Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hitman Pro detects proxy - Infected ??


  • This topic is locked This topic is locked
15 replies to this topic

#1 ukBerty

ukBerty

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 07 February 2012 - 06:36 AM

I have a laptop here which belongs to a neighbour. They have had spyware on it previously but thought it was clean. Last week they started getting bounce backs from a lot of SPAM that was being sent out from their bt broadband account. Personally I think someone is sending out mail through BTs servers using their credentials rather than the mail originating from this laptop, but I may be wrong.

Products that find no infections :-

AVG
Malwarebytes
superantispyware
Webroot Secure anywhere (cloud av)
Sophos anti-rootkit
GMER

So looking clean, except that Hitman PRO says that IE is using a proxy even though no proxy is set in Internet Explorer. If Hitman cleans this proxy it comes back on reboot.

I have followed the procedures to get the logs you ask for, but as I say GMER finds nothing and the log in 0k so I won't bother with that. Below are the DDS logs.

Reading the forums the suggestion seems to be a rootkit, but I can't find it.

Thanks

Berty

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by BOB at 8:38:08 on 2012-02-07
.
============== Running Processes ===============
.
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Garmin\gStart.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Installs\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: thegivingmachine Toolbar: {a7cc8985-ea20-4bb4-86d1-789ab2bbc0c0} - C:\Program Files (x86)\thegivingmachine\prxtbthe0.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: thegivingmachine Toolbar: {a7cc8985-ea20-4bb4-86d1-789ab2bbc0c0} - C:\Program Files (x86)\thegivingmachine\prxtbthe0.dll
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111224150617.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: thegivingmachine Toolbar: {a7cc8985-ea20-4bb4-86d1-789ab2bbc0c0} - C:\Program Files (x86)\thegivingmachine\prxtbthe0.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: thegivingmachine Toolbar: {a7cc8985-ea20-4bb4-86d1-789ab2bbc0c0} - C:\Program Files (x86)\thegivingmachine\prxtbthe0.dll
TB: Guffins: {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:\Program Files (x86)\Guffins\bar\1.bin\u4bar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [gStart] C:\Garmin\gStart.exe
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} - hxxps://register.btinternet.com/templates/btwebcontrol028.cab
TCP: DhcpNameServer = 192.168.99.1
TCP: Interfaces\{A86212AF-FEC7-4A24-88EB-4348EBAE599C} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B6BA6F4B-9A25-45AE-A4C9-6A3916DD20B7} : DhcpNameServer = 192.168.99.1
TCP: Interfaces\{B6BA6F4B-9A25-45AE-A4C9-6A3916DD20B7}\2456C6B696E6F5E4F5144435C4F5731454133433 : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
IFEO: image file execution options - svchost.exe
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111224150617.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: thegivingmachine Toolbar: {a7cc8985-ea20-4bb4-86d1-789ab2bbc0c0} - C:\Program Files (x86)\thegivingmachine\prxtbthe0.dll
BHO-X64: thegivingmachine - No File
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: thegivingmachine Toolbar: {a7cc8985-ea20-4bb4-86d1-789ab2bbc0c0} - C:\Program Files (x86)\thegivingmachine\prxtbthe0.dll
TB-X64: Guffins: {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:\Program Files (x86)\Guffins\bar\1.bin\u4bar.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
IFEO-X64: image file execution options - svchost.exe
.
============= SERVICES / DRIVERS ===============
.
R? AVGIDSAgent;AVGIDSAgent
R? avgwd;AVG WatchDog
R? CaretakerAntispam;Caretaker Antispam Service
R? cfwids;McAfee Inc. cfwids
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? GamesAppService;GamesAppService
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? McShield;McAfee McShield
R? MEMSWEEP2;MEMSWEEP2
R? mferkdet;McAfee Inc. mferkdet
R? mferkdk;McAfee Inc. mferkdk
R? mfesmfk;McAfee Inc. mfesmfk
R? Netaapl;Apple Mobile Device Ethernet Service
R? osppsvc;Office Software Protection Platform
R? RkHit;RkHit
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? RtsUIR;Realtek IR Driver
R? TsUsbFlt;TsUsbFlt
R? USBAAPL64;Apple Mobile USB Driver
R? WatAdminSvc;Windows Activation Technologies Service
R? wlcrasvc;Windows Live Mesh remote connections service
S? AdobeARMservice;Adobe Acrobat Update Service
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSEH;AVGIDSEH
S? AVGIDSFilter;AVGIDSFilter
S? Avgldx64;AVG AVI Loader Driver
S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx64;AVG Anti-Rootkit Driver
S? Avgtdia;AVG TDI Driver
S? CaretakerProxy;Caretaker Proxy
S? CaretakerSvc;Caretaker Service
S? CaretakerUpdate;Caretaker Updater
S? cfWiMAXService;ConfigFree WiMAX Service
S? ConfigFree Gadget Service;ConfigFree Gadget Service
S? ConfigFree Service;ConfigFree Service
S? ctredr15.sys;ctredr15.sys
S? hitmanpro35;Hitman Pro 3.5 Support Driver
S? IntcHdmiAddService;Intel® High Definition Audio HDMI
