Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Security and Combofix internet issue


  • This topic is locked This topic is locked
40 replies to this topic

#1 herec0m3strouble

herec0m3strouble

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 29 February 2012 - 01:57 PM

after doing some research on how to fix wormblaster and the trojan backdoors being recognized by avg, I found a way to uninstall avg and use combofix to rid my computer of internet security (the fake protection tool) now the internet will now work on my computer. but at the same time, i was also having problems with google auto redirecting my searches or clicks and popups coming up with different offers(this would happen very often). What i was told on here to do was run DDS and GMER which is why I have created this new topic. Please Help! :( (remember, the internet on my computer isnt working after running combo fix)

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Marc at 13:35:29 on 2012-02-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3454.3155 [GMT 2:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [syst32] "c:\documents and settings\marc\desktop\Log.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [ctfmon.exe] ctfmon.exe
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoInstrumentation = 1 (0x1)
dPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
dPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
IE: Download with x-ipod-magic-platinum - c:\program files\xilisoft\ipod magic platinum\upod_link.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{57284A03-6854-4A42-B83C-592C17CE7AF3} : DhcpNameServer = 192.168.0.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: schannel.dll, credssp.dll, digest.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\marc\application data\mozilla\firefox\profiles\dksm9748.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=102868&gct=hp
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 53677
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\marc\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.enabled - 1
.
============= SERVICES / DRIVERS ===============
.
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2011-9-29 21632]
S0 lxtyxb;lxtyxb;c:\windows\system32\drivers\atrqs.sys --> c:\windows\system32\drivers\atrqs.sys [?]
S2 avg7rsw;SABProcEnum;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-2-16 136176]
S2 mcupdmgr.exe;Enethusb;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 mksupdateint;Acdpowerservice;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 naveng;Padfsvr;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 NecUsb;USB Service;c:\windows\system32\svchost.exe -k NecUsbSevice [2008-4-14 14336]
S2 TeamViewer;Pdlnshay;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-2-16 136176]
.
=============== Created Last 30 ================
.
2012-02-29 11:35:14 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-29 10:21:59 -------- d-s---w- C:\ComboFix
2012-02-29 00:10:55 -------- d-----w- c:\windows\system32\xircom
2012-02-29 00:10:55 -------- d-----w- c:\windows\system32\wbem\snmp
2012-02-29 00:10:55 -------- d-----w- c:\windows\srchasst
2012-02-28 22:52:18 -------- d-sha-r- C:\cmdcons
2012-02-28 22:04:06 -------- d-----w- c:\program files\ESET
2012-02-05 06:56:29 -------- d-----w- c:\program files\Xilisoft
2012-02-05 05:18:18 -------- d-----w- c:\documents and settings\marc\application data\Xilisoft
2012-02-04 19:23:27 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
==================== Find3M ====================
.
2011-12-21 23:59:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-10 13:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 13:35:49.46 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:05 AM

Posted 01 March 2012 - 07:28 PM

Hello herec0m3strouble and welcome to BC.

You should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.


==============================


:step1: Please post the resulting log of Combofix when you run it, it is located at C:\Combofix.txt.



:step2: Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" is Cure (Please click on it and change it to skip).
  • Click on Report to generate a log.
  • Please post that log when you reply.



:step3: Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
Note: Do not install Avast anti virus when offered.



:step4: Download OTL to your Desktop.
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Copy and Paste the following code into the Custom Scan/Fixes box.

    c:\windows\*. /SL
    c:\windows\*. /RP 
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav 
    %systemroot%\system32\drivers\*.sys /90
    
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them when you reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 herec0m3strouble

herec0m3strouble
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 02 March 2012 - 01:04 AM

