Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Security 2012


  • This topic is locked This topic is locked
24 replies to this topic

#1 gtredx69

gtredx69

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ireland
  • Local time:07:50 PM

Posted 13 February 2012 - 05:44 PM

Hi Folks,

Your help be greatly appreciated.
I tried to remove Internet Security 2012 using Malware Malbytes. It succeeded to a extent it removed the fake security scan and I can execute programs. The bad is that Malware Malbytes keeping stating that 'Malwarebtyes Successfully blocked access to a pontentially malicious website: 178.238.36.17 Type outgoing'. Also follwoing your guide to removal of Internet Security I was unable to clean using TDSSKiller.

DDS Text
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Ann at 19:05:40 on 2012-02-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2438 [GMT 0:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r211990\stacsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
svchost.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/
uSearch Page = hxxp://www.live.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10t_ActiveX.exe -update activex
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.futuremark.com/virtualmark/tc/FMSI.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9CCEC814-66AB-473E-95B9-AF827A6BF4A2} : DhcpNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ann\application data\mozilla\firefox\profiles\59040wr5.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 BecHelperService;BecHelperService;c:\program files\3 mobile broadband\3connect\BecHelperService.exe [2011-9-11 1737464]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-13 652360]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-6-26 95200]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-7-3 112512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-13 20464]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [2009-7-3 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [2009-7-3 41760]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-16 136176]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 cpuz130;cpuz130;\??\c:\docume~1\ann\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ann\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-16 136176]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-9-11 9216]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
.
=============== Created Last 30 ================
.
2012-02-13 18:33:45 -------- d-----w- c:\documents and settings\ann\application data\BlueSprig
2012-02-13 18:33:06 -------- d-----w- c:\program files\BlueSprig
2012-02-13 18:26:53 860 ----a-w- c:\documents and settings\all users\application data\kznxaaa.tmp
2012-02-13 17:35:50 858 ----a-w- c:\documents and settings\all users\application data\sykxaaa.tmp
2012-02-13 17:12:15 819 ----a-w- c:\documents and settings\all users\application data\tykxaaa.tmp
2012-02-13 17:01:41 818 ----a-w- c:\documents and settings\all users\application data\qykxaaa.tmp
2012-02-13 15:44:54 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-13 14:49:26 -------- d-----w- c:\documents and settings\ann\application data\Malwarebytes
2012-02-13 14:49:23 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-02-13 14:49:22 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-13 14:49:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-27 20:35:51 33792 ----a-w- c:\windows\system32\e2nV5.com
2012-01-27 20:34:33 819 ----a-w- c:\documents and settings\all users\application data\obzpaaa.tmp
2012-01-27 20:34:28 817 ----a-w- c:\documents and settings\all users\application data\nbzpaaa.tmp
2012-01-27 20:34:22 855 ----a-w- c:\documents and settings\all users\application data\mbzpaaa.tmp
2012-01-27 20:34:12 825 ----a-w- c:\documents and settings\all users\application data\kbzpaaa.tmp
2012-01-27 20:30:17 783 ----a-w- c:\documents and settings\all users\application data\lbzpaaa.tmp
.
==================== Find3M ====================
.
2012-01-24 15:57:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:29:56 1868544 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
.
============= FINISH: 19:06:01.48 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 PM

Posted 14 February 2012 - 10:52 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image When you say you were unable to clean with TDSSKiller do you mean it wouldn't run, or it just didn't resolve your issues? If it ran a log would have been produced; navigate to c:\ and look for something like this: TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt.

Posted Image Please download DDS by sUBs from one of the following links and save it to your desktop.

DDS.scr
DDS.com
DDS.pif
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
Posted Image Download GMER Rootkit Scanner from here to your desktop.
  • Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


    Posted Image
    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


If you have trouble running GEMR:
  • Make sure that your security software is disabled
  • Uncheck the box next to "Files" this time also
  • If you still can't run it, try in the Safe Mode
Please include the following in your next post:
  • DDS.txt and Attach.txt logs
  • GMER log
  • The TDSSKiller log (if you located one)

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 gtredx69

gtredx69
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ireland
  • Local time:07:50 PM

Posted 15 February 2012 - 03:47 PM

Hi RPMcMurphy,

Thanks for the fast reply.

I was able to run TDSSKiller following the guide on here but it didn't give me the option to clean so the guide directed me to post here, the file in question was CDROM.sys.

I have attached all files asked, hopefully correctly.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Ann at 20:35:44 on 2012-02-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2199 [GMT 0:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r211990\stacsv.exe
svchost.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/
uSearch Page = hxxp://www.live.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10t_ActiveX.exe -update activex
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.futuremark.com/virtualmark/tc/FMSI.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9CCEC814-66AB-473E-95B9-AF827A6BF4A2} : DhcpNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ann\application data\mozilla\firefox\profiles\59040wr5.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 BecHelperService;BecHelperService;c:\program files\3 mobile broadband\3connect\BecHelperService.exe [2011-9-11 1737464]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-13 652360]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-6-26 95200]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-7-3 112512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-13 20464]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [2009-7-3 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [2009-7-3 41760]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-16 136176]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 cpuz130;cpuz130;\??\c:\docume~1\ann\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ann\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-16 136176]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-9-11 9216]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
.
=============== Created Last 30 ================
.
2012-02-13 18:33:45 -------- d-----w- c:\documents and settings\ann\application data\BlueSprig
2012-02-13 18:33:06 -------- d-----w- c:\program files\BlueSprig
2012-02-13 18:26:53 860 ----a-w- c:\documents and settings\all users\application data\kznxaaa.tmp
2012-02-13 17:35:50 858 ----a-w- c:\documents and settings\all users\application data\sykxaaa.tmp
2012-02-13 17:12:15 819 ----a-w- c:\documents and settings\all users\application data\tykxaaa.tmp
2012-02-13 17:01:41 818 ----a-w- c:\documents and settings\all users\application data\qykxaaa.tmp
2012-02-13 15:44:54 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-13 14:49:26 -------- d-----w- c:\documents and settings\ann\application data\Malwarebytes
2012-02-13 14:49:23 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-02-13 14:49:22 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-13 14:49:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-27 20:35:51 33792 ----a-w- c:\windows\system32\e2nV5.com
2012-01-27 20:34:33 819 ----a-w- c:\documents and settings\all users\application data\obzpaaa.tmp
2012-01-27 20:34:28 817 ----a-w- c:\documents and settings\all users\application data\nbzpaaa.tmp
2012-01-27 20:34:22 855 ----a-w- c:\documents and settings\all users\application data\mbzpaaa.tmp
2012-01-27 20:34:12 825 ----a-w- c:\documents and settings\all users\application data\kbzpaaa.tmp
2012-01-27 20:30:17 783 ----a-w- c:\documents and settings\all users\application data\lbzpaaa.tmp
.
==================== Find3M ====================
.
2012-01-24 15:57:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:29:56 1868544 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
.
============= FINISH: 20:36:34.96 ===============

Attached Files



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 PM

Posted 15 February 2012 - 10:39 PM

Please do this next:

Posted Image Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

  • Once the Microsoft Windows Recovery Console is installed click on Yes[/b], to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 gtredx69

gtredx69
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ireland
  • Local time:07:50 PM

Posted 18 February 2012 - 08:49 AM

Ran Combofix as requested and have attached log. After running this google redirects to to spam web sites.
Possible due to the infoection gaining more of a foothold when I disabled Malbyes for Combofix to run.