S? mfeavfk;McAfee Inc. mfeavfk
S? mfefire;McAfee Firewall Core Service
S? mfefirek;McAfee Inc. mfefirek
S? mfehidk;McAfee Inc. mfehidk
S? mfenlfk;McAfee NDIS Light Filter
S? mfevtp;McAfee Validation Trust Protection Service
S? mfewfpk;McAfee Inc. mfewfpk
S? MpFilter;Microsoft Malware Protection Driver
S? MpNWMon;Microsoft Malware Protection Network Driver
S? NisDrv;Microsoft Network Inspection System
S? NisSrv;Microsoft Network Inspection
S? PGEffect;Pangu effect driver
S? PSI;PSI
S? RTL8167;Realtek 8167 NT Driver
S? rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver
S? Secunia PSI Agent;Secunia PSI Agent
S? Secunia Update Agent;Secunia Update Agent
S? TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO)
S? TMachInfo;TMachInfo
S? tos_sps64;TOSHIBA tos_sps64 Service
S? TOSHIBA eco Utility Service;TOSHIBA eco Utility Service
S? TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service
S? TPCHSrv;TPCH Service
S? TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver
S? vwififlt;Virtual WiFi Filter Driver
.
=============== Created Last 30 ================
.
2012-02-07 08:30:48 -------- d-----w- C:\Users\BOB\AppData\Roaming\TeamViewer
2012-02-07 08:30:42 -------- d-----w- C:\Users\BOB\temp
2012-02-07 07:53:05 -------- d-----w- C:\Users\BOB\AppData\Local\{924009AB-F116-4D28-A360-17F3D49F3C77}
2012-02-07 05:50:28 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{261348DC-1263-48FC-8DE2-AF9093473069}\offreg.dll
2012-02-07 05:49:27 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-02-07 05:49:21 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{261348DC-1263-48FC-8DE2-AF9093473069}\mpengine.dll
2012-02-06 19:52:38 -------- d-----w- C:\Users\BOB\AppData\Local\{6B42ABE9-F942-4838-8C0B-C4AFD5B42CE6}
2012-02-06 19:52:26 -------- d-----w- C:\Users\BOB\AppData\Local\{27CEBF57-EBD1-4284-8216-D21866FA674B}
2012-02-06 08:31:43 6144 ------w- C:\Windows\System32\B387.tmp
2012-02-06 08:28:53 6144 ------w- C:\Windows\System32\1C85.tmp
2012-02-06 07:51:43 -------- d-----w- C:\Users\BOB\AppData\Local\{99AF6B89-B7EC-452F-889E-275FF641890E}
2012-02-06 07:50:36 -------- d-----w- C:\Users\BOB\AppData\Local\{A17EB12F-D2B4-4AA9-A395-FC1A4B2B6C11}
2012-02-06 07:47:18 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E5D8B5B2-65C8-4C01-907E-1CF3B348DCCD}\mpengine.dll
2012-02-06 07:29:20 -------- d-----w- C:\Program Files (x86)\Sophos
2012-02-06 07:29:04 -------- d-----w- C:\Installs
2012-02-06 07:18:50 237299 ----a-w- C:\ProgramData\1328512261.bdinstall.bin
2012-02-06 07:18:50 -------- d-----w- C:\Program Files\Bitdefender
2012-02-06 07:08:29 88121 ----a-w- C:\ProgramData\1328512088.bdinstall.bin
2012-02-05 19:58:26 -------- d-----w- C:\Users\BOB\AppData\Local\{298EA87F-D7B6-4545-BB55-317B55D2B67A}
2012-02-05 19:53:42 -------- d-----w- C:\Users\BOB\AppData\Local\{45EA48E9-DA79-4835-BACB-0447677E8647}
2012-02-05 07:22:45 -------- d-----w- C:\Users\BOB\AppData\Local\{CE06D6BA-70B2-48E4-8F76-807709AAD133}
2012-02-04 19:16:17 -------- d-----w- C:\Users\BOB\AppData\Local\{B44716F2-56A9-494F-9E70-102C41F8899C}
2012-02-04 08:04:58 261936 ----a-w- C:\ProgramData\1328341903.bdinstall.bin
2012-02-04 07:59:56 -------- d-----w- C:\ProgramData\BDLogging
2012-02-04 07:54:52 -------- d-----w- C:\Users\BOB\AppData\Roaming\QuickScan
2012-02-04 07:50:47 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2012-02-04 07:49:48 -------- d-----w- C:\Program Files (x86)\Common Files\Bitdefender
2012-02-04 07:35:50 -------- d-----w- C:\ProgramData\WRData
2012-02-04 06:51:32 -------- d-----w- C:\Users\BOB\AppData\Local\{5E463D32-C03F-4155-8C37-313A70470D82}
2012-02-04 06:50:24 -------- d-----w- C:\Users\BOB\AppData\Local\{0A6736C1-BBC4-4229-AE44-77DD0F86DF7E}
2012-02-04 06:30:39 -------- d-----w- C:\Users\BOB\AppData\Local\{10B82D5C-6E09-40CD-ACD3-602DFFCB7B40}
2012-02-03 09:32:40 -------- d-----w- C:\Users\BOB\AppData\Local\{B3139D01-784B-4DEC-8AD9-8883F9C02FE1}
2012-02-03 09:32:14 -------- d-----w- C:\Users\BOB\AppData\Local\{3513F4F2-F139-4F92-994A-6805C10E8707}
2012-02-03 09:01:50 -------- d-----w- C:\Users\BOB\AppData\Local\{39C4CBC0-ADFD-41CF-99F3-0C95227D8A8B}
2012-02-02 20:29:49 -------- d-----w- C:\Users\BOB\AppData\Local\{5133610A-A3CC-4D39-B4F9-BE9D724F2900}
2012-02-02 20:29:30 -------- d-----w- C:\Users\BOB\AppData\Local\{BEA4DCD6-8126-473E-A3A7-41140ADAA02C}
2012-02-02 07:26:40 -------- d-----w- C:\Users\BOB\AppData\Local\{9D432E43-0EB1-404A-9224-532D37345F25}
2012-02-02 07:26:23 -------- d-----w- C:\Users\BOB\AppData\Local\{6726496E-C9FB-46DA-B071-6C3FF0BC38B1}
2012-02-02 07:24:52 -------- d-----w- C:\Users\BOB\AppData\Local\{09263546-9151-4B87-9073-4939CB0B8917}
2012-02-01 12:14:32 -------- d-----w- C:\Users\BOB\AppData\Local\{B2BDEE69-2B64-43B0-B7C3-2AE107217349}
2012-02-01 12:14:09 -------- d-----w- C:\Users\BOB\AppData\Local\{A11AF652-6690-4340-9B9E-BCD1C2978284}
2012-01-31 23:50:00 -------- d-----w- C:\Users\BOB\AppData\Local\{5928BAD3-765A-489F-9899-653C5EA42247}
2012-01-31 23:49:37 -------- d-----w- C:\Users\BOB\AppData\Local\{FBD44956-3C7D-4191-83DD-548FF505FCE5}
2012-01-31 10:50:54 -------- d-----w- C:\Users\BOB\AppData\Local\{FCA672F4-0D9E-4F6A-9523-3E4E9C59E43E}
