 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:14:12.0281 2276 Ntfs - ok
15:14:12.0312 2276 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:14:12.0390 2276 Null - ok
15:14:12.0468 2276 nv (9784b411be6a681b5098e507d4724f76) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:14:12.0515 2276 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\nv4_mini.sys. Real md5: 9784b411be6a681b5098e507d4724f76, Fake md5: b9b1bb146eb9a83dcf0f5635b09d3d43
15:14:12.0546 2276 nv ( ForgedFile.Multi.Generic ) - warning
15:14:12.0546 2276 nv - detected ForgedFile.Multi.Generic (1)
15:14:12.0562 2276 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:14:12.0640 2276 NwlnkFlt - ok
15:14:12.0656 2276 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:14:12.0734 2276 NwlnkFwd - ok
15:14:12.0750 2276 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:14:12.0828 2276 ohci1394 - ok
15:14:12.0875 2276 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
15:14:12.0937 2276 Parport - ok
15:14:12.0953 2276 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:14:13.0031 2276 PartMgr - ok
15:14:13.0062 2276 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:14:13.0125 2276 ParVdm - ok
15:14:13.0156 2276 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
15:14:13.0171 2276 pccsmcfd - ok
15:14:13.0203 2276 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:14:13.0281 2276 PCI - ok
15:14:13.0281 2276 PCIDump - ok
15:14:13.0296 2276 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:14:13.0375 2276 PCIIde - ok
15:14:13.0390 2276 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:14:13.0468 2276 Pcmcia - ok
15:14:13.0468 2276 PDCOMP - ok
15:14:13.0484 2276 PDFRAME - ok
15:14:13.0484 2276 PDRELI - ok
15:14:13.0484 2276 PDRFRAME - ok
15:14:13.0500 2276 perc2 - ok
15:14:13.0515 2276 perc2hib - ok
15:14:13.0546 2276 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:14:13.0656 2276 PptpMiniport - ok
15:14:13.0703 2276 Prvflder (6395877be921df88f7ac298f5a7ec1be) C:\WINDOWS\system32\DRIVERS\prvflder.sys
15:14:13.0718 2276 Prvflder - ok
15:14:13.0750 2276 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:14:13.0812 2276 PSched - ok
15:14:13.0828 2276 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:14:13.0906 2276 Ptilink - ok
15:14:13.0906 2276 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:14:13.0921 2276 PxHelp20 - ok
15:14:13.0921 2276 ql1080 - ok
15:14:13.0937 2276 Ql10wnt - ok
15:14:13.0937 2276 ql12160 - ok
15:14:13.0953 2276 ql1240 - ok
15:14:13.0953 2276 ql1280 - ok
15:14:13.0968 2276 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:14:14.0031 2276 RasAcd - ok
15:14:14.0062 2276 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:14:14.0125 2276 Rasl2tp - ok
15:14:14.0140 2276 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:14:14.0203 2276 RasPppoe - ok
15:14:14.0218 2276 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:14:14.0281 2276 Raspti - ok
15:14:14.0296 2276 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:14:14.0375 2276 Rdbss - ok
15:14:14.0375 2276 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:14:14.0453 2276 RDPCDD - ok
15:14:14.0500 2276 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:14:14.0531 2276 RDPWD - ok
15:14:14.0609 2276 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:14:14.0671 2276 redbook - ok
15:14:14.0718 2276 RT73 (da4980fad2b7d86d6ed8e35e3874f65e) C:\WINDOWS\system32\DRIVERS\rt73.sys
15:14:14.0750 2276 RT73 - ok
15:14:14.0796 2276 RTLE8023xp (cd0afbbd81c30e6a8a92cc1089db1ba0) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
15:14:14.0828 2276 RTLE8023xp - ok
15:14:14.0968 2276 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:14:14.0968 2276 SASDIFSV - ok
15:14:15.0000 2276 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:14:15.0000 2276 SASKUTIL - ok
15:14:15.0046 2276 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:14:15.0140 2276 sdbus - ok
15:14:15.0171 2276 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:14:15.0203 2276 Secdrv - ok
15:14:15.0234 2276 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:14:15.0312 2276 Serenum - ok
15:14:15.0343 2276 Serial (431d1e1bb38be30c35a46c4677fc2f10) C:\WINDOWS\system32\DRIVERS\serial.sys
15:14:15.0343 2276 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\serial.sys. Real md5: 431d1e1bb38be30c35a46c4677fc2f10, Fake md5: cca207a8896d4c6a0c9ce29a4ae411a7
15:14:15.0343 2276 Serial ( Virus.Win32.ZAccess.g ) - infected
15:14:15.0343 2276 Serial - detected Virus.Win32.ZAccess.g (0)
15:14:15.0359 2276 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:14:15.0421 2276 Sfloppy - ok
15:14:15.0437 2276 Simbad - ok
15:14:15.0468 2276 SinoTPM (98d59fdf07e53ee2b83f10dad0f2a731) C:\WINDOWS\system32\DRIVERS\SinoTpm.sys
15:14:15.0500 2276 SinoTPM - ok
15:14:15.0531 2276 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:14:15.0609 2276 SLIP - ok
15:14:15.0640 2276 smserial (63b3b77bdb67ee674771c0e6fb96da9e) C:\WINDOWS\system32\DRIVERS\smserial.sys
15:14:15.0734 2276 smserial - ok
15:14:15.0734 2276 Sparrow - ok
15:14:15.0781 2276 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:14:15.0890 2276 splitter - ok
15:14:15.0953 2276 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\System32\Drivers\sptd.sys
15:14:15.0968 2276 sptd - ok
15:14:16.0000 2276 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:14:16.0031 2276 sr - ok
15:14:16.0078 2276 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:14:16.0109 2276 Srv - ok
15:14:16.0203 2276 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:14:16.0281 2276 streamip - ok
15:14:16.0312 2276 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:14:16.0390 2276 swenum - ok
15:14:16.0421 2276 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:14:16.0484 2276 swmidi - ok
15:14:16.0531 2276 symc810 - ok
15:14:16.0546 2276 symc8xx - ok
15:14:16.0562 2276 sym_hi - ok
15:14:16.0578 2276 sym_u3 - ok
15:14:16.0625 2276 SynTP (d7b9ad3abd0f7f9f694d71f38b5c7b72) C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:14:16.0671 2276 SynTP - ok
15:14:16.0703 2276 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:14:16.0796 2276 sysaudio - ok
15:14:16.0843 2276 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:14:16.0906 2276 Tcpip - ok
15:14:16.0953 2276 TcUsb (72b9e77565da5fa564581976e000d29b) C:\WINDOWS\system32\Drivers\tcusb.sys
15:14:16.0953 2276 TcUsb - ok
15:14:17.0000 2276 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:14:17.0078 2276 TDPIPE - ok
15:14:17.0093 2276 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:14:17.0156 2276 TDTCP - ok
15:14:17.0203 2276 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:14:17.0265 2276 TermDD - ok
15:14:17.0281 2276 TosIde - ok
15:14:17.0328 2276 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:14:17.0406 2276 Udfs - ok
15:14:17.0406 2276 ultra - ok
15:14:17.0421 2276 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:14:17.0500 2276 Update - ok
15:14:17.0531 2276 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
15:14:17.0578 2276 upperdev - ok
15:14:17.0593 2276 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:14:17.0625 2276 USBAAPL - ok
15:14:17.0703 2276 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
15:14:17.0765 2276 usbaudio - ok
15:14:17.0781 2276 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:14:17.0843 2276 usbccgp - ok
15:14:17.0890 2276 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:14:17.0968 2276 usbehci - ok
15:14:17.0968 2276 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:14:18.0046 2276 usbhub - ok
15:14:18.0140 2276 USBMULCD (f23d08cf90c0dfe8b20b9236a0002250) C:\WINDOWS\system32\drivers\CM106.sys
15:14:18.0250 2276 USBMULCD - ok
15:14:18.0312 2276 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:14:18.0375 2276 usbprint - ok
15:14:18.0406 2276 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:14:18.0484 2276 usbscan - ok
15:14:18.0500 2276 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
15:14:18.0578 2276 usbser - ok
15:14:18.0609 2276 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
15:14:18.0656 2276 UsbserFilt - ok
15:14:18.0687 2276 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:14:18.0796 2276 USBSTOR - ok
15:14:18.0828 2276 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:14:18.0921 2276 usbuhci - ok
15:14:18.0953 2276 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
15:14:19.0031 2276 usbvideo - ok
15:14:19.0062 2276 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\WINDOWS\system32\DRIVERS\VClone.sys
15:14:19.0078 2276 VClone ( UnsignedFile.Multi.Generic ) - warning
15:14:19.0078 2276 VClone - detected UnsignedFile.Multi.Generic (1)
15:14:19.0125 2276 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:14:19.0187 2276 VgaSave - ok
15:14:19.0203 2276 ViaIde - ok
15:14:19.0218 2276 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:14:19.0296 2276 VolSnap - ok
15:14:19.0312 2276 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:14:19.0390 2276 Wanarp - ok
15:14:19.0421 2276 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
15:14:19.0437 2276 WDC_SAM - ok
15:14:19.0484 2276 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:14:19.0500 2276 Wdf01000 - ok
15:14:19.0515 2276 WDICA - ok
15:14:19.0546 2276 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:14:19.0609 2276 wdmaud - ok
15:14:19.0656 2276 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:14:19.0718 2276 WmiAcpi - ok
15:14:19.0765 2276 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
15:14:19.0796 2276 WpdUsb - ok
15:14:19.0812 2276 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:14:19.0890 2276 WSTCODEC - ok
15:14:19.0953 2276 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:14:20.0000 2276 WudfPf - ok
15:14:20.0093 2276 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:14:20.0093 2276 WudfRd - ok
15:14:20.0171 2276 ZTEusbmdm6k (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
15:14:20.0203 2276 ZTEusbmdm6k - ok
15:14:20.0234 2276 ZTEusbnmea (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
15:14:20.0234 2276 ZTEusbnmea - ok
15:14:20.0250 2276 ZTEusbser6k (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
15:14:20.0265 2276 ZTEusbser6k - ok
15:14:20.0281 2276 ZTEusbvoice (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys
15:14:20.0296 2276 ZTEusbvoice - ok
15:14:20.0312 2276 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:14:20.0515 2276 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:14:20.0515 2276 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:14:20.0515 2276 Boot (0x1200) (97ca531568424890d8109fa07c73188d) \Device\Harddisk0\DR0\Partition0
15:14:20.0515 2276 \Device\Harddisk0\DR0\Partition0 - ok
15:14:20.0515 2276 ============================================================
15:14:20.0515 2276 Scan finished
15:14:20.0515 2276 ============================================================
15:14:20.0625 0912 Detected object count: 9
15:14:20.0625 0912 Actual detected object count: 9
15:14:32.0765 0912 ASPI ( UnsignedFile.Multi.Generic ) - skipped by user
15:14:32.0765 0912 ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:14:32.0765 0912 ialm ( ForgedFile.Multi.Generic ) - skipped by user
15:14:32.0765 0912 ialm ( ForgedFile.Multi.Generic ) - User select action: Skip
15:14:32.0765 0912 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - skipped by user
15:14:32.0765 0912 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - User select action: Skip
15:14:32.0765 0912 lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
15:14:32.0765 0912 lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:14:32.0765 0912 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user
15:14:32.0765 0912 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:14:32.0765 0912 nv ( ForgedFile.Multi.Generic ) - skipped by user
15:14:32.0765 0912 nv ( ForgedFile.Multi.Generic ) - User select action: Skip
15:14:32.0953 0912 Backup copy found, using it..
15:14:32.0953 0912 C:\WINDOWS\system32\DRIVERS\serial.sys - will be cured on reboot
15:14:33.0046 0912 C:\WINDOWS\system32\cc_950.nls - will be deleted on reboot
15:14:34.0156 0912 Serial ( Virus.Win32.ZAccess.g ) - User select action: Cure
15:14:34.0156 0912 VClone ( UnsignedFile.Multi.Generic ) - skipped by user
15:14:34.0156 0912 VClone ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:14:34.0156 0912 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:14:34.0156 0912 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
15:14:51.0218 2404 Deinitialize success