ComboFix 12-02-17.02 - Ann 18/02/2012 12:34:55.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2659 [GMT 0:00]
Running from: c:\documents and settings\Ann\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\kbzpaaa.tmp
c:\documents and settings\All Users\Application Data\kznxaaa.tmp
c:\documents and settings\All Users\Application Data\lbzpaaa.tmp
c:\documents and settings\All Users\Application Data\mbzpaaa.tmp
c:\documents and settings\All Users\Application Data\nbzpaaa.tmp
c:\documents and settings\All Users\Application Data\obzpaaa.tmp
c:\documents and settings\All Users\Application Data\qykxaaa.tmp
c:\documents and settings\All Users\Application Data\rspqaaa.tmp
c:\documents and settings\All Users\Application Data\sykxaaa.tmp
c:\documents and settings\All Users\Application Data\tykxaaa.tmp
c:\windows\$NtUninstallKB28079$\1078554340
c:\windows\$NtUninstallKB28079$\2454192104\@
c:\windows\$NtUninstallKB28079$\2454192104\cfg.ini
c:\windows\$NtUninstallKB28079$\2454192104\Desktop.ini
c:\windows\$NtUninstallKB28079$\2454192104\L\rohepcid
c:\windows\$NtUninstallKB28079$\2454192104\oemid
c:\windows\$NtUninstallKB28079$\2454192104\U\00000001.@
c:\windows\$NtUninstallKB28079$\2454192104\U\00000002.@
c:\windows\$NtUninstallKB28079$\2454192104\U\00000004.@
c:\windows\$NtUninstallKB28079$\2454192104\U\80000000.@
c:\windows\$NtUninstallKB28079$\2454192104\U\80000004.@
c:\windows\$NtUninstallKB28079$\2454192104\U\80000032.@
c:\windows\$NtUninstallKB28079$\2454192104\version
c:\windows\expl.dat
c:\windows\system32\drivers\~GLH0003.TMP
c:\windows\system32\service
c:\windows\system32\service\01032011_TIS17_SfFniAU.log
c:\windows\system32\service\01082010_TIS17_SfFniAU.log
c:\windows\system32\service\01082011_TIS17_SfFniAU.log
c:\windows\system32\service\01122010_TIS17_SfFniAU.log
c:\windows\system32\service\02012011_TIS17_SfFniAU.log
c:\windows\system32\service\02082011_TIS17_SfFniAU.log
c:\windows\system32\service\02092010_TIS17_SfFniAU.log
c:\windows\system32\service\03062010_TIS17_SfFniAU.log
c:\windows\system32\service\03082011_TIS17_SfFniAU.log
c:\windows\system32\service\04052011_TIS17_SfFniAU.log
c:\windows\system32\service\05022011_TIS17_SfFniAU.log
c:\windows\system32\service\05032011_TIS17_SfFniAU.log
c:\windows\system32\service\05092011_TIS17_SfFniAU.log
c:\windows\system32\service\05102011_TIS17_SfFniAU.log
c:\windows\system32\service\06032010_TIS17_SfFniAU.log
c:\windows\system32\service\06102010_TIS17_SfFniAU.log
c:\windows\system32\service\06112010_TIS17_SfFniAU.log
c:\windows\system32\service\07022011_TIS17_SfFniAU.log
c:\windows\system32\service\07112010_TIS17_SfFniAU.log
c:\windows\system32\service\08102010_TIS17_SfFniAU.log
c:\windows\system32\service\09052011_TIS17_SfFniAU.log
c:\windows\system32\service\09072010_TIS17_SfFniAU.log
c:\windows\system32\service\09082010_TIS17_SfFniAU.log
c:\windows\system32\service\09082011_TIS17_SfFniAU.log
c:\windows\system32\service\09092010_TIS17_SfFniAU.log
c:\windows\system32\service\10022011_TIS17_SfFniAU.log
c:\windows\system32\service\10102011_TIS17_SfFniAU.log
c:\windows\system32\service\11032011_TIS17_SfFniAU.log
c:\windows\system32\service\12012011_TIS17_SfFniAU.log
c:\windows\system32\service\12022011_TIS17_SfFniAU.log
c:\windows\system32\service\12032011_TIS17_SfFniAU.log
c:\windows\system32\service\12052010_TIS17_SfFniAU.log
c:\windows\system32\service\12052011_TIS17_SfFniAU.log
c:\windows\system32\service\12112010_TIS17_SfFniAU.log
c:\windows\system32\service\12122010_TIS17_SfFniAU.log
c:\windows\system32\service\13122011_TIS17_SfFniAU.log
c:\windows\system32\service\14012011_TIS17_SfFniAU.log
c:\windows\system32\service\14072010_TIS17_SfFniAU.log
c:\windows\system32\service\14092010_TIS17_SfFniAU.log
c:\windows\system32\service\14112011_TIS17_SfFniAU.log
c:\windows\system32\service\15032011_TIS17_SfFniAU.log
c:\windows\system32\service\15092010_TIS17_SfFniAU.log
c:\windows\system32\service\16022011_TIS17_SfFniAU.log
c:\windows\system32\service\16052011_TIS17_SfFniAU.log
c:\windows\system32\service\16102010_TIS17_SfFniAU.log
c:\windows\system32\service\18012011_TIS17_SfFniAU.log
c:\windows\system32\service\18072010_TIS17_SfFniAU.log
c:\windows\system32\service\18082010_TIS17_SfFniAU.log
c:\windows\system32\service\18112010_TIS17_SfFniAU.log
c:\windows\system32\service\19012011_TIS17_SfFniAU.log
c:\windows\system32\service\19082010_TIS17_SfFniAU.log
c:\windows\system32\service\20022011_TIS17_SfFniAU.log
c:\windows\system32\service\20032011_TIS17_SfFniAU.log
c:\windows\system32\service\20062011_TIS17_SfFniAU.log
c:\windows\system32\service\20082011_TIS17_SfFniAU.log
c:\windows\system32\service\20112010_TIS17_SfFniAU.log
c:\windows\system32\service\21122011_TIS17_SfFniAU.log
c:\windows\system32\service\22012011_TIS17_SfFniAU.log
c:\windows\system32\service\22022011_TIS17_SfFniAU.log
c:\windows\system32\service\22032011_TIS17_SfFniAU.log
c:\windows\system32\service\22052010_TIS17_SfFniAU.log
c:\windows\system32\service\22072010_TIS17_SfFniAU.log
c:\windows\system32\service\22082010_TIS17_SfFniAU.log
c:\windows\system32\service\22082011_TIS17_SfFniAU.log
c:\windows\system32\service\23022011_TIS17_SfFniAU.log
c:\windows\system32\service\23102010_TIS17_SfFniAU.log
c:\windows\system32\service\23122010_TIS17_SfFniAU.log
c:\windows\system32\service\24072011_TIS17_SfFniAU.log
c:\windows\system32\service\25062011_TIS17_SfFniAU.log
c:\windows\system32\service\25082011_TIS17_SfFniAU.log
c:\windows\system32\service\25092010_TIS17_SfFniAU.log
c:\windows\system32\service\26012011_TIS17_SfFniAU.log
c:\windows\system32\service\26022011_TIS17_SfFniAU.log
c:\windows\system32\service\26082011_TIS17_SfFniAU.log
c:\windows\system32\service\26092011_TIS17_SfFniAU.log
c:\windows\system32\service\26122010_TIS17_SfFniAU.log
c:\windows\system32\service\27012011_TIS17_SfFniAU.log
c:\windows\system32\service\27012012_TIS17_SfFniAU.log
c:\windows\system32\service\27082011_TIS17_SfFniAU.log
c:\windows\system32\service\27122010_TIS17_SfFniAU.log
c:\windows\system32\service\28022011_TIS17_SfFniAU.log
c:\windows\system32\service\28032011_TIS17_SfFniAU.log
c:\windows\system32\service\28052011_TIS17_SfFniAU.log
c:\windows\system32\service\28092011_TIS17_SfFniAU.log
c:\windows\system32\service\28112010_TIS17_SfFniAU.log
c:\windows\system32\service\28122010_TIS17_SfFniAU.log
c:\windows\system32\service\29052011_TIS17_SfFniAU.log
c:\windows\system32\service\29122010_TIS17_SfFniAU.log
c:\windows\system32\service\30062011_TIS17_SfFniAU.log
c:\windows\system32\service\30072010_TIS17_SfFniAU.log
c:\windows\system32\service\31012010_TIS17_SfFniAU.log
c:\windows\system32\service\31052011_TIS17_SfFniAU.log
c:\windows\system32\service\31082011_TIS17_SfFniAU.log
c:\windows\system32\service\31102010_TIS17_SfFniAU.log
c:\windows\system32\svch.dat
c:\windows\system32\winl.dat
c:\windows\$NtUninstallKB28079$ . . . . Failed to delete
.
c:\windows\system32\winlogon.exe . . . is infected!!
.
c:\windows\system32\svchost.exe . . . is infected!!
.
c:\windows\explorer.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-01-18 to 2012-02-18 )))))))))))))))))))))))))))))))
.
.
2012-02-18 13:21 . 2012-02-18 13:21 853 ----a-w- c:\documents and settings\All Users\Application Data\thalaaa.tmp
2012-02-18 13:21 . 2012-02-18 13:21 -------- d-----w- c:\documents and settings\Ann\Application Data\Izpy
2012-02-18 13:21 . 2012-02-18 13:21 -------- d-----w- c:\documents and settings\Ann\Application Data\Aslu
2012-02-18 13:20 . 2012-02-18 13:20 842 ----a-w- c:\documents and settings\All Users\Application Data\shalaaa.tmp
2012-02-18 13:20 . 2012-02-18 13:20 901 ----a-w- c:\documents and settings\All Users\Application Data\uhalaaa.tmp
2012-02-18 13:20 . 2012-02-18 13:20 825 ----a-w- c:\documents and settings\All Users\Application Data\vhalaaa.tmp
2012-02-18 13:10 . 2012-02-18 13:17 865 ----a-w- c:\documents and settings\All Users\Application Data\whalaaa.tmp
2012-02-18 12:57 . 2012-02-18 12:57 -------- d-----w- c:\windows\LastGood
2012-02-13 18:33 . 2012-02-13 18:33 -------- d-----w- c:\documents and settings\Ann\Application Data\BlueSprig
2012-02-13 18:33 . 2012-02-13 18:33 -------- d-----w- c:\program files\BlueSprig
2012-02-13 15:44 . 2012-02-15 21:18 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-13 14:49 . 2012-02-13 14:49 -------- d-----w- c:\documents and settings\Ann\Application Data\Malwarebytes
2012-02-13 14:49 . 2012-02-13 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-13 14:49 . 2012-02-13 14:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-13 14:49 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-27 20:37 . 2012-01-27 20:37 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-01-27 20:35 . 2012-01-27 20:35 33792 ----a-w- c:\windows\system32\e2nV5.com
2012-01-27 20:30 . 2012-01-27 20:30 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2012-01-27 20:30 . 2012-01-27 20:30 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-24 15:57 . 2011-06-14 21:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2008-04-25 16:16 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:29 . 2008-04-25 16:16 1868544 ----a-w- c:\windows\system32\win32k.sys
2011-12-21 23:59 . 2011-09-11 22:22 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . BC8840F2D09BCDF8F6914D6592E30CFD . 545280 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-04-14 . BB4F48CC2920A1BC7DA7F2BA3977D2A3 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
.
[-] 2008-04-14 . AC7D8BCD4279A25765E099885E792CDD . 1058816 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-16 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
"{1F280D77-03CD-497A-9B7E-B15CF0920539}"="c:\documents and settings\Ann\Application Data\Aslu\hyku.exe" [2010-08-04 159744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-02-22 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-22 729088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-18 150040]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-12 2220032]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe" [2011-06-14 240288]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
igmu.exe [2012-2-18 159744]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
deet.exe [2012-2-18 159744]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\WINDOWS\\explorer.exe"=
.
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [15/06/2011 16:33 249648]
R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [11/09/2011 22:16 1737464]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [13/02/2012 14:49 652360]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [26/06/2011 22:50 95200]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13/02/2012 14:49 20464]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [03/07/2009 13:09 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [03/07/2009 13:09 41760]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16/08/2010 22:15 136176]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [03/07/2009 13:09 112512]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [07/07/2011 18:31 195336]
S3 cpuz130;cpuz130;\??\c:\docume~1\Ann\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Ann\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [16/08/2010 22:15 136176]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [11/09/2011 22:16 9216]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 12:49 227232]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
WDM_YAMAHAAC97
wkscfgsrv
QV2KUX
aavmker4
dntus26
DcFpoint
mbackmonitor
digisptiservice
epstnt01
MSFWHLPR
fsks
Via4in1
sandrathesrv
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-27 c:\windows\Tasks\At1.job
- c:\windows\system32\e2nV5.com [2012-01-27 20:35]
.
2012-01-27 c:\windows\Tasks\At11.job
- c:\windows\system32\e2nV5.com [2012-01-27 20:35]
.
2012-01-27 c:\windows\Tasks\At13.job
- c:\windows\system32\e2nV5.com [2012-01-27 20:35]
.
2012-01-27 c:\windows\Tasks\At15.job
- c:\windows\system32\e2nV5.com [2012-01-27 20:35]
.
2012-01-27 c:\windows\Tasks\At17.job
- c:\windows\system32\e2nV5.com [2012-01-27 20:35]
.
2012-01-27 c:\windows\Tasks\At19.job
- c:\windows\system32\e2nV5.com [2012-01-27 20:35]
.
2012-01-27 c:\windows\Tasks\At21.job
- c:\windows\system32\e2nV5.com [2012-01-27 20:35]
.
2012-01-27 c:\windows\Tasks\At23.job
- c:\windows\system32\e2nV5.com [2012-01-27 20:35]
.
2012-02-18 c:\windows\Tasks\At25.job
- c:\windows\system32\e2nV5.com [2012-01-27 20:35]
.
2012-01-27 c:\windows\Tasks\At27.job
- c:\windows\system32\e2nV5.com [2012-01-27 20:35]
.
2012-01-27 c:\windows\Tasks\At29.job
- c:\windows\system32\e2nV5.com [2012-01-27 20:35]
.
2012-01-27 c:\windows\Tasks\At3.job
- c:\windows\system32\e2nV5.com [2012-01-27 20:35]
.
2012-02-13 c:\windows\Tasks\At31.job
- c:\windows\system32\e2nV5.com [2012-01-27 20:35]
.
2012-02-13 c:\windows\Tasks\At33.job
- c:\windows\system32\e2nV5.com [2012-01-27 20:35]
.
2012-02-13 c:\windows\Tasks\At35.job
- c:\windows\system32\e2nV5.com [2012-01-27 20:35]
.
2012-01-27 c:\windows\Tasks\At37.job
- c:\windows\system32\e2nV5.com [2012-01-27 20:35]
.
2012-02-13 c:\windows\Tasks\At39.job
- c:\windows\system32\e2nV5.com [2012-01-27 20:35]
.
2012-02-15 c:\windows\Tasks\At41.job
- c:\windows\system32\e2nV5.com [2012-01-27 20:35]
.
2012-02-13 c:\windows\Tasks\At43.job
- c:\windows\system32\e2nV5.com [2012-01-27 20:35]
.
2012-02-13 c:\windows\Tasks\At45.job
- c:\windows\system32\e2nV5.com [2012-01-27 20:35]
.
2012-02-13 c:\windows\Tasks\At47.job
- c:\windows\system32\e2nV5.com [2012-01-27 20:35]
.
2012-01-27 c:\windows\Tasks\At5.job
- c:\windows\system32\e2nV5.com [2012-01-27 20:35]
.
2012-01-27 c:\windows\Tasks\At7.job
- c:\windows\system32\e2nV5.com [2012-01-27 20:35]
.
2012-01-27 c:\windows\Tasks\At9.job
- c:\windows\system32\e2nV5.com [2012-01-27 20:35]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 22:15]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 22:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Ann\Application Data\Mozilla\Firefox\Profiles\59040wr5.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-18 13:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f1,46,69,2c,73,5d,5d,41,b8,3b,9a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f1,46,69,2c,73,5d,5d,41,b8,3b,9a,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f1,46,69,2c,73,5d,5d,41,b8,3b,9a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(6024)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2012-02-18 13:27:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-18 13:26
.
Pre-Run: 223,980,576,768 bytes free
Post-Run: 224,137,379,840 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - CDAD7D9E6230E9AD0E0F864ED240A02F