2012-01-31 10:50:42 -------- d-----w- C:\Users\BOB\AppData\Local\{68AB3B90-26AD-4EFB-83D4-790F3C246292}
2012-01-31 09:56:20 -------- d-----w- C:\Users\BOB\AppData\Local\{2453CF81-D694-4626-98D7-3E9B5D15D99C}
2012-01-30 20:04:38 -------- d-----w- C:\Users\BOB\AppData\Local\{2BDD524D-16C7-49BA-80A0-6EA2FB939E1D}
2012-01-30 20:04:06 -------- d-----w- C:\Users\BOB\AppData\Local\{8927EC5C-2994-417A-8BA1-5FB555D84170}
2012-01-30 07:09:54 -------- d-----w- C:\Users\BOB\AppData\Local\{D0C8F31E-8B66-41E8-8B61-D87CDA27FBCE}
2012-01-30 07:09:33 -------- d-----w- C:\Users\BOB\AppData\Local\{94012C49-8E9B-441E-B240-C45023F953CF}
2012-01-29 10:39:59 -------- d-----w- C:\Users\BOB\AppData\Local\{0FCE8418-5501-4499-BA3C-450E3A9B075F}
2012-01-29 10:39:39 -------- d-----w- C:\Users\BOB\AppData\Local\{11171E18-4089-44F7-AF66-1AC9322A4E96}
2012-01-28 21:51:29 -------- d-----w- C:\Users\BOB\AppData\Local\{4AB6868D-9502-47FF-BFA4-57AA73FAC144}
2012-01-28 21:51:18 -------- d-----w- C:\Users\BOB\AppData\Local\{725EF41A-5685-42E7-A2C3-90BB6AF6556C}
2012-01-28 21:48:03 -------- d-----w- C:\Users\BOB\AppData\Local\{CCA2BB18-EE25-4938-9DA8-3856242344CB}
2012-01-28 07:50:00 -------- d-----w- C:\Users\BOB\AppData\Local\{9F82C21A-D3B7-4949-B8A8-24D7B751A741}
2012-01-28 07:49:49 -------- d-----w- C:\Users\BOB\AppData\Local\{5AD6DD68-028C-4839-9CA9-E0B844ABF640}
2012-01-27 13:42:13 -------- d-----w- C:\Users\BOB\AppData\Local\{64E76CB1-B78D-480A-ABEC-004E52E72729}
2012-01-27 13:41:55 -------- d-----w- C:\Users\BOB\AppData\Local\{33485CF0-3317-4FB6-B3E1-DA19BC82DC0A}
2012-01-26 21:03:28 -------- d-----w- C:\Users\BOB\AppData\Local\{AF97C1B0-986F-44D1-B28B-EB687E9F48C4}
2012-01-26 21:03:16 -------- d-----w- C:\Users\BOB\AppData\Local\{44F0C01F-DE88-4350-8521-338B9BF55D99}
2012-01-26 20:15:13 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-01-26 07:10:08 -------- d-----w- C:\Users\BOB\AppData\Local\{10B29D87-CEFB-446A-83F0-B41C8D36506F}
2012-01-26 07:09:33 -------- d-----w- C:\Users\BOB\AppData\Local\{AB2C9D00-974A-4246-8981-FA06A8878726}
2012-01-25 12:13:09 -------- d-----w- C:\Users\BOB\AppData\Local\{408B4145-7632-4DD6-A65B-EE7A134BC5C3}
2012-01-25 12:12:56 -------- d-----w- C:\Users\BOB\AppData\Local\{34B4DB26-A42C-4596-88A3-8E9289CC6B8A}
2012-01-24 20:59:42 -------- d-----w- C:\Users\BOB\AppData\Local\{A1E31D69-6FC6-44C7-9D35-D3DB2D3D9026}
2012-01-24 20:59:26 -------- d-----w- C:\Users\BOB\AppData\Local\{B2CDB8C5-72E5-4583-8D4D-D8916D91B124}
2012-01-24 08:34:16 -------- d-----w- C:\Users\BOB\AppData\Local\{A34E81B4-E5F3-44F4-8174-9FCBF4412AEF}
2012-01-24 08:34:05 -------- d-----w- C:\Users\BOB\AppData\Local\{249D3AFB-43CD-40CA-A444-0DBC036AAAF7}
2012-01-23 20:09:44 -------- d-----w- C:\Users\BOB\AppData\Local\{EBBD95E3-C459-475F-A042-1BA42DB00525}
2012-01-23 20:09:30 -------- d-----w- C:\Users\BOB\AppData\Local\{12397A4B-7ACA-4C8A-B820-4A24EFAF6314}
2012-01-23 07:47:50 -------- d-----w- C:\Users\BOB\AppData\Local\{3ACA2513-6ED8-45E6-93FB-02E1602AAAAD}
2012-01-23 07:47:28 -------- d-----w- C:\Users\BOB\AppData\Local\{1BB3ADD3-1C0F-4B34-8492-4E1E2B65DC20}
2012-01-22 19:46:56 -------- d-----w- C:\Users\BOB\AppData\Local\{4440AF4A-3457-485A-AE5F-A479B9A9C267}
2012-01-22 19:46:33 -------- d-----w- C:\Users\BOB\AppData\Local\{BD87CF6D-E564-44BE-A923-B9A3C0FF1395}
2012-01-22 07:09:57 -------- d-----w- C:\Users\BOB\AppData\Local\{942EED80-937C-47BD-BA95-2F8B0501120E}
2012-01-22 07:09:39 -------- d-----w- C:\Users\BOB\AppData\Local\{2432E133-D9BE-472B-957F-F869903B8A1C}
2012-01-21 10:01:08 -------- d-----w- C:\Users\BOB\AppData\Local\{FB4DDEF5-D372-4AFB-A245-48C31B150B9A}
2012-01-21 10:00:41 -------- d-----w- C:\Users\BOB\AppData\Local\{65CD563D-73D5-4E25-A517-D012EEA1D3B7}
2012-01-20 22:00:09 -------- d-----w- C:\Users\BOB\AppData\Local\{BC325797-6ED1-4B4E-92ED-D82254F438E3}
2012-01-20 21:59:57 -------- d-----w- C:\Users\BOB\AppData\Local\{F9997E4B-13B4-44A6-BE18-EA51C390823B}
2012-01-20 17:22:18 -------- d-----w- C:\Users\BOB\AppData\Roaming\AVG2012
2012-01-20 17:21:07 -------- d--h--w- C:\ProgramData\Common Files
2012-01-20 17:20:55 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-01-20 17:20:17 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-01-20 17:20:17 -------- d-----w- C:\ProgramData\AVG2012
2012-01-20 17:19:32 -------- d-----w- C:\Program Files (x86)\AVG
2012-01-20 17:14:31 -------- d-----w- C:\ProgramData\MFAData
2012-01-20 09:08:55 -------- d-----w- C:\Users\BOB\AppData\Local\{649650E8-B750-40CD-BDF4-64EC59E2AC60}
2012-01-20 09:08:33 -------- d-----w- C:\Users\BOB\AppData\Local\{9A411BC9-5EF2-478A-9806-BB465EB35F4D}
2012-01-19 20:35:27 -------- d-----w- C:\Users\BOB\AppData\Local\{1F8819EF-995D-4E37-BE1E-E619D15A048E}
2012-01-19 20:35:05 -------- d-----w- C:\Users\BOB\AppData\Local\{870A0A19-B60C-4520-B886-5F298F71CA81}
2012-01-19 08:22:04 -------- d-----w- C:\Users\BOB\AppData\Local\{4C80515B-EB00-497E-9E20-F2438CF4904A}
2012-01-19 08:21:38 -------- d-----w- C:\Users\BOB\AppData\Local\{D2DF0D02-2A0A-47ED-B95E-9F2DAB4BF5A9}
2012-01-18 20:21:06 -------- d-----w- C:\Users\BOB\AppData\Local\{F10FAE6A-ACEF-4326-8EDB-BC02521ED464}