FSS Information:

Farbar Service Scanner Version: 18-01-2012 01
Ran by Chris (administrator) on 26-01-2012 at 15:25:24
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****


OTL Information:

OTL logfile created on: 1/26/2012 3:26:43 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 66.66% Memory free
4.34 Gb Paging File | 3.50 Gb Available in Paging File | 80.61% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 140.16 Gb Free Space | 47.02% Space Free | Partition Type: NTFS
Drive D: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ADMIN-F8FA5483E | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/26 15:26:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
PRC - [2012/01/26 15:25:02 | 000,334,429 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\FSS.exe
PRC - [2012/01/12 18:35:30 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/19 20:19:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/12/19 20:19:48 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/29 14:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/05/20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/03/10 01:10:38 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
PRC - [2010/03/06 03:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2009/11/13 10:29:42 | 009,117,504 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/11/13 10:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008/07/04 00:44:46 | 000,278,792 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/15 11:59:40 | 000,656,896 | ---- | M] (ITE Tech. Inc.) -- C:\Program Files\ITECIR\RemoteControlService.exe
PRC - [2006/04/21 21:06:14 | 000,069,632 | ---- | M] () -- C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
PRC - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/26 15:25:02 | 000,334,429 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\FSS.exe
MOD - [2012/01/26 15:18:03 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/01/26 15:18:03 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/01/14 12:31:47 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2012/01/14 12:25:19 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\5209ec50ced1ae185b261e6158ea8cf4\Microsoft.VisualBasic.ni.dll
MOD - [2012/01/14 12:24:45 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2012/01/14 12:24:42 | 011,797,504 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dc8d60f0535f59de89d37e69fce2f092\System.Web.ni.dll
MOD - [2012/01/14 12:24:35 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a845cccb1a05033f54a46e85a499ac2c\System.Runtime.Remoting.ni.dll
MOD - [2012/01/14 12:24:25 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2012/01/14 12:03:29 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2012/01/14 12:03:22 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2012/01/14 12:03:12 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2012/01/14 12:02:54 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
MOD - [2012/01/14 12:00:32 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2012/01/13 22:35:10 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2012/01/13 22:34:28 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/01/12 18:35:29 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/12/19 20:23:59 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/12/19 20:23:58 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2010/06/03 12:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/03/10 01:10:38 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
MOD - [2009/11/27 12:11:44 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/08/19 14:49:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
MOD - [2009/07/29 14:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll
MOD - [2009/07/20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2008/04/14 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006/04/21 21:06:14 | 000,069,632 | ---- | M] () -- C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (s616mgmt)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/12/19 20:19:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/28 21:10:31 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/05/20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/03/10 01:10:38 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe -- (mi-raysat_3dsmax2011_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/13 10:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008/04/14 07:00:00 | 000,005,120 | ---- | M] (Iomega) [Auto | Running] -- C:\WINDOWS\system32\ndassvc.dll -- (w300mdm)
SRV - [2006/12/15 11:59:40 | 000,656,896 | ---- | M] (ITE Tech. Inc.) [Auto | Running] -- C:\Program Files\ITECIR\RemoteControlService.exe -- (ITECIRService)
SRV - [2006/04/21 21:06:14 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe -- (prfldsvc)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/12/19 20:19:44 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/12/19 20:19:44 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/05/08 10:51:33 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/05/20 14:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/03/03 20:15:00 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/27 00:28:07 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/02/26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/11/09 10:17:54 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbvoice.sys -- (ZTEusbvoice)
DRV - [2009/11/09 10:17:46 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/11/09 10:17:36 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/11/09 10:17:28 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/11/09 10:17:20 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 11:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009/06/17 11:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009/06/17 11:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/02/24 12:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/13 10:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/10/13 15:21:24 | 001,506,304 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CM106.sys -- (USBMULCD)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/05/02 12:49:52 | 003,626,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/04/17 01:33:00 | 004,707,328 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/11 03:55:04 | 000,084,240 | R--- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/03/26 13:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/03/07 05:57:12 | 000,106,624 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/05/14 09:03:24 | 000,445,696 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/04/15 14:18:12 | 000,034,048 | ---- | M] (SINOSUN Technology Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SinoTpm.sys -- (SinoTPM)
DRV - [2007/04/04 00:01:46 | 000,066,304 | R--- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2007/04/04 00:01:46 | 000,045,952 | R--- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2007/01/23 11:38:08 | 000,808,752 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2007/01/17 00:38:00 | 000,983,936 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006/12/28 18:24:34 | 000,007,808 | ---- | M] (ITE Tech. Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ITECIR.sys -- (ITECIR) ITE EC CIR Driver (PMC)
DRV - [2006/04/21 08:22:24 | 000,070,912 | ---- | M] (Windows ® 2000 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\prvflder.sys -- (Prvflder)
DRV - [2002/07/17 08:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1979961183-4207946074-3258539259-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1979961183-4207946074-3258539259-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://grrm.livejournal.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@neulion.com/npadaptiveplugin: C:\Documents and Settings\Chris\Application Data\NeuLion\AdaptivePlugin\npadaptiveplugin_1_6_5_7131.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@neulion.com/npadaptiveplugin: C:\Documents and Settings\Chris\Application Data\NeuLion\AdaptivePlugin\npadaptiveplugin_1_6_5_7131.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/04/19 12:43:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/12 18:35:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/09 10:38:02 | 000,000,000 | ---D | M]

[2010/02/26 16:07:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2011/11/02 14:31:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\bssczbqv.default\extensions
[2010/05/11 09:31:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\bssczbqv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/15 16:01:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/03 08:34:28 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BSSCZBQV.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
[2012/01/12 18:35:31 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/12 15:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/01/12 18:35:27 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/12 18:35:27 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/03/12 12:23:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-1979961183-4207946074-3258539259-1006\..\Toolbar\ShellBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1979961183-4207946074-3258539259-1006..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1979961183-4207946074-3258539259-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1979961183-4207946074-3258539259-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1979961183-4207946074-3258539259-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 43 01 00 00 [binary data]
O7 - HKU\S-1-5-21-1979961183-4207946074-3258539259-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1979961183-4207946074-3258539259-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57100854-6EF9-4869-9D6C-76FDFCFA064B}: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F4E6888-1A23-455B-AD61-496786657550}: DhcpNameServer = 192.168.1.4 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1930D3D-7EA3-452C-BA18-D5E8D9E84AA7}: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\WINDOWS\system32\psqlpwd.dll) - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/13 08:44:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/05/25 05:53:08 | 001,134,650 | R--- | M] () - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2000/12/15 08:47:12 | 000,000,053 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/26 15:26:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2012/01/26 15:13:18 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Chris\Desktop\tdsskiller.exe
[2012/01/25 18:52:13 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Chris\Desktop\dds.scr
[2012/01/23 17:36:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2012/01/23 17:29:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\d8560de0
[2012/01/15 22:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\Kinburn
[2012/01/14 13:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\Trance In Motion Vol.105
[2012/01/13 22:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/01/13 22:06:26 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2012/01/12 21:51:20 | 124,404,952 | ---- | C] (NVIDIA Corporation) -- C:\Documents and Settings\Chris\Desktop\266.58_notebook_winxp_32bit_international_whql.exe
[2012/01/12 21:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\Sofiahpics
[2012/01/12 19:12:04 | 000,888,424 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
[2012/01/12 19:12:04 | 000,813,672 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco32.dll
[2012/01/12 17:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2012/01/12 16:19:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\Sigma