Attached Files


Edited by RPMcMurphy, 18 February 2012 - 10:15 AM.
Added log


#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 PM

Posted 18 February 2012 - 10:23 AM

Please do this next:

Posted Image Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:
    %systemroot%\*. /rp /s
    netsvcs
    /md5start
    winlogon.exe
    svchost.exe
    explorer.exe
  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and paste them into your next post.
Please include the following in your next post:
  • OTL.txt and Extras.txt logs

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 gtredx69

gtredx69
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ireland
  • Local time:07:50 PM

Posted 18 February 2012 - 11:05 AM

OTL logfile created on: 18/02/2012 15:47:31 - Run 1
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Documents and Settings\Ann\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.96 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 61.92% Memory free
4.80 Gb Paging File | 3.57 Gb Available in Paging File | 74.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.85 Gb Total Space | 208.70 Gb Free Space | 89.63% Space Free | Partition Type: NTFS

Computer Name: DG5S06K1 | User Name: Ann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/18 15:46:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ann\Desktop\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/13 11:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/01/28 12:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2010/01/15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/03/31 22:26:12 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/03/31 22:25:54 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/03/31 22:25:52 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/03/31 22:25:50 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/02/22 23:49:42 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/02/22 23:49:28 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2009/02/05 02:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/01/08 03:55:00 | 000,072,224 | ---- | M] (O2Micro International) -- C:\WINDOWS\system32\drivers\o2flash.exe
PRC - [2008/08/13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/14 12:00:00 | 001,058,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/19 18:58:17 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/19 18:58:01 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/19 18:57:44 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2010/01/28 12:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
MOD - [2008/12/12 01:38:02 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2008/12/12 01:37:28 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wkscfgsrv)
SRV - File not found [Auto | Stopped] -- -- (WDM_YAMAHAAC97)
SRV - File not found [Auto | Stopped] -- -- (Via4in1)
SRV - File not found [Auto | Stopped] -- -- (QV2KUX)
SRV - File not found [Auto | Stopped] -- -- (MSFWHLPR)
SRV - File not found [On_Demand | Stopped] -- -- (getPlus® Helper) getPlus®
SRV - File not found [Auto | Stopped] -- -- (fsks)
SRV - File not found [Auto | Stopped] -- -- (epstnt01)
SRV - File not found [Auto | Stopped] -- -- (dntus26)
SRV - File not found [Auto | Stopped] -- -- (DcFpoint)
SRV - File not found [Auto | Stopped] -- -- (aavmker4)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/13 11:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/07/07 18:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/01/28 12:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/02/22 23:49:34 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- c:\drivers\audio\R211990\stacsv.exe -- (STacSV)
SRV - [2009/01/08 03:55:00 | 000,072,224 | ---- | M] (O2Micro International) [Auto | Running] -- C:\WINDOWS\system32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2008/08/13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/04/14 12:00:00 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\rrspy.dll -- (mbackmonitor)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/01/28 12:35:24 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2010/01/19 11:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 11:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 11:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 11:49:50 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/03/31 22:25:48 | 000,196,144 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/02/22 23:49:26 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/02/02 23:41:22 | 000,120,064 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/01/08 03:55:00 | 000,051,616 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mdg.sys -- (O2MDGRDR)
DRV - [2009/01/08 03:55:00 | 000,041,760 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2sdg.sys -- (O2SDGRDR)
DRV - [2008/12/12 01:37:56 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/05/02 10:49:39 | 000,062,976 | ---- | M] (ViRazer) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2007/07/23 20:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 20:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 20:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 20:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 20:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 20:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 20:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 20:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 19:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 19:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.uk.msn.com/USSMB/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.uk.msn.com/USSMB/2