2012-01-18 20:20:51 -------- d-----w- C:\Users\BOB\AppData\Local\{8E2355B0-6BC8-49C2-8EA5-7DB07410F1F8}
2012-01-18 20:05:17 -------- d-----w- C:\Users\BOB\AppData\Local\{B405F2FD-A519-424D-9385-C0A6EFCCAB6D}
2012-01-18 07:00:40 -------- d-----w- C:\Users\BOB\AppData\Local\{8C149C48-F657-4BAE-967F-56810AF97493}
2012-01-18 07:00:17 -------- d-----w- C:\Users\BOB\AppData\Local\{8F9A05B4-32A6-4D9C-B071-DE5B91743FC5}
2012-01-17 11:38:02 -------- d-----w- C:\Users\BOB\AppData\Local\{3A360667-9B01-4A6F-A209-880A1415F732}
2012-01-17 11:37:47 -------- d-----w- C:\Users\BOB\AppData\Local\{70EF4970-3133-40B2-856C-C38BA9C5FB98}
2012-01-17 09:38:15 -------- d-----w- C:\Users\BOB\AppData\Local\{89B008E1-54CE-4E70-93D7-724CE48733DD}
2012-01-17 09:38:00 -------- d-----w- C:\Users\BOB\AppData\Local\{DE6F1179-FD14-4293-86AF-713CEBA1408F}
2012-01-16 20:04:20 -------- d-----w- C:\Users\BOB\AppData\Local\{2A2FD768-FB12-46D9-8143-4ECE204BA8D3}
2012-01-16 20:04:02 -------- d-----w- C:\Users\BOB\AppData\Local\{18DBCA78-530C-49E6-B6D9-7917F4615E21}
2012-01-16 07:18:40 -------- d-----w- C:\Users\BOB\AppData\Local\{D2E3D733-406A-4E0B-A411-8FEF71810ED3}
2012-01-16 07:18:16 -------- d-----w- C:\Users\BOB\AppData\Local\{6CB00219-DC84-42B3-95E5-4D473D8EEE92}
2012-01-15 09:32:03 -------- d-----w- C:\Users\BOB\AppData\Local\{43212800-2421-4741-8AF6-C8EDBACA91D4}
2012-01-15 09:31:52 -------- d-----w- C:\Users\BOB\AppData\Local\{2E8BE461-13F4-448E-866E-BF2BFC3396AB}
2012-01-14 20:09:05 -------- d-----w- C:\Users\BOB\AppData\Local\{6CEFE93F-2237-455A-8034-87EF8C76A34D}
2012-01-14 20:08:53 -------- d-----w- C:\Users\BOB\AppData\Local\{53963DB1-4222-4983-A983-DE62D79FCE5E}
2012-01-14 08:08:25 -------- d-----w- C:\Users\BOB\AppData\Local\{9ACBD382-D82F-4D57-B403-18A163ECBAC9}
2012-01-14 08:08:02 -------- d-----w- C:\Users\BOB\AppData\Local\{9879EF70-135B-4A91-82F9-63A87A060B7C}
2012-01-13 16:34:33 -------- d-----w- C:\Users\BOB\AppData\Local\{04318EBD-CD8C-42BB-9D65-5FF4721CE988}
2012-01-13 16:34:13 -------- d-----w- C:\Users\BOB\AppData\Local\{339DFD97-102F-45E3-9821-1B8AF1C9BCEB}
2012-01-13 16:33:58 -------- d-----w- C:\Users\BOB\AppData\Local\{75330948-5EBF-4587-A3C4-96F4EF5B91D0}
2012-01-12 20:59:06 -------- d-----w- C:\Users\BOB\AppData\Local\{CF4C6331-24A5-406B-A63E-858294554D55}
2012-01-12 20:58:44 -------- d-----w- C:\Users\BOB\AppData\Local\{23867511-A56A-4DDF-A891-411D30D56480}
2012-01-12 07:06:51 -------- d-----w- C:\Users\BOB\AppData\Local\{DF9A4E90-3AA9-4C14-83CC-5EEABBEBA290}
2012-01-12 07:06:28 -------- d-----w- C:\Users\BOB\AppData\Local\{4D38712F-F596-46DE-9CDD-B73317A14314}
2012-01-11 20:52:51 -------- d-----w- C:\Users\BOB\AppData\Local\{AD342037-4D58-46F8-B5C2-236F1ADD6DD6}
2012-01-11 20:52:35 -------- d-----w- C:\Users\BOB\AppData\Local\{3BB2CC74-17BA-48B4-969F-A9B62938FB9D}
2012-01-11 14:34:04 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 14:34:03 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 14:34:03 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 14:34:02 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 14:34:01 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 14:34:01 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 14:34:00 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 14:33:59 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-11 07:49:22 -------- d-----w- C:\Users\BOB\AppData\Local\{E04A1793-29B8-49CC-A095-10A43FF4251A}
2012-01-11 07:48:59 -------- d-----w- C:\Users\BOB\AppData\Local\{FED094FE-6213-4879-8184-A92D06333C34}
2012-01-10 19:48:30 -------- d-----w- C:\Users\BOB\AppData\Local\{93CCA40A-1068-46EB-AA40-0E9398DB03B7}
2012-01-10 19:48:07 -------- d-----w- C:\Users\BOB\AppData\Local\{64E069F3-BB97-4919-A5AD-F61E39EBD22D}
2012-01-10 07:47:37 -------- d-----w- C:\Users\BOB\AppData\Local\{83F74CF5-8E2F-49F6-8242-BE840CC7B8A2}
2012-01-10 07:47:14 -------- d-----w- C:\Users\BOB\AppData\Local\{B1F9B3B7-AF71-41EE-9CB9-16A40782C0EF}
2012-01-09 19:46:44 -------- d-----w- C:\Users\BOB\AppData\Local\{4FAD54C5-2044-4161-86EB-E12DC2EBC199}
2012-01-09 19:46:22 -------- d-----w- C:\Users\BOB\AppData\Local\{F682437E-BD3F-493C-AFFA-06C42D0331A5}
2012-01-09 07:09:13 -------- d-----w- C:\Users\BOB\AppData\Local\{0E60EF57-17CC-49AA-8DDD-34C4ACAED6E7}
2012-01-09 07:08:51 -------- d-----w- C:\Users\BOB\AppData\Local\{D2C379D7-54D2-41EB-9DD0-AEA5B4EC0D2B}
2012-01-08 09:16:19 -------- d-----w- C:\Users\BOB\AppData\Local\{76166FAA-0C2A-4D68-8504-D1D14BA7EC7D}
2012-01-08 09:16:08 -------- d-----w- C:\Users\BOB\AppData\Local\{BCD9F0D3-ED0B-43B2-9B9C-2B33B2FA33BB}
2012-01-08 09:15:42 -------- d-----w- C:\Users\BOB\AppData\Local\{645ED8D3-4486-4ED7-B901-4A9AA898F8AB}
.
==================== Find3M ====================
.
2012-02-07 08:33:38 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2012-01-27 00:52:58 279656 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-22 19:56:16 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2011-12-14 20:02:30 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 15:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-11-09 19:34:37 5359888 ----a-w- C:\Windows\uninst.exe
.
============= FINISH: 8:39:37.29 ===============