========== Files - Modified Within 30 Days ==========

[2012/01/26 15:26:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2012/01/26 15:25:02 | 000,334,429 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\FSS.exe
[2012/01/26 15:21:47 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/26 15:16:54 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/26 15:16:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/26 15:13:24 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Chris\Desktop\tdsskiller.exe
[2012/01/25 20:44:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/25 18:57:30 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\cw5reby8.exe
[2012/01/25 18:52:13 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Chris\Desktop\dds.scr
[2012/01/25 18:46:06 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/25 18:45:23 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_log_trash.cmd
[2012/01/25 18:43:34 | 000,000,192 | ---- | M] () -- C:\Documents and Settings\Chris\defogger_reenable
[2012/01/25 18:42:46 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Defogger.exe
[2012/01/25 17:35:29 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2012/01/23 17:36:45 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/23 17:30:04 | 000,295,752 | ---- | M] () -- C:\WINDOWS\System32\shimg.dll
[2012/01/22 11:19:31 | 009,484,779 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Ducks.jpg
[2012/01/22 11:03:47 | 000,083,144 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Radio.jpg
[2012/01/17 22:16:35 | 019,012,011 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Tomas Heredia Feat Marcelo Fratini - Moonlight (Original Mix).mp3
[2012/01/17 21:33:37 | 017,753,904 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Basil O Glue - Cosmogony (Moonwalkers Remix).mp3
[2012/01/17 21:30:52 | 021,358,804 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Basil O Glue - Cosmogony (Original Mix).mp3
[2012/01/17 21:20:02 | 021,422,541 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\01-pm_attitude-detector__original_mix.mp3
[2012/01/14 12:00:57 | 003,567,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/13 22:34:40 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/13 22:34:40 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/13 22:30:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/13 22:25:55 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/01/13 21:57:36 | 2726,511,598 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\CnC-RA3_NA_ddsetup.zip
[2012/01/12 21:54:22 | 124,404,952 | ---- | M] (NVIDIA Corporation) -- C:\Documents and Settings\Chris\Desktop\266.58_notebook_winxp_32bit_international_whql.exe
[2012/01/12 19:12:39 | 000,240,608 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/01/12 19:12:39 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/01/12 19:12:37 | 000,240,608 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/01/11 15:57:54 | 000,216,064 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/09 20:32:39 | 000,701,716 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\photo.JPG
[2012/01/06 23:02:51 | 008,542,193 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Cell_-_Twisted_Sun.mp3
[2012/01/04 04:26:22 | 000,236,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/12/28 23:38:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2012/01/26 15:25:01 | 000,334,429 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\FSS.exe
[2012/01/25 18:57:28 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\cw5reby8.exe
[2012/01/25 18:43:03 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\Chris\defogger_reenable
[2012/01/25 18:42:45 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Defogger.exe
[2012/01/23 17:31:02 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_log_trash.cmd
[2012/01/23 17:29:23 | 000,295,752 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2012/01/22 11:19:26 | 009,484,779 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Ducks.jpg
[2012/01/22 11:03:46 | 000,083,144 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Radio.jpg
[2012/01/17 22:15:24 | 019,012,011 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Tomas Heredia Feat Marcelo Fratini - Moonlight (Original Mix).mp3
[2012/01/17 21:32:26 | 017,753,904 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Basil O Glue - Cosmogony (Moonwalkers Remix).mp3
[2012/01/17 21:29:16 | 021,358,804 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Basil O Glue - Cosmogony (Original Mix).mp3
[2012/01/17 21:18:35 | 021,422,541 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\01-pm_attitude-detector__original_mix.mp3
[2012/01/13 22:30:52 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/13 19:36:45 | 2726,511,598 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\CnC-RA3_NA_ddsetup.zip
[2012/01/12 18:51:40 | 000,003,739 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2012/01/09 20:32:39 | 000,701,716 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\photo.JPG
[2012/01/08 21:28:06 | 013,857,213 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Wildlife Photography.pdf
[2012/01/06 23:04:04 | 009,825,261 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\cell_-_the_gate.mp3
[2012/01/06 23:04:04 | 008,542,193 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Cell_-_Twisted_Sun.mp3
[2012/01/06 23:04:03 | 017,080,924 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Cell_-_Floating_Retention.mp3
[2012/01/06 23:04:02 | 014,990,640 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Cell_-_Erasing_Pluto.mp3
[2012/01/06 23:04:02 | 011,893,121 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Cell_-_Blue_Embers.mp3
[2012/01/06 23:03:46 | 013,673,795 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Zero_Cult_-_Redreaming.mp3
[2012/01/06 23:03:45 | 012,661,533 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\zero_cult_-_500_seconds.mp3
[2012/01/06 23:03:45 | 012,518,949 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Zero_Cult_-_Neokarma.mp3
[2012/01/06 23:03:44 | 011,038,037 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\zero_cult - neokarma.mp3
[2011/09/14 15:43:00 | 000,240,608 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/09/14 15:42:57 | 000,240,608 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/09/14 15:42:57 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/09/14 15:42:26 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/08/01 16:21:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2011/08/01 15:08:45 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\PPD Plugins
[2011/08/01 15:08:45 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\PDEs
[2011/08/01 15:08:45 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Overdrive
[2011/08/01 15:08:45 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Chris\Application Data\Organic
[2011/08/01 15:08:45 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Chris\Application Data\Noise Gate
[2011/08/01 15:08:45 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Chris\Application Data\NetServices
[2011/08/01 15:08:45 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2011/08/01 15:08:45 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2011/08/01 15:08:45 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2011/06/10 16:24:45 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/02/09 16:27:26 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ra3.ini
[2011/01/01 16:22:54 | 000,069,632 | ---- | C] () -- C:\WINDOWS\RAUNINST.EXE
[2010/11/26 06:06:48 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Yqedabuyutomob.dat
[2010/11/26 06:06:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mcececabafojoc.bin
[2010/08/26 19:17:52 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/08/23 17:51:26 | 000,056,492 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/21 17:10:06 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/07/17 15:17:45 | 005,653,224 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/07/17 15:17:45 | 000,015,341 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/06/24 21:03:13 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\pthread.dll
[2010/04/27 15:00:22 | 000,028,042 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\OFMissionEditorConfig.xml
[2010/04/21 00:14:52 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2010/03/31 14:31:22 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/03/11 07:39:41 | 000,000,221 | ---- | C] () -- C:\WINDOWS\Cm106.ini.cfl
[2010/03/11 07:39:13 | 000,001,249 | ---- | C] () -- C:\WINDOWS\Cm106.ini.cfg
[2010/03/11 07:39:12 | 000,000,490 | ---- | C] () -- C:\WINDOWS\cm106.ini
[2010/03/06 08:48:54 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/06 08:48:54 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/03/03 08:37:47 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/01 13:27:25 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/27 00:56:46 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\System32\WINSYS.DAT
[2010/02/27 00:28:07 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/02/27 00:28:07 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/02/26 16:07:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/02/26 11:54:21 | 000,216,064 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/26 10:07:40 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini
[2010/02/26 09:48:25 | 000,356,352 | R--- | C] () -- C:\WINDOWS\EMCRI.dll
[2009/05/13 10:14:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/05/13 09:30:52 | 000,000,080 | R--- | C] () -- C:\WINDOWS\OEM.ini
[2009/05/13 09:22:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/05/13 09:21:10 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4977.dll
[2009/05/13 09:21:09 | 002,026,604 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/05/13 09:21:09 | 000,442,964 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/05/13 08:46:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/05/13 08:42:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/05/12 14:35:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/05/12 14:34:43 | 003,567,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,435,828 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,068,558 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Files - Unicode (All) ==========
[2012/01/04 00:07:33 | 004,508,425 | ---- | M] ()(C:\Documents and Settings\Chris\Desktop\???????? ????.jpg) -- C:\Documents and Settings\Chris\Desktop\звездное небо.jpg
[2012/01/04 00:07:32 | 004,508,425 | ---- | C] ()(C:\Documents and Settings\Chris\Desktop\???????? ????.jpg) -- C:\Documents and Settings\Chris\Desktop\звездное небо.jpg
[2011/11/11 22:30:11 | 000,029,184 | ---- | M] ()(C:\Documents and Settings\Chris\My Documents\? ???? ? ?????? ????.doc) -- C:\Documents and Settings\Chris\My Documents\у него и другие были.doc
[2011/10/23 16:27:16 | 000,029,184 | ---- | C] ()(C:\Documents and Settings\Chris\My Documents\? ???? ? ?????? ????.doc) -- C:\Documents and Settings\Chris\My Documents\у него и другие были.doc
[2011/09/06 10:48:13 | 000,000,000 | ---D | M](C:\Documents and Settings\Chris\Desktop\??-34) -- C:\Documents and Settings\Chris\Desktop\су-34
[2011/08/31 04:50:58 | 000,000,000 | ---D | C](C:\Documents and Settings\Chris\Desktop\??-34) -- C:\Documents and Settings\Chris\Desktop\су-34