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/01/25 22:39:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/21 23:59:39 | 000,000,000 | ---D | M]

[2011/09/11 22:22:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ann\Application Data\Mozilla\Extensions
[2011/09/11 22:22:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/03 10:19:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/01/25 22:39:08 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2009/12/31 09:46:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/12/21 23:59:38 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/21 23:59:35 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/12/21 23:59:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 23:59:35 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/21 23:59:35 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/28 22:21:13 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/12/21 23:59:35 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\gears.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Documents and Settings\Ann\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\

O1 HOSTS File: ([2012/02/18 13:20:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKCU..\Run: [{1F280D77-03CD-497A-9B7E-B15CF0920539}] C:\Documents and Settings\Ann\Application Data\Aslu\hyku.exe (Belkin Corporation)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.futuremark.com/virtualmark/tc/FMSI.cab (Futuremark SystemInfo)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CCEC814-66AB-473E-95B9-AF827A6BF4A2}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 21:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WDM_YAMAHAAC97 - File not found
NetSvcs: wkscfgsrv - File not found
NetSvcs: QV2KUX - File not found
NetSvcs: aavmker4 - File not found
NetSvcs: dntus26 - File not found
NetSvcs: DcFpoint - File not found
NetSvcs: mbackmonitor - C:\WINDOWS\system32\rrspy.dll (Oak Technology Inc.)
NetSvcs: digisptiservice - File not found
NetSvcs: epstnt01 - File not found
NetSvcs: MSFWHLPR - File not found
NetSvcs: fsks - File not found
NetSvcs: Via4in1 - File not found
NetSvcs: sandrathesrv - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/06/02 06:00:16 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/02/18 15:46:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ann\Desktop\OTL.exe
[2012/02/18 13:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ann\Application Data\Izpy
[2012/02/18 13:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ann\Application Data\Aslu
[2012/02/18 12:57:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/02/18 12:24:42 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/18 12:20:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/18 12:20:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/18 12:20:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/18 12:20:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/18 12:20:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/18 12:20:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/18 12:15:06 | 004,406,994 | R--- | C] (Swearware) -- C:\Documents and Settings\Ann\Desktop\ComboFix.exe
[2012/02/13 19:05:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Ann\Desktop\dds.scr
[2012/02/13 18:58:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ann\Start Menu\Programs\Administrative Tools
[2012/02/13 18:33:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ann\Application Data\BlueSprig
[2012/02/13 18:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\JetClean
[2012/02/13 18:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\BlueSprig
[2012/02/13 18:31:50 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/02/13 14:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ann\Application Data\Malwarebytes
[2012/02/13 14:49:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/13 14:49:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/02/13 14:49:22 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/13 14:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/13 14:44:42 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/01/27 20:37:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/01/27 20:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2006/12/12 09:59:08 | 000,184,320 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.MSXML2.dll
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/18 15:54:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2012/02/18 15:51:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/18 15:46:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ann\Desktop\OTL.exe
[2012/02/18 15:44:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/18 15:44:00 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/18 14:54:02 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2012/02/18 13:54:02 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2012/02/18 13:22:56 | 000,467,430 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/18 13:22:56 | 000,080,480 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/18 13:20:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/18 13:20:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/18 12:54:02 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2012/02/18 12:44:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/18 12:44:18 | 3180,212,224 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/18 12:24:45 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/02/18 12:17:42 | 004,406,994 | R--- | M] (Swearware) -- C:\Documents and Settings\Ann\Desktop\ComboFix.exe
[2012/02/15 21:18:25 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/15 20:54:03 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2012/02/13 23:54:03 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2012/02/13 22:54:03 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2012/02/13 21:54:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2012/02/13 19:54:03 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2012/02/13 18:56:34 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Ann\Desktop\dds.scr
[2012/02/13 18:33:08 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\Ann\Application Data\Microsoft\Internet Explorer\Quick Launch\JetClean.lnk
[2012/02/13 18:33:08 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\JetClean.lnk
[2012/02/13 18:32:17 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/02/13 17:54:02 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2012/02/13 16:54:02 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2012/02/13 14:49:23 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/27 20:38:52 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\K3605EFG.dat
[2012/01/27 20:35:51 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/01/27 20:35:46 | 000,033,792 | ---- | M] () -- C:\WINDOWS\System32\e2nV5.com
[2012/01/26 11:00:08 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Ann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/24 15:57:24 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/18 12:24:45 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/02/18 12:24:43 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/18 12:20:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/18 12:20:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/18 12:20:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/18 12:20:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/18 12:20:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/13 18:56:43 | 3180,212,224 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/13 18:33:08 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\Ann\Application Data\Microsoft\Internet Explorer\Quick Launch\JetClean.lnk
[2012/02/13 18:33:08 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\JetClean.lnk
[2012/02/13 18:32:17 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/02/13 18:32:16 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/02/13 15:44:54 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/13 14:49:23 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/27 20:38:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/27 20:35:51 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\e2nV5.com
[2012/01/27 20:35:51 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2012/01/27 20:35:51 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2012/01/27 20:35:51 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\K3605EFG.dat
[2011/09/11 22:16:47 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2011/06/14 03:00:28 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Ann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/12 23:14:01 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/23 21:09:40 | 000,000,103 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/04/30 14:53:13 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/19 11:49:54 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\RemoveDevice.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/03 13:09:44 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2009/07/03 13:09:34 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/07/03 13:09:34 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/07/03 13:09:34 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2009/07/03 13:06:53 | 000,001,201 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/07/03 10:28:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/07/03 10:20:44 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/07/03 10:19:36 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/07/03 10:19:35 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/07/03 10:19:35 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2008/05/27 02:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/27 02:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 21:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 21:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 21:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 16:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 16:16:22 | 000,467,430 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 16:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 16:16:22 | 000,080,480 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 16:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 16:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 16:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 16:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 16:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 16:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 16:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 16:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 09:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 09:21:52 | 000,139,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/27 15:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 15:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 15:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/06 10:07:30 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/07/09 15:10:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SageEventHandler.exe
[2007/07/09 15:08:56 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2007/07/09 15:08:52 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2007/07/09 15:08:50 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\SGTBAR32.DLL
[2007/07/09 15:08:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGSTAT32.DLL
[2007/07/09 15:08:44 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2007/07/09 15:08:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLOGO32.DLL
[2007/07/09 15:08:40 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\SGCDLG32.DLL
[2007/07/09 15:08:32 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\SGLIST32.DLL
[2007/07/09 15:08:24 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\SGTOOL32.DLL
[2007/07/09 15:08:20 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGINTL32.DLL
[2007/07/09 15:08:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDT32.DLL
[2007/07/09 15:08:18 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHELP32.DLL
[2007/07/09 15:08:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAPPBAR.DLL
[2007/07/09 15:08:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.DLL
[2007/07/09 15:08:12 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXml.dll
[2007/07/09 15:08:02 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXP.dll
[2007/07/09 15:07:58 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeDefault.dll
[2007/07/09 15:07:52 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeManager.dll
[2007/07/09 15:07:44 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\SGCOM32.DLL
[2007/07/09 15:07:06 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\SGSTDREG.dll
[2007/07/09 15:07:02 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\SGRegister.dll
[2007/07/09 15:06:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll
[2007/05/24 09:30:34 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\SgEData.dll
[2006/11/01 15:41:24 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\SGLCH32.DLL
[2006/11/01 15:41:16 | 001,712,128 | ---- | C] () -- C:\WINDOWS\System32\SGRep32.dll
[2006/11/01 14:50:40 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\PDFInstall.exe
[2002/04/16 10:27:54 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\CdI5T.drv
[1998/03/26 00:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SgHmZLib.dll
[1998/03/20 00:00:00 | 000,001,048 | -HS- | C] () -- C:\WINDOWS\System32\TMailRL.sys
[1998/03/20 00:00:00 | 000,001,048 | -HS- | C] () -- C:\WINDOWS\System32\TMail3FL.SYS
[1998/03/20 00:00:00 | 000,001,048 | -HS- | C] () -- C:\WINDOWS\System32\rlfnlf.sys
[1998/03/20 00:00:00 | 000,001,048 | -HS- | C] () -- C:\WINDOWS\System32\flfnlf.sys

========== Custom Scans ==========


< %systemroot%\*. /rp /s >


< MD5 for: EXPLORER.EXE >
[2008/04/14 12:00:00 | 001,058,816 | ---- | M] (Microsoft Corporation) MD5=AC7D8BCD4279A25765E099885E792CDD -- C:\WINDOWS\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/14 12:00:00 | 000,039,936 | ---- | M] (Microsoft Corporation) MD5=BB4F48CC2920A1BC7DA7F2BA3977D2A3 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 12:00:00 | 000,545,280 | ---- | M] (Microsoft Corporation) MD5=BC8840F2D09BCDF8F6914D6592E30CFD -- C:\WINDOWS\system32\winlogon.exe