.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
Amazon.co.uk
Apple Application Support
Apple Software Update
Barbie ® Nail Designer™
BlackBerry Desktop Software 6.0
BlackBerry Device Software Updater
Cheat Engine 6.1
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
D3DX10
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
eBay
Garmin Communicator Plugin
Garmin Training Center
Garmin USB Drivers
Garmin WebUpdater
Google Earth
Google Update Helper
HP Deskjet 2050 J510 series Help
HP Photo Creations
HP Update
Java™ 6 Update 14
Junk Mail filter update
Little Mermaid II Return to the Sea Activity Centre
Malwarebytes Anti-Malware version 1.60.1.1000
Mathematics Extension 8
Mathematics Extension 9
Mesh Runtime
Messenger Companion
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Safari
Secunia PSI (2.0.0.3001)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Skype Toolbars
Skype™ Launcher
Skype™ 4.2
Sophos Anti-Rootkit 1.5.20
thegivingmachine Toolbar
Toshiba Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Manuals
Toshiba Online Product Information
Toshiba Photo Service - powered by myphotobook
TOSHIBA Recovery Media Creator Reminder
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA TEMPRO
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TRORMCLauncher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Update Installer for WildTangent Games App
Utility Common Driver
Visual Studio 2008 x64 Redistributables
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:29 AM