< End of report >


EXTRAS.TXT


OTL Extras logfile created on: 1/26/2012 3:26:43 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 66.66% Memory free
4.34 Gb Paging File | 3.50 Gb Available in Paging File | 80.61% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 140.16 Gb Free Space | 47.02% Space Free | Partition Type: NTFS
Drive D: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ADMIN-F8FA5483E | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1979961183-4207946074-3258539259-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)
"C:\Program Files\Sony\Media Manager for WALKMAN\MediaManager.exe" = C:\Program Files\Sony\Media Manager for WALKMAN\MediaManager.exe:*:Enabled:Media Manager for WALKMAN 1.2 -- (Sony Creative Software Inc.)
"C:\Program Files\Autodesk\Backburner\monitor.exe" = C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\manager.exe" = C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\server.exe" = C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\3ds Max 2011\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 2011\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2011 32-bit -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe" = C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe:*:Enabled:mental ray satellite server for Autodesk 3ds Max 2011 32-bit -- ()
"C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32.exe" = C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32.exe:*:Enabled:mental ray satellite for Autodesk 3ds Max 2011 32-bit -- (mental images GmbH)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Razorworks\cohokum\cohokum.exe" = C:\Razorworks\cohokum\cohokum.exe:*:Enabled:cohokum
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze
"C:\Program Files\DID\F22ADF\PROGRAM\f22.dat" = C:\Program Files\DID\F22ADF\PROGRAM\f22.dat:*:Enabled:f22 -- ()
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\SUPERAntiSpyware\SSUPDATE.EXE" = C:\Program Files\SUPERAntiSpyware\SSUPDATE.EXE:*:Enabled:SUPERAntiSpyware Update Application -- (SUPERAntiSpyware.com)
"C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" = C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE:*:Enabled:SUPERAntiSpyware Application -- (SUPERAntiSpyware.com)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\Program Files\Common Files\Java\Java Update\jucheck.exe" = C:\Program Files\Common Files\Java\Java Update\jucheck.exe:*:Enabled:Java™ Update Checker -- (Sun Microsystems, Inc.)
"C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe" = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe:*:Enabled:WD SmartWare -- (Western Digital)
"C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe" = C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe:*:Enabled:AAM Updates Notifier Application -- (Adobe Systems Incorporated)
"C:\Program Files\Vuze\uninstall.exe" = C:\Program Files\Vuze\uninstall.exe:*:Disabled:Vuze
"C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe" = C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe:*:Disabled:Adobe Reader -- (Adobe Systems Incorporated)
"C:\Documents and Settings\Chris\Desktop\tdsskiller.exe" = C:\Documents and Settings\Chris\Desktop\tdsskiller.exe:*:Enabled:TDSS rootkit removing tool -- (Kaspersky Lab ZAO)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8
"{2537BDE1-0560-45CF-B55F-7936601025DF}_is1" = QuickStickz Web Plugin
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 24
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2B802EBE-CDAD-477C-9AD4-069615D377EB}" = Remote Controller
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & OfficeJet 5.3.B
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = BisonCam
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}" = Nokia PC Suite
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5835C50A-AAB5-4427-BE86-AD0C6673F70A}_is1" = QuickStickz Shockwave Xtra
"{5A6ED905-D19D-4954-8499-0DAF386460F7}" = Media Manager for WALKMAN 1.2
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6406E3EA-9777-45B7-A0C0-89741E629352}" = Composite 2011
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{644EA08F-87D2-48C0-AE94-B327D1C85A97}" = Microsoft Private Folder 1.0
"{67574624-BF0F-0409-AF6D-19FBD86FF7F7}" = Autodesk 3ds Max 2011 32-bit
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7239A06F-235B-43B1-970D-7A411FD95683}" = Nokia Software Updater
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Connect Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99F80251-DAE8-0409-BD08-DCBBEF56B8CB}" = Autodesk 3ds Max 2011 32-bit Components
"{9A10930E-3AA7-4B3E-99EB-A8403833DC83}" = Tableau Public 6.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D0A858BE-A665-4C0D-BC5F-C37E534B7669}" = PC Connectivity Solution
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2DA959FE3D6F0F5BC313481E72071D510DD786FB" = Windows Driver Package - Intel (w29n51) net (12/19/2007 9.0.4.39)
"38F88D2FCA130F99EBC52D18D9A01CE4761AF5F2" = Windows Driver Package - Intel (NETw5x32) net (04/27/2008 12.0.0.73)
"41A4EAE528F1958222DBFFC95F2CF959A673A7CB" = Windows Driver Package - ITE Tech.Inc. (ITECIR) System (12/28/2006 3.05.0003.3)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5CB20F7EAA8A6FBA89927F0332E0EDF556785DC7" = Windows Driver Package - Intel net (05/14/2009 12.4.1.11)
"AbleMP3" = Able MP3 OGG to WAV converter 1.00
"Ace DivX Player_is1" = Ace DivX Player v2.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Allway Sync_is1" = Allway Sync version 10.4.0
"Audacity_is1" = Audacity 1.2.6
"Autodesk FBX Plug-in 2011.1 - 3ds Max 2011" = Autodesk FBX Plug-in 2011.1 - 3ds Max 2011
"AVS Audio Editor_is1" = AVS Audio Editor 7.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"CamStudio" = CamStudio
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows Driver Package - Nokia Modem (06/01/2009 4.1)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall
"ESET Online Scanner" = ESET Online Scanner v3
"F22 Air Dominance Fighter" = F22 Air Dominance Fighter
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.91
"Generic USB 106 Sound" = USB Multi-Channel Audio Device
"HDMI" = Intel® Graphics Media Accelerator Driver
"HECI" = Intel® Management Engine Interface
"Indeo® Software" = Indeo® Software
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"mp3-2-wav" = mp3-2-wav converter 1.14
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NeuLion Adaptive Plugin" = NeuLion Adaptive Plugin
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PhotoToolkit_is1" = Photo! Editor 1.1
"RADVideo" = RAD Video Tools
"Red Alert" = Red Alert Windows 95
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veetle TV" = Veetle TV 0.9.18
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid Video Codec 1.3.1" = Xvid Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1979961183-4207946074-3258539259-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"iTunes Agent 1.3.4" = iTunes Agent 1.3.4
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/22/2012 11:41:45 AM | Computer Name = ADMIN-F8FA5483E | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 9.0.1.4371, faulting
module coreclr.dll, version 4.0.60831.0, fault address 0x0013d2a6.

Error - 1/22/2012 11:46:14 AM | Computer Name = ADMIN-F8FA5483E | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8402.0, P4
0, P5 0, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 1/22/2012 12:04:19 PM | Computer Name = ADMIN-F8FA5483E | Source = .NET Runtime | ID = 1023
Description = Application: plugin-container.exe CoreCLR Version: 4.0.60831.0 Description:
The process was terminated due to an internal error in the .NET Runtime at IP 7928D2A6
(79150000) with exit code 8013150a.

Error - 1/22/2012 12:04:21 PM | Computer Name = ADMIN-F8FA5483E | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 9.0.1.4371, faulting
module coreclr.dll, version 4.0.60831.0, fault address 0x0013d2a6.

Error - 1/22/2012 1:30:15 PM | Computer Name = ADMIN-F8FA5483E | Source = .NET Runtime | ID = 1023
Description = Application: plugin-container.exe CoreCLR Version: 4.0.60831.0 Description:
The process was terminated due to an internal error in the .NET Runtime at IP 7928D2A6
(79150000) with exit code 8013150a.

Error - 1/22/2012 1:30:17 PM | Computer Name = ADMIN-F8FA5483E | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 9.0.1.4371, faulting
module coreclr.dll, version 4.0.60831.0, fault address 0x0013d2a6.

Error - 1/22/2012 1:39:43 PM | Computer Name = ADMIN-F8FA5483E | Source = Windows Live Messenger | ID = 1000
Description =

Error - 1/24/2012 5:52:13 PM | Computer Name = ADMIN-F8FA5483E | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 1/24/2012 6:15:48 PM | Computer Name = ADMIN-F8FA5483E | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 1/24/2012 7:13:54 PM | Computer Name = ADMIN-F8FA5483E | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 1/25/2012 7:47:16 PM | Computer Name = ADMIN-F8FA5483E | Source = Service Control Manager | ID = 7023
Description = The Dot4 service terminated with the following error: %%126

Error - 1/25/2012 7:47:16 PM | Computer Name = ADMIN-F8FA5483E | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/25/2012 7:47:16 PM | Computer Name = ADMIN-F8FA5483E | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/25/2012 7:47:16 PM | Computer Name = ADMIN-F8FA5483E | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/25/2012 7:47:16 PM | Computer Name = ADMIN-F8FA5483E | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/25/2012 10:12:41 PM | Computer Name = ADMIN-F8FA5483E | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/26/2012 4:04:58 PM | Computer Name = ADMIN-F8FA5483E | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/26/2012 4:04:58 PM | Computer Name = ADMIN-F8FA5483E | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/26/2012 4:16:24 PM | Computer Name = ADMIN-F8FA5483E | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 1/26/2012 4:17:53 PM | Computer Name = ADMIN-F8FA5483E | Source = Service Control Manager | ID = 7023
Description = The Dot4 service terminated with the following error: %%126


< End of report >

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:15 PM

Posted 27 January 2012 - 02:19 AM

Hi Specter1075!

No a problem! Glad to be able to help. :)

Please let me know how things are running after running this tool below.

Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 Specter1075

Specter1075
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 27 January 2012 - 03:07 PM

Thank you again, Agent ST!

The redirects seem to have been cured. As they were the only thing noticeably wrong with my PC's performance, I cant gauge our progress in other areas. I'll have to trust in your interpretation of the information that follows. :-)

Thanks!


Here is the Combofix Log:

ComboFix 12-01-27.01 - Chris 01/27/2012 14:32:37.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.2090 [GMT -5:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Chris\WINDOWS
C:\install.exe
C:\Thumbs.db
c:\windows\$NtUninstallKB10825$
c:\windows\$NtUninstallKB10825$\3395010686
c:\windows\$NtUninstallKB10825$\3629518304\@
c:\windows\$NtUninstallKB10825$\3629518304\L\zwsrnabp
c:\windows\EventSystem.log
c:\windows\system32\ndassvc.dll
c:\windows\system32\shimg.dll
.
Infected copy of c:\windows\system32\drivers\i8042prt.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_w300mdm
-------\Service_w300mdm
.
.
((((((((((((((((((((((((( Files Created from 2011-12-27 to 2012-01-27 )))))))))))))))))))))))))))))))
.
.
2012-01-27 19:46 . 2012-01-27 19:46 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-01-27 19:46 . 2012-01-27 19:46 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-01-27 19:46 . 2012-01-27 19:46 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-01-27 19:46 . 2012-01-27 19:46 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-01-27 19:46 . 2012-01-27 19:46 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-01-27 19:46 . 2012-01-27 19:46 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-01-27 19:46 . 2012-01-27 19:46 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-01-27 19:46 . 2012-01-27 19:46 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-01-27 19:46 . 2012-01-27 19:46 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-01-27 19:45 . 2012-01-27 19:45 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-01-27 19:45 . 2012-01-27 19:45 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-01-27 19:45 . 2012-01-27 19:45 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-01-27 19:45 . 2012-01-27 19:45 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-01-27 19:45 . 2012-01-27 19:45 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-01-27 19:45 . 2012-01-27 19:45 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-01-27 19:45 . 2012-01-27 19:45 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-01-27 19:45 . 2012-01-27 19:45 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-01-27 19:26 . 2008-04-14 12:00 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-01-26 20:27 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06383760-FDE3-46D6-A30B-568512504B6E}\mpengine.dll
2012-01-23 22:31 . 2012-01-25 23:45 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-01-23 22:29 . 2012-01-24 11:05 -------- d-sh--w- c:\documents and settings\Chris\Local Settings\Application Data\d8560de0
2012-01-14 03:25 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2012-01-14 03:07 . 2012-01-14 03:07 -------- d-----w- c:\program files\MSXML 4.0
2012-01-13 00:12 . 2010-10-16 18:55 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2012-01-13 00:12 . 2010-10-16 18:55 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2012-01-12 23:35 . 2012-01-12 23:35 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-12 23:35 . 2012-01-12 23:35 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-12 23:35 . 2012-01-12 23:35 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-12 23:35 . 2012-01-12 23:35 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-12 22:05 . 2012-01-12 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 20:15 . 2008-04-14 12:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2012-01-06 04:19 . 2010-08-24 19:17 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-04 09:26 . 2010-08-23 04:30 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 20:24 . 2010-08-23 04:53 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25 . 2008-04-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-01 16:07 . 2008-04-14 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2012-01-12 23:35 . 2011-05-22 23:35 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-07-04 06:14 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-07-04 06:14 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-20 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-15 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-15 150040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-07-04 49928]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-26 813584]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-12-20 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-07-04 06:02 96008 ----a-w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2011\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2011\\mentalimages\\satellite\\raysat_3dsmax2011_32server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2011\\mentalimages\\satellite\\raysat_3dsmax2011_32.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\DID\\F22ADF\\PROGRAM\\f22.dat"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SSUPDATE.EXE"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
"c:\\Program Files\\Western Digital\\WD SmartWare\\Front Parlor\\WDSmartWare.exe"=
"c:\\Program Files\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\AAM Updates Notifier.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Adobe\\Reader 10.0\\Reader\\AcroRd32.exe"=
"c:\\Documents and Settings\\Chris\\Desktop\\tdsskiller.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 1:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 12:48 PM 116608]
R2 ITECIRService;ITE Remote Controler service;c:\program files\ITECIR\RemoteControlService.exe [2/26/2010 9:56 AM 656896]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2/26/2010 5:15 PM 10384]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [3/10/2010 1:10 AM 86016]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [4/21/2006 8:22 AM 70912]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [11/13/2009 10:28 AM 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 7:58 AM 20480]
R3 ITECIR;ITE EC CIR Driver (PMC);c:\windows\system32\drivers\ITECIR.sys [2/26/2010 9:56 AM 7808]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [6/17/2009 11:55 AM 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [6/17/2009 11:55 AM 10384]
S1 MpKsl5391f7ec;MpKsl5391f7ec;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5756FDF1-E4F7-4292-869E-E576525BFFE9}\MpKsl5391f7ec.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5756FDF1-E4F7-4292-869E-E576525BFFE9}\MpKsl5391f7ec.sys [?]
S1 MpKsldee015ff;MpKsldee015ff;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AA6AE902-9667-4465-B788-8BD8331A06B6}\MpKsldee015ff.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AA6AE902-9667-4465-B788-8BD8331A06B6}\MpKsldee015ff.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2011 6:09 PM 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [5/13/2011 5:55 PM 16512]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2011 6:09 PM 136176]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [5/13/2009 9:25 AM 84240]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [12/23/2010 3:49 PM 9216]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [10/24/2010 7:41 PM 30576]
S3 SinoTPM;Driver For SINOSUN Trusted Platform Module;c:\windows\system32\drivers\SinoTpm.sys [2/26/2010 9:55 AM 34048]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
S3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM106.sys [3/11/2010 7:39 AM 1506304]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [8/8/2010 7:47 PM 11520]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\ZTEusbvoice.sys [12/23/2010 3:49 PM 105088]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/3/2010 8:15 PM 691696]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
s616mgmt
w300mdm
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2012-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 23:09]
.
2012-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 23:09]
.
2012-01-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 64.71.255.198
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\bssczbqv.default\
FF - prefs.js: browser.startup.homepage - hxxp://grrm.livejournal.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
SafeBoot-02426134.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-27 14:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1979961183-4207946074-3258539259-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0e,e9,2a,f8,30,6c,33,a7,00,29,d3,27,54,70,fd,86,a6,71,23,47,b3,bf,5c,
19,bd,0e,fc,91,d7,21,f4,f0,71,4d,7d,b3,0f,c7,bb,62,86,95,1b,78,7a,e1,ed,ed,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_USERS\S-1-5-21-1979961183-4207946074-3258539259-1006\Software\SecuROM\License information*]
"datasecu"=hex:6c,08,87,56,df,8f,5e,d1,07,91,59,12,3a,39,f7,f7,de,5d,7f,05,82,
14,60,af,e6,3b,ff,19,54,24,cb,5a,a1,b1,b9,4b,f8,ce,63,92,a9,81,d8,3a,64,05,\
"rkeysecu"=hex:13,38,f6,a6,89,f6,a2,38,53,57,7e,e4,d6,80,30,84
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(956)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\psqlpwd.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\qlbase.dll
c:\program files\Protector Suite QL\otp.dll
c:\program files\Protector Suite QL\psqltray.dll
.
- - - - - - - > 'explorer.exe'(2964)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infql2.dll
c:\windows\system32\msi.dll
c:\program files\Microsoft Private Folder 1.0\ShellExt.dll
c:\windows\system32\PFLib.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft Private Folder 1.0\PrfldSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\Protector Suite QL\psqltray.exe
c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2012-01-27 14:51:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-27 19:51
.
Pre-Run: 150,732,120,064 bytes free
Post-Run: 151,410,937,856 bytes free
.
- - End Of File - - 2D4E2C9CBA6ED32FEE1967B60AA8AEB1

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:15 PM

Posted 28 January 2012 - 02:18 AM

Hi Specter1075!

Looks like you had a file that was patched by malware. It looks like ComboFix has addressed that issue as well as a few other ones.

We still have some work to do here.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
Collect::[102]
c:\windows\system32\dds_log_trash.cmd
File::
ClearJavaCache::
Folder::
C:\documents and settings\Chris\Local Settings\Application Data\d8560de0

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


NEXT:



We need to repair an item in your registry.

First we will want to create a back-up of your registry.

ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.

  • Start ERUNT by double clicking the desktop icon.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK ... Then click on "YES" to create the folder.
Run:
  • Please navigate to Start >> All Programs >> ERUNT. Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


Please download the attached registry fixes below to your Desktop.

Attached File  wscsvc.reg   3.57KB   2 downloads
Attached File  legacy_wscsvc.reg   1.02KB   2 downloads
Please double click on wscsvc.reg and click on YES when it asks you if you want to merge the file into your Registry.

----

Manual method for Windows XP:

Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
Right-Click Root and select Permissions...
Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
Click Apply and OK.
Now double-click LEGACY_wscsvc.reg and confirm the prompt.
Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.



NEXT:


Please post the ComboFix.txt log, as well as a new Farbar Service Scanner log for me to review.

Edited by SweetTech, 29 January 2012 - 02:52 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 Specter1075

Specter1075
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 28 January 2012 - 10:57 AM

Hi again, Agent ST!

I was wondering out of curiosity if from what you've seen in these logs, was/is my problem fairly run-of-the-mill, or was this one different from most? I know you warned me that Combofix would upload data for analysis so I assume that is standard procedure, but is there anything out of the ordinary here? At the start of this topic, you gave me information about ZeroAccess; was this the main problem, or were others at work here too? Thanks!

Oh, as I worked my way through your instructions, I got as far as backing up my registry (successfully) but I dont see the attachments you asked me to merge...


Combofix Log:



ComboFix 12-01-28.01 - Chris 01/28/2012 10:29:16.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1768 [GMT -5:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chris\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
file zipped: c:\windows\system32\dds_log_trash.cmd
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Chris\Local Settings\Application Data\d8560de0
c:\documents and settings\Chris\Local Settings\Application Data\d8560de0\@
c:\windows\system32\dds_log_trash.cmd
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-28 )))))))))))))))))))))))))))))))
.
.
2012-01-28 15:23 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DACE2C6B-9242-4C7A-805C-6E93A64C14C7}\mpengine.dll
2012-01-27 19:26 . 2008-04-14 12:00 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-01-14 03:25 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2012-01-14 03:07 . 2012-01-14 03:07 -------- d-----w- c:\program files\MSXML 4.0
2012-01-13 00:12 . 2010-10-16 18:55 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2012-01-13 00:12 . 2010-10-16 18:55 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2012-01-12 23:35 . 2012-01-12 23:35 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-12 23:35 . 2012-01-12 23:35 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-12 23:35 . 2012-01-12 23:35 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-12 23:35 . 2012-01-12 23:35 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-12 22:05 . 2012-01-12 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 23:25 . 2009-08-18 15:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2012-01-27 23:25 . 2009-08-18 15:24 18328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-26 20:15 . 2008-04-14 12:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2012-01-06 04:19 . 2010-08-24 19:17 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-04 09:26 . 2010-08-23 04:30 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 20:24 . 2010-08-23 04:53 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25 . 2008-04-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-01 16:07 . 2008-04-14 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2012-01-12 23:35 . 2011-05-22 23:35 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-27_19.47.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-28 15:37 . 2012-01-28 15:37 16384 c:\windows\temp\Perflib_Perfdata_988.dat
+ 2012-01-28 15:36 . 2012-01-28 15:36 16384 c:\windows\temp\Perflib_Perfdata_6e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-07-04 06:14 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-07-04 06:14 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-20 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-15 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-15 150040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-07-04 49928]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-26 813584]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-12-20 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-07-04 06:02 96008 ----a-w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2011\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2011\\mentalimages\\satellite\\raysat_3dsmax2011_32server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2011\\mentalimages\\satellite\\raysat_3dsmax2011_32.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\DID\\F22ADF\\PROGRAM\\f22.dat"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SSUPDATE.EXE"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
"c:\\Program Files\\Western Digital\\WD SmartWare\\Front Parlor\\WDSmartWare.exe"=
"c:\\Program Files\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\AAM Updates Notifier.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Adobe\\Reader 10.0\\Reader\\AcroRd32.exe"=
"c:\\Documents and Settings\\Chris\\Desktop\\tdsskiller.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 1:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 12:48 PM 116608]
R2 ITECIRService;ITE Remote Controler service;c:\program files\ITECIR\RemoteControlService.exe [2/26/2010 9:56 AM 656896]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2/26/2010 5:15 PM 10384]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [3/10/2010 1:10 AM 86016]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [4/21/2006 8:22 AM 70912]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [11/13/2009 10:28 AM 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 7:58 AM 20480]
R3 ITECIR;ITE EC CIR Driver (PMC);c:\windows\system32\drivers\ITECIR.sys [2/26/2010 9:56 AM 7808]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [6/17/2009 11:55 AM 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [6/17/2009 11:55 AM 10384]
S1 MpKsl5391f7ec;MpKsl5391f7ec;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5756FDF1-E4F7-4292-869E-E576525BFFE9}\MpKsl5391f7ec.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5756FDF1-E4F7-4292-869E-E576525BFFE9}\MpKsl5391f7ec.sys [?]
S1 MpKsldee015ff;MpKsldee015ff;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AA6AE902-9667-4465-B788-8BD8331A06B6}\MpKsldee015ff.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AA6AE902-9667-4465-B788-8BD8331A06B6}\MpKsldee015ff.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2011 6:09 PM 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [5/13/2011 5:55 PM 16512]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2011 6:09 PM 136176]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [5/13/2009 9:25 AM 84240]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [12/23/2010 3:49 PM 9216]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [10/24/2010 7:41 PM 30576]
S3 SinoTPM;Driver For SINOSUN Trusted Platform Module;c:\windows\system32\drivers\SinoTpm.sys [2/26/2010 9:55 AM 34048]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
S3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM106.sys [3/11/2010 7:39 AM 1506304]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [8/8/2010 7:47 PM 11520]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\ZTEusbvoice.sys [12/23/2010 3:49 PM 105088]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/3/2010 8:15 PM 691696]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
s616mgmt
w300mdm
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 23:09]
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 23:09]
.
2012-01-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 64.71.255.198
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\bssczbqv.default\
FF - prefs.js: browser.startup.homepage - hxxp://grrm.livejournal.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-28 10:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1979961183-4207946074-3258539259-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0e,e9,2a,f8,30,6c,33,a7,00,29,d3,27,54,70,fd,86,a6,71,23,47,b3,bf,5c,
19,bd,0e,fc,91,d7,21,f4,f0,71,4d,7d,b3,0f,c7,bb,62,86,95,1b,78,7a,e1,ed,ed,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_USERS\S-1-5-21-1979961183-4207946074-3258539259-1006\Software\SecuROM\License information*]
"datasecu"=hex:6c,08,87,56,df,8f,5e,d1,07,91,59,12,3a,39,f7,f7,de,5d,7f,05,82,
14,60,af,e6,3b,ff,19,54,24,cb,5a,a1,b1,b9,4b,f8,ce,63,92,a9,81,d8,3a,64,05,\
"rkeysecu"=hex:13,38,f6,a6,89,f6,a2,38,53,57,7e,e4,d6,80,30,84
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(956)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\psqlpwd.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\qlbase.dll
c:\program files\Protector Suite QL\otp.dll
c:\program files\Protector Suite QL\psqltray.dll
.
- - - - - - - > 'explorer.exe'(3212)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infql2.dll
c:\program files\Microsoft Private Folder 1.0\ShellExt.dll
c:\windows\system32\PFLib.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft Private Folder 1.0\PrfldSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\Protector Suite QL\psqltray.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-01-28 10:41:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-28 15:41
ComboFix2.txt 2012-01-27 19:51
.
Pre-Run: 151,228,596,224 bytes free
Post-Run: 151,221,678,080 bytes free
.
- - End Of File - - E8C58F0664953922281CA5D1FCE479ED
Upload was successful