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

< End of report >


OTL Extras logfile created on: 18/02/2012 15:47:31 - Run 1
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Documents and Settings\Ann\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.96 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 61.92% Memory free
4.80 Gb Paging File | 3.57 Gb Available in Paging File | 74.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.85 Gb Total Space | 208.70 Gb Free Space | 89.63% Space Free | Partition Type: NTFS

Computer Name: DG5S06K1 | User Name: Ann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell Video Chat\DellVideoChat.exe" = C:\Program Files\Dell Video Chat\DellVideoChat.exe:*:Enabled:Dell Video Chat -- (Dell Inc. and SightSpeed Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 22
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_BASICR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AE60F600-FD60-40C4-A990-72F9BFEE475C}" = Dell Backup and Recovery Manager
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BASICR" = Microsoft Office Basic 2007
"Belarc Advisor" = Belarc Advisor 8.1
"BlueSprig_JetClean_is1" = JetClean
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 8.0.1 (x86 en-GB)" = Mozilla Firefox 8.0.1 (x86 en-GB)
"PowerISO" = PowerISO
"Spotify" = Spotify
"VLC media player" = VLC media player 1.1.10
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZTE_1.2059.0.8" = ZTE_1.2059.0.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/02/2012 14:16:11 | Computer Name = DG5S06K1 | Source = Application Error | ID = 1004
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ws2_32.dll, version 5.1.2600.5512, fault address 0x00006afc.

Error - 18/02/2012 08:11:59 | Computer Name = DG5S06K1 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 18/02/2012 09:19:46 | Computer Name = DG5S06K1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ws2_32.dll, version 5.1.2600.5512, fault address 0x00006b17.

Error - 18/02/2012 09:51:19 | Computer Name = DG5S06K1 | Source = Application Error | ID = 1000
Description = Faulting application OUTLOOK.EXE, version 12.0.6562.5003, faulting
module OUTLOOK.EXE, version 12.0.6562.5003, fault address 0x00007adc.

Error - 18/02/2012 09:51:59 | Computer Name = DG5S06K1 | Source = Application Error | ID = 1000
Description = Faulting application OUTLOOK.EXE, version 12.0.6562.5003, faulting
module OUTLOOK.EXE, version 12.0.6562.5003, fault address 0x00007adc.

Error - 18/02/2012 09:52:57 | Computer Name = DG5S06K1 | Source = Application Error | ID = 1000
Description = Faulting application OUTLOOK.EXE, version 12.0.6562.5003, faulting
module OUTLOOK.EXE, version 12.0.6562.5003, fault address 0x00007adc.

Error - 18/02/2012 10:20:35 | Computer Name = DG5S06K1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ws2_32.dll, version 5.1.2600.5512, fault address 0x00003ffc.

Error - 18/02/2012 11:12:48 | Computer Name = DG5S06K1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ws2_32.dll, version 5.1.2600.5512, fault address 0x00006afc.

Error - 18/02/2012 11:51:06 | Computer Name = DG5S06K1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ws2_32.dll, version 5.1.2600.5512, fault address 0x00006b17.

Error - 18/02/2012 11:55:44 | Computer Name = DG5S06K1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ws2_32.dll, version 5.1.2600.5512, fault address 0x00006b17.

[ System Events ]
Error - 18/02/2012 08:44:40 | Computer Name = DG5S06K1 | Source = Service Control Manager | ID = 7023
Description = The Perfproc service terminated with the following error: %%126

Error - 18/02/2012 08:44:40 | Computer Name = DG5S06K1 | Source = Service Control Manager | ID = 7023
Description = The Wg4n service terminated with the following error: %%126

Error - 18/02/2012 08:44:40 | Computer Name = DG5S06K1 | Source = Service Control Manager | ID = 7023
Description = The St330service service terminated with the following error: %%126

Error - 18/02/2012 08:44:40 | Computer Name = DG5S06K1 | Source = Service Control Manager | ID = 7023
Description = The Tifm21 service terminated with the following error: %%126

Error - 18/02/2012 08:44:40 | Computer Name = DG5S06K1 | Source = Service Control Manager | ID = 7023
Description = The Webrootenterpriseclientservice service terminated with the following
error: %%126

Error - 18/02/2012 08:44:40 | Computer Name = DG5S06K1 | Source = Service Control Manager | ID = 7023
Description = The Symsnap service terminated with the following error: %%126

Error - 18/02/2012 08:44:40 | Computer Name = DG5S06K1 | Source = Service Control Manager | ID = 7023
Description = The Wencrservice service terminated with the following error: %%126

Error - 18/02/2012 08:44:40 | Computer Name = DG5S06K1 | Source = Service Control Manager | ID = 7023
Description = The Winproxy service terminated with the following error: %%126

Error - 18/02/2012 08:44:43 | Computer Name = DG5S06K1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BANTExt SCDEmu

Error - 18/02/2012 08:54:00 | Computer Name = DG5S06K1 | Source = Schedule | ID = 7901
Description = The At26.job command failed to start due to the following error: %%2147942402


< End of report >

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 PM

Posted 18 February 2012 - 11:42 AM

Please do this next:

Posted Image Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    SRV - [2008/04/14 12:00:00 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\rrspy.dll -- (mbackmonitor)
    O4 - HKCU..\Run: [{1F280D77-03CD-497A-9B7E-B15CF0920539}] C:\Documents and Settings\Ann\Application Data\Aslu\hyku.exe (Belkin Corporation)
    NetSvcs: mbackmonitor - C:\WINDOWS\system32\rrspy.dll (Oak Technology Inc.)
    [2012/01/27 20:35:51 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\e2nV5.com
    [2012/01/27 20:35:51 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\K3605EFG.dat
    :Files
    c:\documents and settings\Administrator\Start Menu\Programs\Startup\igmu.exe [2012-2-18 159744]
    c:\documents and settings\Default User\Start Menu\Programs\Startup\deet.exe [2012-2-18 159744]
    c:\windows\Tasks\At*.job
    c:\documents and settings\Ann\Application Data\Izpy
    c:\documents and settings\Ann\Application Data\Aslu
    :Commands
    [EmptyFlash]
    [EmptyTemp]
    [ResetHosts]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
Please include the following in your next post:
  • OTL Fix log
  • TDSSKiller log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 gtredx69

gtredx69
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ireland
  • Local time:07:50 PM

Posted 18 February 2012 - 12:56 PM

I think OTL is freezing, I pasted the code into the box and clicked run fix. The 1st time nothing happened for an hour. I restarted the laptop and ran it again and this time the explorer shutdown but nothing has happend for the last 40 mins. Any ideas??

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 PM

Posted 18 February 2012 - 01:34 PM

Try it running in the Safe Mode, please.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 gtredx69

gtredx69
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ireland
  • Local time:07:50 PM

Posted 18 February 2012 - 02:12 PM

OTL ran ok in Safe mode. After it rebooted the laptop, I get a message 'Data Execution Prevention - Internet Explorer'
Anyways OTL ran and TDSSKiller foud nothing. Still getting Malbyes blocking access to websites.

OTL

All processes killed
========== OTL ==========
Service mbackmonitor stopped successfully!
Service mbackmonitor deleted successfully!
C:\WINDOWS\system32\rrspy.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{1F280D77-03CD-497A-9B7E-B15CF0920539} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F280D77-03CD-497A-9B7E-B15CF0920539}\ not found.
C:\Documents and Settings\Ann\Application Data\Aslu\hyku.exe moved successfully.
mbackmonitor removed from NetSvcs value successfully!
File C:\WINDOWS\system32\rrspy.dll not found.
C:\WINDOWS\system32\e2nV5.com moved successfully.
C:\Documents and Settings\All Users\Application Data\K3605EFG.dat moved successfully.
========== FILES ==========
File\Folder c:\documents and settings\Administrator\Start Menu\Programs\Startup\igmu.exe [2012-2-18 159744] not found.
File\Folder c:\documents and settings\Default User\Start Menu\Programs\Startup\deet.exe [2012-2-18 159744] not found.
c:\windows\Tasks\At1.job moved successfully.
c:\windows\Tasks\At11.job moved successfully.
c:\windows\Tasks\At13.job moved successfully.
c:\windows\Tasks\At15.job moved successfully.
c:\windows\Tasks\At17.job moved successfully.
c:\windows\Tasks\At19.job moved successfully.
c:\windows\Tasks\At21.job moved successfully.
c:\windows\Tasks\At23.job moved successfully.
c:\windows\Tasks\At25.job moved successfully.
c:\windows\Tasks\At27.job moved successfully.
c:\windows\Tasks\At29.job moved successfully.
c:\windows\Tasks\At3.job moved successfully.
c:\windows\Tasks\At31.job moved successfully.
c:\windows\Tasks\At33.job moved successfully.
c:\windows\Tasks\At35.job moved successfully.
c:\windows\Tasks\At37.job moved successfully.
c:\windows\Tasks\At39.job moved successfully.
c:\windows\Tasks\At41.job moved successfully.
c:\windows\Tasks\At43.job moved successfully.
c:\windows\Tasks\At45.job moved successfully.
c:\windows\Tasks\At47.job moved successfully.
c:\windows\Tasks\At5.job moved successfully.
c:\windows\Tasks\At7.job moved successfully.
c:\windows\Tasks\At9.job moved successfully.
c:\documents and settings\Ann\Application Data\Izpy folder moved successfully.
c:\documents and settings\Ann\Application Data\Aslu folder moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 321 bytes