Posted 07 February 2012 - 10:25 AM

Hello,

Have you neighbours tried changing their email password and secret question/answer from a clean machine? This should then fix any compromised account issues.

The logs you've run won't show any rootkit behaviour, so let's get a look with some tools that will.

:step1: Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


:step2: Download and run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are prompted to install the Recovery Console, then please do so.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you have trouble running ComboFix, then please rename ComboFix.exe to Caseyboy.exe and re-run.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 ukBerty

ukBerty
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 08 February 2012 - 07:09 AM

Thanks for getting back to me Casey. They have changed the password and there has been no more bounced mails, but they had stopped anyway.

I ran TDSS but it did not find anything.

I ran COMBOFIX which did a load of things - log below.

Hitman still detects a proxy and it comes back after deletion.

Thanks

Berty

ComboFix 12-02-07.01 - BOB 07/02/2012 18:30:24.1.2 - x64
Running from: c:\users\BOB\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\GuffinsEI
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dll
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.dat
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exe
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.ico
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\BOB\AppData\Local\{6EB4BAF5-AABA-4E85-8603-744CE062AC38}
c:\users\BOB\AppData\Local\{6EB4BAF5-AABA-4E85-8603-744CE062AC38}\chrome.manifest
c:\users\BOB\AppData\Local\{6EB4BAF5-AABA-4E85-8603-744CE062AC38}\chrome\content\overlay.xul
c:\users\BOB\AppData\Local\{6EB4BAF5-AABA-4E85-8603-744CE062AC38}\install.rdf
c:\users\BOB\AppData\Roaming\Adobe\plugs
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Files Created from 2012-01-07 to 2012-02-07 )))))))))))))))))))))))))))))))
.
.
2012-02-07 19:19 . 2012-02-07 19:19 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{820F1989-20E6-4EE9-AFBF-1BB66DAD8051}\offreg.dll
2012-02-07 18:51 . 2012-02-07 18:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-07 13:50 . 2012-01-05 21:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{820F1989-20E6-4EE9-AFBF-1BB66DAD8051}\mpengine.dll
2012-02-07 08:30 . 2012-02-07 08:30 -------- d-----w- c:\users\BOB\AppData\Roaming\TeamViewer
2012-02-07 08:30 . 2012-02-07 08:30 -------- d-----w- c:\users\BOB\temp
2012-02-07 05:49 . 2012-01-17 04:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{261348DC-1263-48FC-8DE2-AF9093473069}\mpengine.dll
2012-02-06 08:31 . 2011-05-12 14:03 6144 ------w- c:\windows\system32\B387.tmp
2012-02-06 08:28 . 2011-05-12 14:03 6144 ------w- c:\windows\system32\1C85.tmp
2012-02-06 07:29 . 2012-02-06 07:29 -------- d-----w- c:\program files (x86)\Sophos
2012-02-06 07:29 . 2012-02-07 08:43 -------- d-----w- C:\Installs
2012-01-26 20:15 . 2012-01-26 20:15 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-01-20 17:22 . 2012-02-06 07:45 -------- d-----w- c:\users\BOB\AppData\Roaming\AVG2012
2012-01-20 17:21 . 2012-01-20 17:21 -------- d--h--w- c:\programdata\Common Files
2012-01-20 17:20 . 2012-02-07 19:18 -------- d-----w- c:\programdata\AVG2012
2012-01-20 17:14 . 2012-02-07 18:31 -------- d-----w- c:\programdata\MFAData
2012-01-11 14:34 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 14:34 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 14:34 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 14:34 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 14:34 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 14:34 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 14:34 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 14:33 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-07 15:11 . 2011-02-08 21:15 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-01-27 00:52 . 2011-02-18 18:20 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-22 19:56 . 2011-12-22 19:56 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-12-14 20:02 . 2011-12-14 20:02 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 15:24 . 2011-01-25 22:57 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 04:52 . 2011-12-15 07:23 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-09 19:34 . 2011-11-09 19:34 5359888 ----a-w- c:\windows\uninst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a7cc8985-ea20-4bb4-86d1-789ab2bbc0c0}"= "c:\program files (x86)\thegivingmachine\prxtbthe0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a7cc8985-ea20-4bb4-86d1-789ab2bbc0c0}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{a7cc8985-ea20-4bb4-86d1-789ab2bbc0c0}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\thegivingmachine\prxtbthe0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{a7cc8985-ea20-4bb4-86d1-789ab2bbc0c0}"= "c:\program files (x86)\thegivingmachine\prxtbthe0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a7cc8985-ea20-4bb4-86d1-789ab2bbc0c0}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-22 135664]
R3 CaretakerAntispam;Caretaker Antispam Service;c:\program files\SurfRight\Caretaker\AntispamService.exe [2011-12-23 575816]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-22 135664]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\B387.tmp [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 ctredr15.sys;ctredr15.sys;c:\windows\system32\drivers\ctredr15.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 CaretakerProxy;Caretaker Proxy;c:\program files\SurfRight\Caretaker\CaretakerProxy.exe [2011-12-22 1416520]
S2 CaretakerSvc;Caretaker Service;c:\program files\SurfRight\Caretaker\CaretakerService.exe [2011-12-22 1490760]
S2 CaretakerUpdate;Caretaker Updater;c:\program files\SurfRight\Caretaker\CaretakerUpdater.exe [2011-12-22 222536]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-10-18 161168]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-10 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-10 399416]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-10-26 124368]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-22 20:51]
.
2012-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-22 20:51]
.
2010-03-19 c:\windows\Tasks\McDefragTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2010-06-21 11:22]
.
2011-06-01 c:\windows\Tasks\McQcTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2010-06-21 11:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-10-26 1050072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-07-30 134032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"CaretakerNotifier"="c:\program files\SurfRight\Caretaker\Notifier.exe" [2011-12-22 779264]
"combofix"="c:\combofix\CF31372.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bbc.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.99.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-{de2fdf7c-2637-4ba3-b427-3fce2d331db5} - c:\program files (x86)\Guffins\bar\1.bin\u4bar.dll
WebBrowser-{A7CC8985-EA20-4BB4-86D1-789AB2BBC0C0} - (no file)
WebBrowser-{DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5} - (no file)
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
AddRemove-Cheat Engine 6.1_is1 - c:\users\BOB\Documents\harry\Cheat Engine 6.1\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\B387.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-02-07 19:46:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-07 19:46
.
Pre-Run: 100,422,062,080 bytes free
Post-Run: 102,617,202,688 bytes free
.
- - End Of File - - 6CA3725B33BEC584E3AC6517666A9A87

#4 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:29 AM

Posted 08 February 2012 - 11:28 AM

I don't see any sign of a proxy being set in the logs. Can you manually reset the proxy for me and see if it's still being detected?

http://support.microsoft.com/kb/2289942#LetMeFixItMyselfAlways

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#5 ukBerty

ukBerty
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 08 February 2012 - 02:10 PM

Casey,

There is no sign of the Proxy in IE - it's only Hitman that keeps reporting it.

Am I chasing my tail here ??

Berty

#6 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:29 AM

Posted 08 February 2012 - 02:35 PM

I have a sneaky suspicion you may be :wink:

Could you uninstall and then reinstall Hitman?

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#7 ukBerty

ukBerty
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 08 February 2012 - 04:09 PM

Have uninstalled and reinstalled - just the same.

If ping a website and then browse to it and look at the log on my router, all the IP addresses tally up. It says the proxy is 127.0.0.1:56252 so maybe they would anyway.