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:15 PM

Posted 29 January 2012 - 02:58 AM

Hi Specter1075!

I was wondering out of curiosity if from what you've seen in these logs, was/is my problem fairly run-of-the-mill, or was this one different from most? I know you warned me that Combofix would upload data for analysis so I assume that is standard procedure, but is there anything out of the ordinary here? At the start of this topic, you gave me information about ZeroAccess; was this the main problem, or were others at work here too? Thanks!

From what I can tell your infection is fairly straight forward and is run-of-the-mill as you put it.

No there isn't anything out of the ordinary. I saw a file that I wanted to get a look at a litle closer which is why I asked for the upload of it.

Yes, ZeroAccess is the main issue here. There are also some other things, but ZeroAccess is the main infection we are dealing with here.

Oh, as I worked my way through your instructions, I got as far as backing up my registry (successfully) but I dont see the attachments you asked me to merge...

That's my fault. I've edited my previous post to include the registry files.

Sorry about that. Please run those registry fixes in my previous post.

Then post a new Farbar Service Scanner for me to review.

Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 Specter1075

Specter1075
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 29 January 2012 - 09:33 PM

Hi Agent ST,

Thank you for the additional information. I applied the registry fixes without problem. The requested logs are below. I was surprised to see that ESET found more issues. Hopefully this was to be expected, or at least, isnt a setback of any kind.


Farbar Service Scanner Version: 18-01-2012 01
Ran by Chris (administrator) on 29-01-2012 at 11:52:50
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****



MBAM Log:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.29.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Chris :: ADMIN-F8FA5483E [administrator]

1/29/2012 11:56:59 AM
mbam-log-2012-01-29 (11-56-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224756
Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




ESET Scan log:

C:\Qoobox\Quarantine\C\WINDOWS\assembly\GAC_MSIL\desktop.ini.vir a variant of Win32/Sirefef.EF trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\i8042prt.sys.vir Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{8B0ACF58-2089-4EB1-ACFC-696D4B323B7E}\RP328\A0054782.sys a variant of Win32/Sirefef.EJ trojan
C:\System Volume Information\_restore{8B0ACF58-2089-4EB1-ACFC-696D4B323B7E}\RP328\A0054796.sys a variant of Win32/Sirefef.EJ trojan
C:\System Volume Information\_restore{8B0ACF58-2089-4EB1-ACFC-696D4B323B7E}\RP328\A0054863.sys a variant of Win32/Sirefef.EJ trojan
C:\System Volume Information\_restore{8B0ACF58-2089-4EB1-ACFC-696D4B323B7E}\RP329\A0054916.sys a variant of Win32/Sirefef.EJ trojan
C:\System Volume Information\_restore{8B0ACF58-2089-4EB1-ACFC-696D4B323B7E}\RP329\A0054917.ini a variant of Win32/Sirefef.EF trojan
C:\System Volume Information\_restore{8B0ACF58-2089-4EB1-ACFC-696D4B323B7E}\RP329\A0054938.sys a variant of Win32/Sirefef.EJ trojan
C:\System Volume Information\_restore{8B0ACF58-2089-4EB1-ACFC-696D4B323B7E}\RP329\A0054939.ini a variant of Win32/Sirefef.EF trojan
C:\System Volume Information\_restore{8B0ACF58-2089-4EB1-ACFC-696D4B323B7E}\RP331\A0054974.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{8B0ACF58-2089-4EB1-ACFC-696D4B323B7E}\RP331\A0054975.ini a variant of Win32/Sirefef.EF trojan
C:\System Volume Information\_restore{8B0ACF58-2089-4EB1-ACFC-696D4B323B7E}\RP331\A0054982.sys Win32/Sirefef.DA trojan



And finally, Security Check information:

Results of screen317's Security Check version 0.99.30
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
SUPERAntiSpyware
Java™ 6 Update 24
Java version out of date!
Adobe Flash Player 10.3.183.7 Flash Player out of Date!
Adobe Reader X 10.0.1 Adobe Reader out of Date!
Mozilla Firefox (9.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:15 PM

Posted 30 January 2012 - 04:12 AM

Hi!

Thank you for the additional information. I applied the registry fixes without problem. The requested logs are below. I was surprised to see that ESET found more issues. Hopefully this was to be expected, or at least, isnt a setback of any kind.

Not a problem, and yes the results from ESET are nothing to be too concerned with.

These threat(s) below are currently in Quarantine/System Restore and shall be removed when we clean up our tools later on.

C:\Qoobox\Quarantine\C\WINDOWS\assembly\GAC_MSIL\desktop.ini.vir a variant of Win32/Sirefef.EF trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\i8042prt.sys.vir Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{8B0ACF58-2089-4EB1-ACFC-696D4B323B7E}\RP328\A0054782.sys a variant of Win32/Sirefef.EJ trojan
C:\System Volume Information\_restore{8B0ACF58-2089-4EB1-ACFC-696D4B323B7E}\RP328\A0054796.sys a variant of Win32/Sirefef.EJ trojan
C:\System Volume Information\_restore{8B0ACF58-2089-4EB1-ACFC-696D4B323B7E}\RP328\A0054863.sys a variant of Win32/Sirefef.EJ trojan
C:\System Volume Information\_restore{8B0ACF58-2089-4EB1-ACFC-696D4B323B7E}\RP329\A0054916.sys a variant of Win32/Sirefef.EJ trojan
C:\System Volume Information\_restore{8B0ACF58-2089-4EB1-ACFC-696D4B323B7E}\RP329\A0054917.ini a variant of Win32/Sirefef.EF trojan
C:\System Volume Information\_restore{8B0ACF58-2089-4EB1-ACFC-696D4B323B7E}\RP329\A0054938.sys a variant of Win32/Sirefef.EJ trojan
C:\System Volume Information\_restore{8B0ACF58-2089-4EB1-ACFC-696D4B323B7E}\RP329\A0054939.ini a variant of Win32/Sirefef.EF trojan
C:\System Volume Information\_restore{8B0ACF58-2089-4EB1-ACFC-696D4B323B7E}\RP331\A0054974.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{8B0ACF58-2089-4EB1-ACFC-696D4B323B7E}\RP331\A0054975.ini a variant of Win32/Sirefef.EF trojan
C:\System Volume Information\_restore{8B0ACF58-2089-4EB1-ACFC-696D4B323B7E}\RP331\A0054982.sys Win32/Sirefef.DA trojan


____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Your SecurityCheck log indicates that your version of Flash Player is outdated. This is a vulnerability that needs to be addressed. Please remove the outdated version of Flash Player and then install the latest version.

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform:
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u2-windows-i586-s.exe (or jre-7u2-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



Your version of Internet Explorer is outdated.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 Specter1075

Specter1075
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 30 January 2012 - 05:24 PM

Thank you again for your time!! From what I can tell, the computer is running great and without issue. If the scans look clean to you, then I would say our mission was successful!


OTL Fix Log:


All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\WINDOWS\system32\drivers\etc\Hosts
C:\Documents and Settings\Chris\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Chris\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Chris\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Chris\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes

User: All Users

User: Chris
->Temp folder emptied: 797503 bytes
->Temporary Internet Files folder emptied: 19680867 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 131853713 bytes
->Flash cache emptied: 102424 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Fiah
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 9404550 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 783 bytes

User: NetworkService
->Temp folder emptied: 14900 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32704 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 155.00 mb


[EMPTYFLASH]

User: admin

User: All Users

User: Chris
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Fiah
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01302012_170736

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


OTL Custom Scan:

OTL logfile created on: 1/30/2012 5:15:58 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 58.06% Memory free
4.34 Gb Paging File | 3.33 Gb Available in Paging File | 76.56% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 137.36 Gb Free Space | 46.08% Space Free | Partition Type: NTFS
Drive D: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ADMIN-F8FA5483E | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/30 15:19:29 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/01/26 15:26:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
PRC - [2012/01/12 18:35:30 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/19 20:19:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/12/19 20:19:48 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/05/20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/03/10 01:10:38 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
PRC - [2009/11/13 10:29:42 | 009,117,504 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/11/13 10:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008/07/04 00:44:46 | 000,278,792 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/15 11:59:40 | 000,656,896 | ---- | M] (ITE Tech. Inc.) -- C:\Program Files\ITECIR\RemoteControlService.exe
PRC - [2006/04/21 21:06:14 | 000,069,632 | ---- | M] () -- C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
PRC - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/30 17:13:20 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/01/30 17:13:19 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/01/14 12:31:47 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2012/01/14 12:25:19 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\5209ec50ced1ae185b261e6158ea8cf4\Microsoft.VisualBasic.ni.dll
MOD - [2012/01/14 12:24:45 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2012/01/14 12:24:42 | 011,797,504 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dc8d60f0535f59de89d37e69fce2f092\System.Web.ni.dll
MOD - [2012/01/14 12:24:35 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a845cccb1a05033f54a46e85a499ac2c\System.Runtime.Remoting.ni.dll
MOD - [2012/01/14 12:24:25 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2012/01/14 12:03:29 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2012/01/14 12:03:22 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2012/01/14 12:03:12 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2012/01/14 12:02:54 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
MOD - [2012/01/14 12:00:32 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2012/01/13 22:35:10 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2012/01/13 22:34:28 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/01/12 18:35:29 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/12/19 20:23:59 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/12/19 20:23:58 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/09/15 18:24:04 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/06/03 12:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/03/10 01:10:38 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
MOD - [2009/11/27 12:11:44 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/08/19 14:49:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
MOD - [2009/07/29 14:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll
MOD - [2009/07/20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2008/04/14 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006/04/21 21:06:14 | 000,069,632 | ---- | M] () -- C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (s616mgmt)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2012/01/30 15:19:29 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/12/19 20:19:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/28 21:10:31 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/05/20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/03/10 01:10:38 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe -- (mi-raysat_3dsmax2011_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/13 10:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2006/12/15 11:59:40 | 000,656,896 | ---- | M] (ITE Tech. Inc.) [Auto | Running] -- C:\Program Files\ITECIR\RemoteControlService.exe -- (ITECIRService)
SRV - [2006/04/21 21:06:14 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe -- (prfldsvc)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/12/19 20:19:44 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/12/19 20:19:44 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/05/08 10:51:33 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/05/20 14:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/03/03 20:15:00 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/27 00:28:07 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/02/26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/11/09 10:17:54 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbvoice.sys -- (ZTEusbvoice)
DRV - [2009/11/09 10:17:46 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/11/09 10:17:36 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/11/09 10:17:28 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/11/09 10:17:20 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 11:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009/06/17 11:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009/06/17 11:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/02/24 12:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/13 10:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/10/13 15:21:24 | 001,506,304 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CM106.sys -- (USBMULCD)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/05/02 12:49:52 | 003,626,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/04/17 01:33:00 | 004,707,328 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/11 03:55:04 | 000,084,240 | R--- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/03/26 13:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/03/07 05:57:12 | 000,106,624 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/05/14 09:03:24 | 000,445,696 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/04/15 14:18:12 | 000,034,048 | ---- | M] (SINOSUN Technology Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SinoTpm.sys -- (SinoTPM)
DRV - [2007/04/04 00:01:46 | 000,066,304 | R--- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2007/04/04 00:01:46 | 000,045,952 | R--- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2007/01/23 11:38:08 | 000,808,752 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2007/01/17 00:38:00 | 000,983,936 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006/12/28 18:24:34 | 000,007,808 | ---- | M] (ITE Tech. Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ITECIR.sys -- (ITECIR) ITE EC CIR Driver (PMC)
DRV - [2006/04/21 08:22:24 | 000,070,912 | ---- | M] (Windows ® 2000 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\prvflder.sys -- (Prvflder)
DRV - [2002/07/17 08:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://grrm.livejournal.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@neulion.com/npadaptiveplugin: C:\Documents and Settings\Chris\Application Data\NeuLion\AdaptivePlugin\npadaptiveplugin_1_6_5_7131.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@neulion.com/npadaptiveplugin: C:\Documents and Settings\Chris\Application Data\NeuLion\AdaptivePlugin\npadaptiveplugin_1_6_5_7131.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/04/19 12:43:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/12 18:35:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/30 15:25:04 | 000,000,000 | ---D | M]

[2010/02/26 16:07:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2011/11/02 14:31:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\bssczbqv.default\extensions
[2010/05/11 09:31:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\bssczbqv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/15 16:01:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/03 08:34:28 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BSSCZBQV.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
[2012/01/12 18:35:31 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/12 15:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/01/12 18:35:27 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/12 18:35:27 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/30 17:07:39 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57100854-6EF9-4869-9D6C-76FDFCFA064B}: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F4E6888-1A23-455B-AD61-496786657550}: DhcpNameServer = 192.168.1.4 192.168.1.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\WINDOWS\system32\psqlpwd.dll) - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/13 08:44:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/05/25 05:53:08 | 001,134,650 | R--- | M] () - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2000/12/15 08:47:12 | 000,000,053 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: s616mgmt - File not found
NetSvcs: w300mdm - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Ligos Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - l3codecp.acm File not found
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll (Ligos Corporation)
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll (Ligos Corporation)
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Ligos Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2012/01/30 17:08:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/30 17:03:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chris\IETldCache
[2012/01/30 16:58:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/01/30 16:58:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012/01/30 16:56:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/01/30 16:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Sun
[2012/01/30 15:27:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/30 15:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/01/29 11:57:57 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Chris\Desktop\esetsmartinstaller_enu.exe
[2012/01/28 11:47:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\Trance In Motion Vol.106
[2012/01/28 10:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/01/28 10:52:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/01/28 10:51:58 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Chris\Desktop\erunt_setup.exe
[2012/01/28 10:34:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/01/27 14:24:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/27 14:24:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/27 14:24:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/27 14:24:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/27 14:22:17 | 004,392,905 | R--- | C] (Swearware) -- C:\Documents and Settings\Chris\Desktop\ComboFix.exe
[2012/01/26 15:26:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2012/01/26 15:13:18 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Chris\Desktop\tdsskiller.exe
[2012/01/25 18:52:13 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Chris\Desktop\dds.scr
[2012/01/23 17:36:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2012/01/15 22:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\Kinburn
[2012/01/13 22:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/01/12 21:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\Sofiahpics
[2012/01/12 17:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2012/01/12 16:19:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\Sigma

========== Files - Modified Within 30 Days ==========

[2012/01/30 17:15:59 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/30 17:11:19 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/30 17:10:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/30 17:07:39 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/01/30 17:03:16 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/30 16:59:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/30 15:44:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/30 15:25:04 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/01/29 22:18:16 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2012/01/29 21:58:02 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/29 11:58:17 | 000,879,683 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\SecurityCheck.exe
[2012/01/29 11:58:03 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Chris\Desktop\esetsmartinstaller_enu.exe
[2012/01/29 11:47:59 | 000,001,040 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\legacy_wscsvc.reg
[2012/01/29 11:47:53 | 000,003,658 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\wscsvc.reg
[2012/01/29 11:46:17 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/28 11:47:34 | 180,211,914 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Trance+In+Motion+Vol.106.rar
[2012/01/28 11:06:05 | 000,056,635 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\397041_240766229330760_126894987384552_558469_1551074714_n.jpg
[2012/01/28 10:52:19 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\ERUNT.lnk
[2012/01/28 10:51:59 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Chris\Desktop\erunt_setup.exe
[2012/01/28 10:27:41 | 004,392,905 | R--- | M] (Swearware) -- C:\Documents and Settings\Chris\Desktop\ComboFix.exe
[2012/01/26 15:26:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2012/01/26 15:25:02 | 000,334,429 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\FSS.exe
[2012/01/26 15:13:24 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Chris\Desktop\tdsskiller.exe
[2012/01/25 18:57:30 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\cw5reby8.exe
[2012/01/25 18:52:13 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Chris\Desktop\dds.scr
[2012/01/25 18:43:34 | 000,000,192 | ---- | M] () -- C:\Documents and Settings\Chris\defogger_reenable
[2012/01/25 18:42:46 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Defogger.exe
[2012/01/22 11:19:31 | 009,484,779 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Ducks.jpg
[2012/01/22 11:03:47 | 000,083,144 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Radio.jpg
[2012/01/17 22:16:35 | 019,012,011 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Tomas Heredia Feat Marcelo Fratini - Moonlight (Original Mix).mp3
[2012/01/17 21:33:37 | 017,753,904 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Basil O Glue - Cosmogony (Moonwalkers Remix).mp3
[2012/01/17 21:30:52 | 021,358,804 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Basil O Glue - Cosmogony (Original Mix).mp3
[2012/01/17 21:20:02 | 021,422,541 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\01-pm_attitude-detector__original_mix.mp3
[2012/01/14 12:00:57 | 003,567,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/13 22:34:40 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/13 22:34:40 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/13 22:25:55 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/01/13 21:57:36 | 2726,511,598 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\CnC-RA3_NA_ddsetup.zip
[2012/01/12 19:12:39 | 000,240,608 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/01/12 19:12:39 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/01/12 19:12:37 | 000,240,608 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/01/11 15:57:54 | 000,216,064 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/09 20:32:39 | 000,701,716 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\photo.JPG
[2012/01/06 23:02:51 | 008,542,193 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Cell_-_Twisted_Sun.mp3