User: All Users

User: Ann
->Flash cache emptied: 781 bytes

User: Default User
->Flash cache emptied: 321 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 2639 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Ann
->Temp folder emptied: 26315 bytes
->Temporary Internet Files folder emptied: 1901643 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 787997865 bytes
->Google Chrome cache emptied: 401301417 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 69142 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 219163474 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,345.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.32.0 log created on 02182012_184436

Files\Folders moved on Reboot...
C:\WINDOWS\temp\~DF143F.tmp moved successfully.
C:\WINDOWS\temp\~DF1625.tmp moved successfully.
C:\WINDOWS\temp\~DF1746.tmp moved successfully.
C:\WINDOWS\temp\~DF17ED.tmp moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VMBCG1SR\nexac[1].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VMBCG1SR\search[3].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VMBCG1SR\signup[1].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VMBCG1SR\vibrantfinancial_com[1].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9LPQ0FX\CheckConnection[1].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9LPQ0FX\search[1].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9LPQ0FX\search[2].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9LPQ0FX\search[3].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9LPQ0FX\search[4].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9LPQ0FX\search[5].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9LPQ0FX\static[2].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\30LJX2MR\cs[1].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\30LJX2MR\index[1].html moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\30LJX2MR\search[1].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\06QB3HJQ\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\06QB3HJQ\dest2[1].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\06QB3HJQ\PIE[1].htc moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\06QB3HJQ\search[1].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\06QB3HJQ\search[2].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\06QB3HJQ\search[3].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\06QB3HJQ\search[4].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\06QB3HJQ\search[5].htm moved successfully.

Registry entries deleted on Reboot...



TDSSKiller

All processes killed
========== OTL ==========
Service mbackmonitor stopped successfully!
Service mbackmonitor deleted successfully!
C:\WINDOWS\system32\rrspy.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{1F280D77-03CD-497A-9B7E-B15CF0920539} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F280D77-03CD-497A-9B7E-B15CF0920539}\ not found.
C:\Documents and Settings\Ann\Application Data\Aslu\hyku.exe moved successfully.
mbackmonitor removed from NetSvcs value successfully!
File C:\WINDOWS\system32\rrspy.dll not found.
C:\WINDOWS\system32\e2nV5.com moved successfully.
C:\Documents and Settings\All Users\Application Data\K3605EFG.dat moved successfully.
========== FILES ==========
File\Folder c:\documents and settings\Administrator\Start Menu\Programs\Startup\igmu.exe [2012-2-18 159744] not found.
File\Folder c:\documents and settings\Default User\Start Menu\Programs\Startup\deet.exe [2012-2-18 159744] not found.
c:\windows\Tasks\At1.job moved successfully.
c:\windows\Tasks\At11.job moved successfully.
c:\windows\Tasks\At13.job moved successfully.
c:\windows\Tasks\At15.job moved successfully.
c:\windows\Tasks\At17.job moved successfully.
c:\windows\Tasks\At19.job moved successfully.
c:\windows\Tasks\At21.job moved successfully.
c:\windows\Tasks\At23.job moved successfully.
c:\windows\Tasks\At25.job moved successfully.
c:\windows\Tasks\At27.job moved successfully.
c:\windows\Tasks\At29.job moved successfully.
c:\windows\Tasks\At3.job moved successfully.
c:\windows\Tasks\At31.job moved successfully.
c:\windows\Tasks\At33.job moved successfully.
c:\windows\Tasks\At35.job moved successfully.
c:\windows\Tasks\At37.job moved successfully.
c:\windows\Tasks\At39.job moved successfully.
c:\windows\Tasks\At41.job moved successfully.
c:\windows\Tasks\At43.job moved successfully.
c:\windows\Tasks\At45.job moved successfully.
c:\windows\Tasks\At47.job moved successfully.
c:\windows\Tasks\At5.job moved successfully.
c:\windows\Tasks\At7.job moved successfully.
c:\windows\Tasks\At9.job moved successfully.
c:\documents and settings\Ann\Application Data\Izpy folder moved successfully.
c:\documents and settings\Ann\Application Data\Aslu folder moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 321 bytes

User: All Users

User: Ann
->Flash cache emptied: 781 bytes

User: Default User
->Flash cache emptied: 321 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 2639 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Ann
->Temp folder emptied: 26315 bytes
->Temporary Internet Files folder emptied: 1901643 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 787997865 bytes
->Google Chrome cache emptied: 401301417 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 69142 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 219163474 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,345.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.32.0 log created on 02182012_184436

Files\Folders moved on Reboot...
C:\WINDOWS\temp\~DF143F.tmp moved successfully.
C:\WINDOWS\temp\~DF1625.tmp moved successfully.
C:\WINDOWS\temp\~DF1746.tmp moved successfully.
C:\WINDOWS\temp\~DF17ED.tmp moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VMBCG1SR\nexac[1].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VMBCG1SR\search[3].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VMBCG1SR\signup[1].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VMBCG1SR\vibrantfinancial_com[1].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9LPQ0FX\CheckConnection[1].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9LPQ0FX\search[1].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9LPQ0FX\search[2].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9LPQ0FX\search[3].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9LPQ0FX\search[4].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9LPQ0FX\search[5].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\H9LPQ0FX\static[2].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\30LJX2MR\cs[1].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\30LJX2MR\index[1].html moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\30LJX2MR\search[1].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\06QB3HJQ\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\06QB3HJQ\dest2[1].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\06QB3HJQ\PIE[1].htc moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\06QB3HJQ\search[1].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\06QB3HJQ\search[2].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\06QB3HJQ\search[3].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\06QB3HJQ\search[4].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\06QB3HJQ\search[5].htm moved successfully.

Registry entries deleted on Reboot...

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 PM

Posted 18 February 2012 - 05:11 PM

I'd still like to see the TDSSKiller log - you will find it if you navigate to c:\ It will look something like this: TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 gtredx69

gtredx69
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ireland
  • Local time:07:50 PM