Berty

#8 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:29 AM

Posted 08 February 2012 - 04:26 PM

Let's just try another tool then:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#9 ukBerty

ukBerty
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 09 February 2012 - 06:28 AM

Hang on... I did a remove with hitman and it did not come back.

I can't test it again as Hitman now wants the licence code and I don't know where that is.

I will return it to my neighbour and get them to run Hitman again but I think it's OK.

Thank you very much for your attention Casey - really appreciated.

Berty

#10 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:29 AM

Posted 09 February 2012 - 06:55 AM

Hi Berty,

Before returning it, there are some other steps we should run through first. There's no point returning it to only have to start all over again :)

So, please run the tool in my previous post and then there are some clean-up/preventative steps we should go through.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#11 ukBerty

ukBerty
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 09 February 2012 - 08:55 AM

Casey,

Here's the log.....

MiniToolBox by Farbar Version: 18-01-2012
Ran by BOB (administrator) on 09-02-2012 at 12:32:20
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : BOB-TOSH
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
System Quarantine State . . . . . : Not Restricted


Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : 70-F1-A1-2E-AD-96
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e830:abe8:f87f:f4ed%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.99.40(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 09 February 2012 12:05:30
Lease Expires . . . . . . . . . . : 12 February 2012 12:05:30
Default Gateway . . . . . . . . . : 192.168.99.1
DHCP Server . . . . . . . . . . . : 192.168.99.1
DHCPv6 IAID . . . . . . . . . . . : 342946209
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-35-32-B2-70-5A-B6-86-0C-2A
DNS Servers . . . . . . . . . . . : 192.168.99.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 70-5A-B6-86-0C-2A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {D57D4AB8-E4DC-4283-9F55-3F1703E52B1A}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.Belkin:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B6BA6F4B-9A25-45AE-A4C9-6A3916DD20B7}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:16:2812:3f57:9cd7(Preferred)
Link-local IPv6 Address . . . . . : fe80::16:2812:3f57:9cd7%21(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.99.1

Name: google.com
Addresses: 209.85.229.147
209.85.229.99
209.85.229.103
209.85.229.104
209.85.229.105


Pinging google.com [209.85.229.105] with 32 bytes of data:
Reply from 209.85.229.105: bytes=32 time=37ms TTL=51
Reply from 209.85.229.105: bytes=32 time=39ms TTL=51

Ping statistics for 209.85.229.105:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 37ms, Maximum = 39ms, Average = 38ms
Server: UnKnown
Address: 192.168.99.1

Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
98.139.183.24
209.191.122.70


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=177ms TTL=49
Reply from 209.191.122.70: bytes=32 time=169ms TTL=49

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 169ms, Maximum = 177ms, Average = 173ms
Server: UnKnown
Address: 192.168.99.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...70 f1 a1 2e ad 96 ......Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
10...70 5a b6 86 0c 2a ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
21...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.99.1 192.168.99.40 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.99.0 255.255.255.0 On-link 192.168.99.40 281
192.168.99.40 255.255.255.255 On-link 192.168.99.40 281
192.168.99.255 255.255.255.255 On-link 192.168.99.40 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.99.40 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.99.40 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
21 58 ::/0 On-link
1 306 ::1/128 On-link
21 58 2001::/32 On-link
21 306 2001:0:5ef5:79fb:16:2812:3f57:9cd7/128
On-link
12 281 fe80::/64 On-link
21 306 fe80::/64 On-link
21 306 fe80::16:2812:3f57:9cd7/128
On-link
12 281 fe80::e830:abe8:f87f:f4ed/128
On-link
1 306 ff00::/8 On-link
21 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/09/2012 00:05:43 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: The McShield scanning service cannot find any configuration in the registry

Error: (02/09/2012 07:25:02 AM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: The McShield scanning service cannot find any configuration in the registry

Error: (02/09/2012 00:31:14 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

Error: (02/08/2012 09:08:26 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: The McShield scanning service cannot find any configuration in the registry

Error: (02/08/2012 08:48:12 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: The McShield scanning service cannot find any configuration in the registry

Error: (02/08/2012 08:43:47 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/08/2012 08:29:19 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/08/2012 04:09:18 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/08/2012 11:49:14 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/08/2012 11:33:23 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (02/09/2012 00:06:43 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ctredr15.sys

Error: (02/09/2012 00:06:43 PM) (Source: Service Control Manager) (User: )
Description: The McAfee McShield service terminated with service-specific error %%5046.

Error: (02/09/2012 00:05:43 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Anti-Spam Service service failed to start due to the following error:
%%2

Error: (02/09/2012 07:26:02 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ctredr15.sys

Error: (02/09/2012 07:26:02 AM) (Source: Service Control Manager) (User: )
Description: The McAfee McShield service terminated with service-specific error %%5046.

Error: (02/09/2012 07:25:02 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Anti-Spam Service service failed to start due to the following error:
%%2

Error: (02/08/2012 09:09:26 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ctredr15.sys

Error: (02/08/2012 09:09:26 PM) (Source: Service Control Manager) (User: )
Description: The McAfee McShield service terminated with service-specific error %%5046.

Error: (02/08/2012 09:08:26 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Anti-Spam Service service failed to start due to the following error:
%%2

Error: (02/08/2012 08:49:12 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ctredr15.sys


Microsoft Office Sessions:
=========================
Error: (02/09/2012 00:05:43 PM) (Source: McLogEvent)(User: SYSTEM)SYSTEM
Description:

Error: (02/09/2012 07:25:02 AM) (Source: McLogEvent)(User: SYSTEM)SYSTEM
Description:

Error: (02/09/2012 00:31:14 AM) (Source: SideBySide)(User: )
Description: imagingurn:schemas-microsoft-com:asm.v1^assemblyc:\program files\microsoft security client\MSESysprep.dllc:\program files\microsoft security client\MSESysprep.dll10

Error: (02/08/2012 09:08:26 PM) (Source: McLogEvent)(User: SYSTEM)SYSTEM
Description:

Error: (02/08/2012 08:48:12 PM) (Source: McLogEvent)(User: SYSTEM)SYSTEM
Description:

Error: (02/08/2012 08:43:47 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/08/2012 08:29:19 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/08/2012 04:09:18 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/08/2012 11:49:14 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/08/2012 11:33:23 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