========== Files Created - No Company Name ==========

[2012/01/30 15:25:04 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/30 15:25:04 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/01/29 11:58:15 | 000,879,683 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\SecurityCheck.exe
[2012/01/29 11:47:58 | 000,001,040 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\legacy_wscsvc.reg
[2012/01/29 11:47:53 | 000,003,658 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\wscsvc.reg
[2012/01/28 11:31:48 | 180,211,914 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Trance+In+Motion+Vol.106.rar
[2012/01/28 11:06:04 | 000,056,635 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\397041_240766229330760_126894987384552_558469_1551074714_n.jpg
[2012/01/28 10:52:19 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\ERUNT.lnk
[2012/01/27 14:24:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/27 14:24:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/27 14:24:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/27 14:24:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/27 14:24:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/26 15:25:01 | 000,334,429 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\FSS.exe
[2012/01/25 18:57:28 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\cw5reby8.exe
[2012/01/25 18:43:03 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\Chris\defogger_reenable
[2012/01/25 18:42:45 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Defogger.exe
[2012/01/22 11:19:26 | 009,484,779 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Ducks.jpg
[2012/01/22 11:03:46 | 000,083,144 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Radio.jpg
[2012/01/17 22:15:24 | 019,012,011 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Tomas Heredia Feat Marcelo Fratini - Moonlight (Original Mix).mp3
[2012/01/17 21:32:26 | 017,753,904 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Basil O Glue - Cosmogony (Moonwalkers Remix).mp3
[2012/01/17 21:29:16 | 021,358,804 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Basil O Glue - Cosmogony (Original Mix).mp3
[2012/01/17 21:18:35 | 021,422,541 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\01-pm_attitude-detector__original_mix.mp3
[2012/01/13 22:30:52 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/13 19:36:45 | 2726,511,598 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\CnC-RA3_NA_ddsetup.zip
[2012/01/12 18:51:40 | 000,003,739 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2012/01/09 20:32:39 | 000,701,716 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\photo.JPG
[2012/01/08 21:28:06 | 013,857,213 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Wildlife Photography.pdf
[2012/01/06 23:04:04 | 009,825,261 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\cell_-_the_gate.mp3
[2012/01/06 23:04:04 | 008,542,193 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Cell_-_Twisted_Sun.mp3
[2012/01/06 23:04:03 | 017,080,924 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Cell_-_Floating_Retention.mp3
[2012/01/06 23:04:02 | 014,990,640 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Cell_-_Erasing_Pluto.mp3
[2012/01/06 23:04:02 | 011,893,121 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Cell_-_Blue_Embers.mp3
[2012/01/06 23:03:46 | 013,673,795 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Zero_Cult_-_Redreaming.mp3
[2012/01/06 23:03:45 | 012,661,533 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\zero_cult_-_500_seconds.mp3
[2012/01/06 23:03:45 | 012,518,949 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Zero_Cult_-_Neokarma.mp3
[2012/01/06 23:03:44 | 011,038,037 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\zero_cult - neokarma.mp3
[2011/09/14 15:43:00 | 000,240,608 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/09/14 15:42:57 | 000,240,608 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/09/14 15:42:57 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/09/14 15:42:26 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/08/01 16:21:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2011/08/01 15:08:45 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\PPD Plugins
[2011/08/01 15:08:45 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\PDEs
[2011/08/01 15:08:45 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Overdrive
[2011/08/01 15:08:45 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Chris\Application Data\Organic
[2011/08/01 15:08:45 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Chris\Application Data\Noise Gate
[2011/08/01 15:08:45 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Chris\Application Data\NetServices
[2011/08/01 15:08:45 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2011/08/01 15:08:45 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2011/08/01 15:08:45 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2011/06/10 16:24:45 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/02/09 16:27:26 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ra3.ini
[2011/01/01 16:22:54 | 000,069,632 | ---- | C] () -- C:\WINDOWS\RAUNINST.EXE
[2010/11/26 06:06:48 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Yqedabuyutomob.dat
[2010/11/26 06:06:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mcececabafojoc.bin
[2010/08/26 19:17:52 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/08/23 17:51:26 | 000,056,492 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/21 17:10:06 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/07/17 15:17:45 | 005,653,224 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/07/17 15:17:45 | 000,015,341 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/06/24 21:03:13 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\pthread.dll
[2010/04/27 15:00:22 | 000,028,042 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\OFMissionEditorConfig.xml
[2010/04/21 00:14:52 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2010/03/31 14:31:22 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/03/11 07:39:41 | 000,000,221 | ---- | C] () -- C:\WINDOWS\Cm106.ini.cfl
[2010/03/11 07:39:13 | 000,001,249 | ---- | C] () -- C:\WINDOWS\Cm106.ini.cfg
[2010/03/11 07:39:12 | 000,000,490 | ---- | C] () -- C:\WINDOWS\cm106.ini
[2010/03/06 08:48:54 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/06 08:48:54 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/03/03 08:37:47 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/01 13:27:25 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/27 00:56:46 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\System32\WINSYS.DAT
[2010/02/27 00:28:07 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/02/27 00:28:07 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/02/26 16:07:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/02/26 11:54:21 | 000,216,064 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/26 10:07:40 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini
[2010/02/26 09:48:25 | 000,356,352 | R--- | C] () -- C:\WINDOWS\EMCRI.dll
[2009/05/13 10:14:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/05/13 09:30:52 | 000,000,080 | R--- | C] () -- C:\WINDOWS\OEM.ini
[2009/05/13 09:22:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/05/13 09:21:10 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4977.dll
[2009/05/13 09:21:09 | 002,026,604 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/05/13 09:21:09 | 000,442,964 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/05/13 08:46:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/05/13 08:42:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/05/12 14:35:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/05/12 14:34:43 | 003,567,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,435,828 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,068,558 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/09/28 21:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/02/26 22:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/03/03 20:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011/08/01 15:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dictionaries
[2011/08/01 15:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Distortion
[2011/08/01 15:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Effects
[2011/08/01 15:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/03/06 20:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/10/02 18:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/08/09 19:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2010/10/02 18:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/04/19 12:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/07/01 15:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/05/13 17:46:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/08/27 13:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sync App Settings
[2011/05/08 10:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tages
[2011/04/23 21:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2009/05/13 09:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2011/08/01 15:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/08/08 19:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/08/23 15:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/23 15:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/09/28 21:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Autodesk
[2011/11/04 05:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Azureus
[2011/09/11 15:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/28 21:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Command & Conquer 3 Tiberium Wars
[2011/05/19 18:09:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Command and Conquer 4
[2010/03/03 20:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\DAEMON Tools Pro
[2010/08/26 19:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\DeepBurner
[2010/08/26 19:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\FreeAudioPack
[2010/12/14 12:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\GetRightToGo
[2010/12/14 10:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Jaran Nilsen
[2010/02/26 17:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Leadertech
[2011/01/04 13:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mount&Blade
[2010/04/01 20:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\NeuLion
[2011/08/01 15:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Nikon
[2010/04/19 12:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Nokia
[2010/04/19 12:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PC Suite
[2010/02/26 09:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Protector Suite
[2011/04/25 19:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Red Alert 3
[2010/05/13 17:46:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Sony
[2011/12/14 16:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/27 13:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Sync App Settings
[2010/08/08 19:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Western Digital
[2011/05/10 21:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\XRay Engine
[2012/01/30 17:15:59 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/12 18:35:27 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/12 18:35:27 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/12 18:35:27 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/01/12 18:35:30 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/01/12 18:35:30 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/12 18:35:30 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-27 19:23:20

========== Files - Unicode (All) ==========
[2012/01/04 00:07:33 | 004,508,425 | ---- | M] ()(C:\Documents and Settings\Chris\Desktop\???????? ????.jpg) -- C:\Documents and Settings\Chris\Desktop\звездное небо.jpg
[2012/01/04 00:07:32 | 004,508,425 | ---- | C] ()(C:\Documents and Settings\Chris\Desktop\???????? ????.jpg) -- C:\Documents and Settings\Chris\Desktop\звездное небо.jpg
[2011/11/11 22:30:11 | 000,029,184 | ---- | M] ()(C:\Documents and Settings\Chris\My Documents\? ???? ? ?????? ????.doc) -- C:\Documents and Settings\Chris\My Documents\у него и другие были.doc
[2011/10/23 16:27:16 | 000,029,184 | ---- | C] ()(C:\Documents and Settings\Chris\My Documents\? ???? ? ?????? ????.doc) -- C:\Documents and Settings\Chris\My Documents\у него и другие были.doc
[2011/09/06 10:48:13 | 000,000,000 | ---D | M](C:\Documents and Settings\Chris\Desktop\??-34) -- C:\Documents and Settings\Chris\Desktop\су-34
[2011/08/31 04:50:58 | 000,000,000 | ---D | C](C:\Documents and Settings\Chris\Desktop\??-34) -- C:\Documents and Settings\Chris\Desktop\су-34

< End of report >

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:15 PM

Posted 31 January 2012 - 01:55 AM

Hi!

Thank you again for your time!! From what I can tell, the computer is running great and without issue. If the scans look clean to you, then I would say our mission was successful!

Great! That's just what I like to hear! :)

We should be able to wrap things up in my next post assuming everything goes alright with the fix below.


Enable CD Emulation Driver

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.


NEXT:


OTL Fix

We need to run an OTL Fix

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
    [2012/01/29 11:57:57 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Chris\Desktop\esetsmartinstaller_enu.exe
    [2012/01/28 10:51:58 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Chris\Desktop\erunt_setup.exe
    [2012/01/29 11:47:59 | 000,001,040 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\legacy_wscsvc.reg
    [2012/01/29 11:47:53 | 000,003,658 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\wscsvc.reg
    [2012/01/29 11:58:17 | 000,879,683 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\SecurityCheck.exe
    [2012/01/25 18:57:30 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\cw5reby8.exe
    [2010/11/26 06:06:48 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Yqedabuyutomob.dat
    [2010/11/26 06:06:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mcececabafojoc.bin
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 Specter1075

Specter1075
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 31 January 2012 - 05:09 PM

Hi Agent ST!

With fingers crossed:

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
C:\Documents and Settings\Chris\Desktop\esetsmartinstaller_enu.exe moved successfully.
C:\Documents and Settings\Chris\Desktop\erunt_setup.exe moved successfully.
C:\Documents and Settings\Chris\Desktop\legacy_wscsvc.reg moved successfully.
C:\Documents and Settings\Chris\Desktop\wscsvc.reg moved successfully.
C:\Documents and Settings\Chris\Desktop\SecurityCheck.exe moved successfully.
C:\Documents and Settings\Chris\Desktop\cw5reby8.exe moved successfully.
C:\WINDOWS\Yqedabuyutomob.dat moved successfully.
C:\WINDOWS\Mcececabafojoc.bin moved successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Chris\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Chris\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: All Users

User: Chris
->Temp folder emptied: 703558 bytes
->Temporary Internet Files folder emptied: 8805929 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 204905297 bytes
->Flash cache emptied: 1493 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Fiah
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 6260 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14884 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 205.00 mb


[EMPTYFLASH]

User: admin

User: All Users

User: Chris
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Fiah
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: admin
->Java cache emptied: 0 bytes

User: All Users

User: Chris
->Java cache emptied: 0 bytes

User: Default User

User: Fiah
->Java cache emptied: 0 bytes

User: LocalService
->Java cache emptied: 0 bytes

User: NetworkService

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01312012_162315

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:15 PM

Posted 01 February 2012 - 12:42 AM

Hello,

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Commands
    [ClearAllRestorePoints]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.


Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates

  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 Specter1075

Specter1075
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 01 February 2012 - 04:12 PM

Thank you again for all your time and help!!

I followed your directions, but when I rebooted from the OTL Cleanup, I lost the log from the OTL fix. It was only two lines saying something like the old points were removed a new restore point had been created successfully. Hopefully thats all you need...

I have already implemented some of the additional things you listed, and will continue to work through the list. As you dont need any more additional information, you can consider this topic resolved.

Thank you so much, and I will make a donation in your name!

Take care and all the best!

Specter1075
Chris Robinson




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users