Posted 18 February 2012 - 08:20 PM

Sorry i must havedoule pasted the OTL
here is the TDSSKiller log

19:01:26.0796 3488 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
19:01:28.0109 3488 ============================================================
19:01:28.0109 3488 Current date / time: 2012/02/18 19:01:28.0109
19:01:28.0109 3488 SystemInfo:
19:01:28.0109 3488
19:01:28.0109 3488 OS Version: 5.1.2600 ServicePack: 3.0
19:01:28.0109 3488 Product type: Workstation
19:01:28.0109 3488 ComputerName: DG5S06K1
19:01:28.0109 3488 UserName: Ann
19:01:28.0109 3488 Windows directory: C:\WINDOWS
19:01:28.0109 3488 System windows directory: C:\WINDOWS
19:01:28.0109 3488 Processor architecture: Intel x86
19:01:28.0109 3488 Number of processors: 2
19:01:28.0109 3488 Page size: 0x1000
19:01:28.0109 3488 Boot type: Normal boot
19:01:28.0109 3488 ============================================================
19:01:28.0531 3488 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:01:28.0531 3488 Drive \Device\Harddisk1\DR3 - Size: 0x3BC00000 (0.93 Gb), SectorSize: 0x200, Cylinders: 0x79, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:01:28.0531 3488 \Device\Harddisk0\DR0:
19:01:28.0531 3488 MBR used
19:01:28.0531 3488 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D1B1170
19:01:28.0531 3488 \Device\Harddisk1\DR3:
19:01:28.0531 3488 MBR used
19:01:28.0531 3488 \Device\Harddisk1\DR3\Partition0: MBR, Type 0x7, StartLBA 0x60, BlocksNum 0x1DDFA0
19:01:28.0578 3488 Initialize success
19:01:28.0578 3488 ============================================================
19:02:24.0484 2396 ============================================================
19:02:24.0484 2396 Scan started
19:02:24.0484 2396 Mode: Manual; TDLFS;
19:02:24.0484 2396 ============================================================
19:02:24.0718 2396 Abiosdsk - ok
19:02:24.0765 2396 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:02:24.0765 2396 abp480n5 - ok
19:02:24.0781 2396 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:02:24.0796 2396 ACPI - ok
19:02:24.0796 2396 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:02:24.0796 2396 ACPIEC - ok
19:02:24.0828 2396 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:02:24.0828 2396 adpu160m - ok
19:02:24.0859 2396 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:02:24.0859 2396 aec - ok
19:02:24.0859 2396 AESTAud (f21d5e93a94514be9f5b6ebf74a696b2) C:\WINDOWS\system32\drivers\AESTAud.sys
19:02:24.0859 2396 AESTAud - ok
19:02:24.0906 2396 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:02:24.0906 2396 AFD - ok
19:02:24.0906 2396 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:02:24.0906 2396 agp440 - ok
19:02:24.0921 2396 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:02:24.0921 2396 agpCPQ - ok
19:02:24.0937 2396 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:02:24.0937 2396 Aha154x - ok
19:02:24.0953 2396 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:02:24.0953 2396 aic78u2 - ok
19:02:25.0000 2396 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:02:25.0000 2396 aic78xx - ok
19:02:25.0015 2396 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
19:02:25.0015 2396 AliIde - ok
19:02:25.0015 2396 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:02:25.0031 2396 alim1541 - ok
19:02:25.0031 2396 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:02:25.0031 2396 amdagp - ok
19:02:25.0046 2396 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
19:02:25.0046 2396 amsint - ok
19:02:25.0093 2396 ApfiltrService (fb7c669774ffcacd77b5969ee5d9a19b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
19:02:25.0093 2396 ApfiltrService - ok
19:02:25.0125 2396 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:02:25.0125 2396 Arp1394 - ok
19:02:25.0125 2396 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
19:02:25.0125 2396 asc - ok
19:02:25.0140 2396 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:02:25.0140 2396 asc3350p - ok
19:02:25.0156 2396 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:02:25.0156 2396 asc3550 - ok
19:02:25.0171 2396 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:02:25.0171 2396 AsyncMac - ok
19:02:25.0187 2396 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:02:25.0187 2396 atapi - ok
19:02:25.0187 2396 Atdisk - ok
19:02:25.0203 2396 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:02:25.0203 2396 Atmarpc - ok
19:02:25.0218 2396 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:02:25.0218 2396 audstub - ok
19:02:25.0234 2396 BANTExt - ok
19:02:25.0328 2396 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
19:02:25.0343 2396 BCM43XX - ok
19:02:25.0390 2396 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:02:25.0390 2396 Beep - ok
19:02:25.0390 2396 catchme - ok
19:02:25.0406 2396 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:02:25.0406 2396 cbidf - ok
19:02:25.0421 2396 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:02:25.0421 2396 cbidf2k - ok
19:02:25.0437 2396 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:02:25.0437 2396 cd20xrnt - ok
19:02:25.0437 2396 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:02:25.0437 2396 Cdaudio - ok
19:02:25.0453 2396 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:02:25.0453 2396 Cdfs - ok
19:02:25.0468 2396 Cdrom (968d5de95d8ea771b5f12eb553e1fdbc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:02:25.0468 2396 Cdrom - ok
19:02:25.0484 2396 Changer - ok
19:02:25.0500 2396 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:02:25.0500 2396 CmBatt - ok
19:02:25.0515 2396 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:02:25.0515 2396 CmdIde - ok
19:02:25.0515 2396 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:02:25.0515 2396 Compbatt - ok
19:02:25.0531 2396 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:02:25.0531 2396 Cpqarray - ok
19:02:25.0640 2396 cpuz130 - ok
19:02:25.0656 2396 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:02:25.0671 2396 dac2w2k - ok
19:02:25.0671 2396 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:02:25.0671 2396 dac960nt - ok
19:02:25.0687 2396 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:02:25.0687 2396 Disk - ok
19:02:25.0718 2396 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
19:02:25.0718 2396 DLABMFSM - ok
19:02:25.0734 2396 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
19:02:25.0734 2396 DLABOIOM - ok
19:02:25.0750 2396 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
19:02:25.0750 2396 DLACDBHM - ok
19:02:25.0750 2396 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
19:02:25.0750 2396 DLADResM - ok
19:02:25.0765 2396 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
19:02:25.0765 2396 DLAIFS_M - ok
19:02:25.0781 2396 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
19:02:25.0781 2396 DLAOPIOM - ok
19:02:25.0781 2396 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
19:02:25.0781 2396 DLAPoolM - ok
19:02:25.0796 2396 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
19:02:25.0796 2396 DLARTL_M - ok
19:02:25.0812 2396 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
19:02:25.0812 2396 DLAUDFAM - ok
19:02:25.0812 2396 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
19:02:25.0812 2396 DLAUDF_M - ok
19:02:25.0859 2396 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:02:25.0906 2396 dmboot - ok
19:02:25.0921 2396 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:02:25.0921 2396 dmio - ok
19:02:25.0937 2396 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:02:25.0937 2396 dmload - ok
19:02:25.0968 2396 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:02:25.0968 2396 DMusic - ok
19:02:25.0984 2396 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:02:26.0000 2396 dpti2o - ok
19:02:26.0000 2396 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:02:26.0000 2396 drmkaud - ok
19:02:26.0015 2396 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
19:02:26.0015 2396 DRVMCDB - ok
19:02:26.0031 2396 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
19:02:26.0031 2396 DRVNDDM - ok
19:02:26.0046 2396 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
19:02:26.0046 2396 ENTECH - ok
19:02:26.0062 2396 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:02:26.0078 2396 Fastfat - ok
19:02:26.0109 2396 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
19:02:26.0109 2396 Fdc - ok
19:02:26.0109 2396 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:02:26.0109 2396 Fips - ok
19:02:26.0125 2396 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:02:26.0125 2396 Flpydisk - ok
19:02:26.0156 2396 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:02:26.0156 2396 FltMgr - ok
19:02:26.0156 2396 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:02:26.0156 2396 Fs_Rec - ok
19:02:26.0171 2396 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:02:26.0171 2396 Ftdisk - ok
19:02:26.0187 2396 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:02:26.0187 2396 Gpc - ok
19:02:26.0218 2396 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:02:26.0234 2396 HDAudBus - ok
19:02:26.0234 2396 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:02:26.0250 2396 hidusb - ok
19:02:26.0265 2396 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
19:02:26.0265 2396 hpn - ok
19:02:26.0281 2396 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:02:26.0296 2396 HTTP - ok
19:02:26.0296 2396 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
19:02:26.0296 2396 i2omgmt - ok
19:02:26.0312 2396 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:02:26.0312 2396 i2omp - ok
19:02:26.0343 2396 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:02:26.0343 2396 i8042prt - ok
19:02:26.0531 2396 ialm (66a685b05066683621920bc14a45cfe8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:02:26.0687 2396 ialm - ok
19:02:26.0703 2396 iaStor (baabb0301949774a66b955c65319635a) C:\WINDOWS\system32\drivers\iaStor.sys
19:02:26.0703 2396 iaStor - ok
19:02:26.0718 2396 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:02:26.0734 2396 Imapi - ok
19:02:26.0734 2396 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:02:26.0734 2396 ini910u - ok
19:02:26.0750 2396 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:02:26.0750 2396 IntelIde - ok
19:02:26.0765 2396 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:02:26.0765 2396 intelppm - ok
19:02:26.0765 2396 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:02:26.0781 2396 Ip6Fw - ok
19:02:26.0781 2396 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:02:26.0781 2396 IpFilterDriver - ok
19:02:26.0796 2396 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:02:26.0796 2396 IpInIp - ok
19:02:26.0812 2396 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:02:26.0812 2396 IpNat - ok
19:02:26.0828 2396 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:02:26.0828 2396 IPSec - ok
19:02:26.0828 2396 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:02:26.0828 2396 IRENUM - ok
19:02:26.0843 2396 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:02:26.0843 2396 isapnp - ok
19:02:26.0859 2396 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:02:26.0859 2396 Kbdclass - ok
19:02:26.0859 2396 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:02:26.0859 2396 kbdhid - ok
19:02:26.0890 2396 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:02:26.0906 2396 kmixer - ok
19:02:26.0937 2396 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:02:26.0937 2396 KSecDD - ok
19:02:26.0937 2396 lbrtfdc - ok
19:02:26.0984 2396 massfilter (09721f2c56681a83c93ecdfab8b102a9) C:\WINDOWS\system32\drivers\massfilter.sys
19:02:26.0984 2396 massfilter - ok
19:02:27.0031 2396 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
19:02:27.0031 2396 MBAMProtector - ok
19:02:27.0093 2396 mdvrmng (4e10e84320a8ec1c12bd0d00973b22ab) C:\WINDOWS\system32\drivers\mdvrmng.sys