=========================== Installed Programs ============================

Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 2.7.0.19480)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Amazon.co.uk
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
Barbie ® Nail Designer™
BlackBerry Desktop Software 6.0 (Version: 6.0.0.40)
BlackBerry Device Software Updater (Version: 6.0.1.37)
Bonjour (Version: 3.0.0.10)
Cheat Engine 6.1
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Coupon Printer for Windows (Version: 5.0.0.0)
D3DX10 (Version: 15.4.2368.0902)
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
eBay (Version: 1.0.4)
Garmin Communicator Plugin (Version: 3.0.1)
Garmin Training Center (Version: 3.4.5)
Garmin USB Drivers (Version: 2.3.0.0)
Garmin WebUpdater (Version: 2.5.4)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.79)
HitmanPro 3.6 (Version: 3.6.0.138)
HP Deskjet 2050 J510 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 2050 J510 series Help (Version: 140.0.61.61)
HP Deskjet 2050 J510 series Product Improvement Study (Version: 22.50.231.0)
HP Photo Creations (Version: 1.0.0.3781)
HP Update (Version: 5.002.006.003)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1883)
Intel® Matrix Storage Manager
iTunes (Version: 10.5.0.142)
Java™ 6 Update 14 (Version: 6.0.140)
Junk Mail filter update (Version: 15.4.3502.0922)
Little Mermaid II Return to the Sea Activity Centre
Mathematics Extension 8 (Version: 1.0.0)
Mathematics Extension 9 (Version: 1.0.0)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 3.1.6.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
PlayReady PC Runtime amd64 (Version: 1.3.0)
QuickTime (Version: 7.71.80.42)
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0005)
Realtek High Definition Audio Driver (Version: 6.0.1.5904)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30101)
Realtek WLAN Driver (Version: 2.00.0006)
Safari (Version: 5.34.51.22)
Skype Toolbars (Version: 1.0.4051)
Skype™ Launcher
Skype™ 4.2 (Version: 4.2.169)
Synaptics Pointing Device Driver (Version: 13.2.6.1)
Toshiba Assist (Version: 3.00.09)
TOSHIBA Bulletin Board (Version: 1.0.04.64)
TOSHIBA ConfigFree (Version: 8.0.21)
TOSHIBA Disc Creator (Version: 2.1.0.1 for x64)
TOSHIBA DVD PLAYER (Version: 3.01.0.07-A)
TOSHIBA eco Utility (Version: 1.1.10.64)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: )
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Face Recognition (Version: 3.1.1.64)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.4C)
TOSHIBA Hardware Setup (Version: 1.63.0.11C)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.0)
Toshiba Manuals (Version: 10.00)
Toshiba Online Product Information (Version: 2.08.0001)
TOSHIBA PC Health Monitor (Version: 1.4.1.64)
Toshiba Photo Service - powered by myphotobook (Version: 1.0.0-663)
Toshiba Photo Service - powered by myphotobook (Version: 1.0.0)
TOSHIBA Recovery Media Creator (Version: 2.1.0.2 for x64)
TOSHIBA Recovery Media Creator Reminder (Version: 1.00.0019)
TOSHIBA ReelTime (Version: 1.0.04.64)
TOSHIBA SD Memory Utilities (Version: 1.9.1.12)
TOSHIBA Service Station (Version: 2.1.45)
TOSHIBA Supervisor Password (Version: 1.63.0.7C)
TOSHIBA TEMPRO (Version: 3.34)
TOSHIBA Value Added Package (Version: 1.2.25.64)
TOSHIBA Web Camera Application (Version: 1.1.1.4)
TRORMCLauncher (Version: )
TRORMCLauncher (Version: 1.0.0.7)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Update Installer for WildTangent Games App
Utility Common Driver (Version: 1.0.50.27C)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
WildTangent Games (Version: 1.0.0.71)
WildTangent Games App (Toshiba Games) (Version: 4.0.5.31)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinPcap 4.1.2 (Version: 4.1.0.2001)
Wireshark 1.6.5 (Version: 1.6.5)

========================= Devices: ================================

Name: ctredr15.sys
Description: ctredr15.sys
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ctredr15.sys
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


========================= Memory info: ===================================

Percentage of memory in use: 40%
Total physical RAM: 3932.88 MB
Available physical RAM: 2344.05 MB
Total Pagefile: 7863.95 MB
Available Pagefile: 6069.74 MB
Total Virtual: 4095.88 MB
Available Virtual: 3954.67 MB

========================= Partitions: =====================================

1 Drive c: (WINDOWS) (Fixed) (Total:149.04 GB) (Free:95.17 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:148.65 GB) (Free:26.17 GB) NTFS

========================= Users: ========================================

User accounts for \\BOB-TOSH

Administrator BOB Guest

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#12 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:29 AM

Posted 09 February 2012 - 10:52 AM

OK great :)

Let's just get a new scan with MBAM and an online scanner:

:step1: Please update and then run a full scan with MalwareByte's AntiMalware.

:step2: I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#13 ukBerty

ukBerty
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 09 February 2012 - 03:49 PM

ESET found this

C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined

Malwarebytes didn't find anything.

Berty

#14 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:29 AM

Posted 09 February 2012 - 04:07 PM

Great - that entry had already been dealt with and was in a quarantine folder.

So, just the clean up and preventative steps remaining:

:step1: The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

:step2: Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

:step3: Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

Do not use P2P programs
Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest. It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet
Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.

Below are a list of simple precautions to take to keep your computer clean and running securely:
  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge. You can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your http://en.wikipedia.org/wiki/Taskbar#Screenshots '>Taskbar, right click and chose close.
  • Do not visit pornographic websites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
  • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
    Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.

Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

  • Windows 7 users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here


Keep your browser secure
Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:

Use an AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Use an Anti-Malware program
You should regularly (perhaps once a week) scan your computer with an MalwareByte's AntiMalware program just as you would with an antivirus software.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java). You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#15 ukBerty

ukBerty
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 10 February 2012 - 01:50 AM

Thanks again Casey - you're a star.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users