19:02:27.0093 2396 mdvrmng - ok
19:02:27.0109 2396 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:02:27.0109 2396 mnmdd - ok
19:02:27.0125 2396 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:02:27.0125 2396 Modem - ok
19:02:27.0140 2396 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:02:27.0140 2396 Mouclass - ok
19:02:27.0140 2396 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:02:27.0140 2396 mouhid - ok
19:02:27.0156 2396 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:02:27.0156 2396 MountMgr - ok
19:02:27.0171 2396 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:02:27.0171 2396 mraid35x - ok
19:02:27.0171 2396 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:02:27.0187 2396 MRxDAV - ok
19:02:27.0234 2396 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:02:27.0250 2396 MRxSmb - ok
19:02:27.0265 2396 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:02:27.0265 2396 Msfs - ok
19:02:27.0281 2396 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:02:27.0281 2396 MSKSSRV - ok
19:02:27.0296 2396 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:02:27.0296 2396 MSPCLOCK - ok
19:02:27.0312 2396 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:02:27.0312 2396 MSPQM - ok
19:02:27.0343 2396 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:02:27.0343 2396 mssmbios - ok
19:02:27.0375 2396 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:02:27.0375 2396 Mup - ok
19:02:27.0390 2396 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:02:27.0390 2396 NDIS - ok
19:02:27.0406 2396 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:02:27.0406 2396 NdisTapi - ok
19:02:27.0421 2396 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:02:27.0421 2396 Ndisuio - ok
19:02:27.0421 2396 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:02:27.0421 2396 NdisWan - ok
19:02:27.0453 2396 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:02:27.0453 2396 NDProxy - ok
19:02:27.0453 2396 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:02:27.0453 2396 NetBIOS - ok
19:02:27.0484 2396 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:02:27.0500 2396 NetBT - ok
19:02:27.0515 2396 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:02:27.0515 2396 NIC1394 - ok
19:02:27.0531 2396 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:02:27.0531 2396 Npfs - ok
19:02:27.0578 2396 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:02:27.0593 2396 Ntfs - ok
19:02:27.0609 2396 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:02:27.0609 2396 Null - ok
19:02:27.0625 2396 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:02:27.0625 2396 NwlnkFlt - ok
19:02:27.0625 2396 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:02:27.0625 2396 NwlnkFwd - ok
19:02:27.0687 2396 O2MDGRDR (1cd60d5fb54ab1a1fdf6fb8e0abb20b8) C:\WINDOWS\system32\DRIVERS\o2mdg.sys
19:02:27.0687 2396 O2MDGRDR - ok
19:02:27.0734 2396 O2SDGRDR (5890635f36eebbf3dc00d5b07269d4e1) C:\WINDOWS\system32\DRIVERS\o2sdg.sys
19:02:27.0734 2396 O2SDGRDR - ok
19:02:27.0765 2396 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:02:27.0765 2396 ohci1394 - ok
19:02:27.0796 2396 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
19:02:27.0796 2396 Parport - ok
19:02:27.0812 2396 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:02:27.0812 2396 PartMgr - ok
19:02:27.0828 2396 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:02:27.0828 2396 ParVdm - ok
19:02:27.0828 2396 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:02:27.0828 2396 PCI - ok
19:02:27.0843 2396 PCIDump - ok
19:02:27.0859 2396 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:02:27.0859 2396 PCIIde - ok
19:02:27.0859 2396 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:02:27.0875 2396 Pcmcia - ok
19:02:27.0875 2396 PDCOMP - ok
19:02:27.0890 2396 PDFRAME - ok
19:02:27.0890 2396 PDRELI - ok
19:02:27.0906 2396 PDRFRAME - ok
19:02:27.0906 2396 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
19:02:27.0906 2396 perc2 - ok
19:02:27.0921 2396 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:02:27.0921 2396 perc2hib - ok
19:02:27.0984 2396 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:02:27.0984 2396 PptpMiniport - ok
19:02:28.0000 2396 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:02:28.0000 2396 PSched - ok
19:02:28.0000 2396 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:02:28.0000 2396 Ptilink - ok
19:02:28.0031 2396 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:02:28.0031 2396 PxHelp20 - ok
19:02:28.0031 2396 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:02:28.0031 2396 ql1080 - ok
19:02:28.0062 2396 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:02:28.0062 2396 Ql10wnt - ok
19:02:28.0078 2396 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:02:28.0078 2396 ql12160 - ok
19:02:28.0109 2396 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:02:28.0109 2396 ql1240 - ok
19:02:28.0125 2396 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:02:28.0125 2396 ql1280 - ok
19:02:28.0140 2396 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:02:28.0140 2396 RasAcd - ok
19:02:28.0156 2396 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:02:28.0156 2396 Rasl2tp - ok
19:02:28.0171 2396 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:02:28.0171 2396 RasPppoe - ok
19:02:28.0171 2396 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:02:28.0171 2396 Raspti - ok
19:02:28.0187 2396 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:02:28.0187 2396 Rdbss - ok
19:02:28.0203 2396 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:02:28.0203 2396 RDPCDD - ok
19:02:28.0218 2396 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:02:28.0218 2396 rdpdr - ok
19:02:28.0250 2396 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:02:28.0250 2396 RDPWD - ok
19:02:28.0281 2396 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:02:28.0281 2396 redbook - ok
19:02:28.0343 2396 RTLE8023xp (6e7470477d08f6e47e91016d6a1c5a5f) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:02:28.0359 2396 RTLE8023xp - ok
19:02:28.0359 2396 SCDEmu - ok
19:02:28.0375 2396 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
19:02:28.0375 2396 sdbus - ok
19:02:28.0390 2396 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:02:28.0390 2396 Secdrv - ok
19:02:28.0421 2396 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
19:02:28.0421 2396 Serial - ok
19:02:28.0437 2396 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:02:28.0437 2396 Sfloppy - ok
19:02:28.0453 2396 Simbad - ok
19:02:28.0468 2396 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:02:28.0468 2396 sisagp - ok
19:02:28.0484 2396 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:02:28.0484 2396 Sparrow - ok
19:02:28.0515 2396 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:02:28.0515 2396 splitter - ok
19:02:28.0531 2396 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:02:28.0531 2396 sr - ok
19:02:28.0546 2396 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:02:28.0546 2396 Srv - ok
19:02:28.0562 2396 STHDA - ok
19:02:28.0593 2396 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:02:28.0593 2396 swenum - ok
19:02:28.0625 2396 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:02:28.0625 2396 swmidi - ok
19:02:28.0625 2396 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
19:02:28.0625 2396 symc810 - ok
19:02:28.0640 2396 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:02:28.0640 2396 symc8xx - ok
19:02:28.0656 2396 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:02:28.0656 2396 sym_hi - ok
19:02:28.0656 2396 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:02:28.0671 2396 sym_u3 - ok
19:02:28.0671 2396 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:02:28.0671 2396 sysaudio - ok
19:02:28.0718 2396 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:02:28.0718 2396 Tcpip - ok
19:02:28.0734 2396 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:02:28.0734 2396 TDPIPE - ok
19:02:28.0750 2396 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:02:28.0750 2396 TDTCP - ok
19:02:28.0750 2396 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:02:28.0750 2396 TermDD - ok
19:02:28.0765 2396 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
19:02:28.0765 2396 TosIde - ok
19:02:28.0781 2396 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:02:28.0781 2396 Udfs - ok
19:02:28.0796 2396 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
19:02:28.0812 2396 ultra - ok
19:02:28.0828 2396 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:02:28.0843 2396 Update - ok
19:02:28.0859 2396 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:02:28.0859 2396 usbccgp - ok
19:02:28.0875 2396 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:02:28.0875 2396 usbehci - ok
19:02:28.0890 2396 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:02:28.0890 2396 usbhub - ok
19:02:28.0906 2396 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:02:28.0906 2396 USBSTOR - ok
19:02:28.0937 2396 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:02:28.0937 2396 usbuhci - ok
19:02:28.0953 2396 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:02:28.0953 2396 VgaSave - ok
19:02:28.0968 2396 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:02:28.0968 2396 viaagp - ok
19:02:28.0968 2396 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:02:28.0968 2396 ViaIde - ok
19:02:28.0984 2396 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:02:28.0984 2396 VolSnap - ok
19:02:29.0015 2396 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:02:29.0015 2396 Wanarp - ok
19:02:29.0078 2396 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:02:29.0078 2396 Wdf01000 - ok
19:02:29.0093 2396 WDICA - ok
19:02:29.0093 2396 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:02:29.0093 2396 wdmaud - ok
19:02:29.0140 2396 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:02:29.0140 2396 WS2IFSL - ok
19:02:29.0171 2396 ZTEusbmdm6k (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
19:02:29.0171 2396 ZTEusbmdm6k - ok
19:02:29.0203 2396 ZTEusbnmea (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
19:02:29.0203 2396 ZTEusbnmea - ok
19:02:29.0218 2396 ZTEusbser6k (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
19:02:29.0218 2396 ZTEusbser6k - ok
19:02:29.0250 2396 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
19:02:29.0421 2396 \Device\Harddisk0\DR0 - ok
19:02:29.0421 2396 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
19:02:32.0171 2396 \Device\Harddisk1\DR3 - ok
19:02:32.0171 2396 Boot (0x1200) (71a4e85063d825742bb189a54ef1606d) \Device\Harddisk0\DR0\Partition0
19:02:32.0171 2396 \Device\Harddisk0\DR0\Partition0 - ok
19:02:32.0187 2396 Boot (0x1200) (6a15707f1d15430f4c2dc8f76ecf5d8a) \Device\Harddisk1\DR3\Partition0
19:02:32.0187 2396 \Device\Harddisk1\DR3\Partition0 - ok
19:02:32.0187 2396 ============================================================
19:02:32.0187 2396 Scan finished
19:02:32.0187 2396 ============================================================
19:02:32.0187 3360 Detected object count: 0
19:02:32.0187 3360 Actual detected object count: 0
19:05:22.0812 0916 Deinitialize success

#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 PM

Posted 19 February 2012 - 12:14 AM

Thanks! Do you have a Windows XP Service Pack 3 installation disk? We need to replace some infected system files and you don't have any copies in your system.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 gtredx69

gtredx69
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ireland
  • Local time:07:50 PM

Posted 19 February 2012 - 09:33 AM

Hi RPM,

I have XP Service pack 2, is that any good




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users