Last run Combofix log
ComboFix 12-02-29.01 - Marc 02/29/2012 1:07.1.2 - x86
Running from: G:\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\iSecurity.exe
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Marc\Application Data\4826.A05
c:\program files\Toolbar
c:\windows\$NtUninstallKB28339$
c:\windows\$NtUninstallKB28339$\298549112\@
c:\windows\$NtUninstallKB28339$\298549112\bckfg.tmp
c:\windows\$NtUninstallKB28339$\298549112\cfg.ini
c:\windows\$NtUninstallKB28339$\298549112\Desktop.ini
c:\windows\$NtUninstallKB28339$\298549112\keywords
c:\windows\$NtUninstallKB28339$\298549112\kwrd.dll
c:\windows\$NtUninstallKB28339$\298549112\L\dlnoepbw
c:\windows\$NtUninstallKB28339$\298549112\lsflt7.ver
c:\windows\$NtUninstallKB28339$\298549112\oemid
c:\windows\$NtUninstallKB28339$\298549112\U\00000001.@
c:\windows\$NtUninstallKB28339$\298549112\U\00000002.@
c:\windows\$NtUninstallKB28339$\298549112\U\00000004.@
c:\windows\$NtUninstallKB28339$\298549112\U\80000000.@
c:\windows\$NtUninstallKB28339$\298549112\U\80000004.@
c:\windows\$NtUninstallKB28339$\298549112\U\80000032.@
c:\windows\$NtUninstallKB28339$\298549112\version
c:\windows\$NtUninstallKB28339$\396223810
c:\windows\system32\0.2803220745310344.exe
c:\windows\system32\ati2mtaa.dll
c:\windows\system32\backupexecagentaccelerator.dll
c:\windows\system32\sskbfd.dll
c:\windows\system32\wdmaud.dll
.
c:\windows\system32\drivers\tcpip.sys . . . is infected!! . . . Failed to find a valid replacement.
c:\windows\system32\drivers\ipsec.sys . . . is missing!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Service_6to4
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))))))
.
.
2012-02-29 00:11 . 2012-02-29 00:11 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-29 00:10 . 2012-02-29 00:10 -------- d-----w- c:\windows\system32\xircom
2012-02-29 00:10 . 2012-02-29 00:10 -------- d-----w- c:\windows\system32\wbem\snmp
2012-02-29 00:10 . 2012-02-29 00:10 -------- d-----w- c:\windows\srchasst
2012-02-29 00:10 . 2012-02-29 00:10 -------- d-----w- c:\program files\microsoft frontpage
2012-02-28 22:04 . 2012-02-28 22:04 -------- d-----w- c:\program files\ESET
2012-02-16 09:36 . 2012-02-16 09:37 -------- d-----w- c:\program files\Google
2012-02-05 06:56 . 2012-02-05 06:56 -------- d-----w- c:\program files\Xilisoft
2012-02-05 05:18 . 2012-02-05 06:30 -------- d-----w- c:\documents and settings\Marc\Application Data\Xilisoft
2012-02-04 19:23 . 2012-02-28 22:42 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-21 23:59 . 2008-04-14 12:00 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-10 13:24 . 2011-12-18 11:46 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-16 04:17 . 2011-07-31 09:51 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-10-13 . 474D3DCCB57DEFCD917311EEC47204B9 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\drivers\tcpip.sys
.
.
.
.
.
c:\windows\System32\spoolsv.exe ... is missing !!
c:\windows\System32\drivers\ipsec.sys ... is missing !!
c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\drivers\ipsec.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-04 14396416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784]
"nwiz"="nwiz.exe" [2005-10-10 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-10 86016]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"syst32"="c:\documents and settings\Marc\Desktop\Log.exe" [2012-01-11 180332]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-07 128512]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, credssp.dll, digest.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Marc\\My Documents\\Downloads\\Programs\\Facemoods.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/28/2011 1:35 AM 436792]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [9/29/2011 9:04 AM 21632]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/29/2012 2:11 AM 40776]
S0 lxtyxb;lxtyxb;c:\windows\system32\drivers\atrqs.sys --> c:\windows\system32\drivers\atrqs.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/16/2012 11:37 AM 136176]
S2 NecUsb;USB Service;c:\windows\System32\svchost.exe -k NecUsbSevice [4/14/2008 2:00 PM 14336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/16/2012 11:37 AM 136176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NecUsbSevice REG_MULTI_SZ NecUsb
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
ss_mdfl
zenos1
atiavpci
a8djavs
epson_pm_rpcv4_01
USBVCD
W700mgmt
wintabservice
vaiomediaplatform-musicserver-appserver
pduip6000dmemcrdmgr
msmframework
hpgate
c-dillacdac11ba
mksupdateint
se59mdm
symndis
sqlagent$pinnaclesys
rtl8139
sandboxu
houdinilicenseserver
USB11LDR
Machnm32
FETNDIS
avg7rsw
NPPTNT
VAIOMediaPlatform-MusicServer-HTTP
incdrec
dsproct
as32svc
imonnt
ssidrv
l8042pr2
db2licd
VCAM
vtserver
centennialiptransferagent
vmkbd2
vncmirror
ixiaendpoint
grmnusb
ntuneservice
soma
mbackmonitor
WcesComm
USBAAPL
PdiPorts
atksgt
dlcc_device
MagicTune
slave
TeamViewer
w200bus
cwbrxd
mcstrm
SPLITCAM
ScFBPNT3
LVRS
openldap-slapd
symtdi
hpqwmi
AmdIde
wacomvhid
spmd
msvad_simple
w300bus
amoagent
SiS7018
hsf_dpv
ati2mpaa
keriomailserver
usbscan
ATMsg
usbmate
GTF32BUS
ARCSOFTVIRTUALCAPTURE
igateway
FGDSCSI
MSCamSvc
RVIEG01
elbydelay
aksusb
stirusb
ntsyslog
lightscribeservice
o2flash
wmp54gv4svc
pca
rtl8185
Mvc25U870_VID_1262&PID_25FD
s616bus
osaio
iaimfp3
emupia
NETw3x32
mcupdmgr.exe
qbfcservice
iaimfp0
SNP2UVC
DeviceScanner
wkscfgsrv
IBMTPCHK
JiaoCap
db2jds
FVXSCSI
nimcdlbk
k56
naveng
atiavaiw
botcbs
richvideo
sagefserver
winachsx
dwusbdnt
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
napagent
hkmsvc
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-16 09:54]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-16 09:54]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-920026266-1177238915-1003Core.job
- c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-21 05:00]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-920026266-1177238915-1003UA.job
- c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-21 05:00]
.
2012-02-28 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-06-27 08:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/
IE: Download with x-ipod-magic-platinum - c:\program files\Xilisoft\iPod Magic Platinum\upod_link.HTM
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Marc\Application Data\Mozilla\Firefox\Profiles\dksm9748.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=102868&gct=hp
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 53677
FF - prefs.js: network.proxy.type - 0
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.enabled - 1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Internet Security - c:\documents and settings\All Users\Application Data\isecurity.exe
HKU-Default-Run-IDMan - c:\program files\Internet Download Manager\IDMan.exe
Notify-USB3Nw32 - USB3Nw32.dll
SafeBoot-87172491.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-29 02:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(200)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\system32\nvsvc32.exe
.
**************************************************************************
.
Completion time: 2012-02-29 02:14:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-29 00:14
.
Pre-Run: 139,342,204,928 bytes free
Post-Run: 148,839,190,528 bytes free
.
- - End Of File - - 6C01A87033D3323D23F90976B3A0E615


TDSS report

00:49:29.0156 2820 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
00:49:29.0171 2820 ============================================================
00:49:29.0171 2820 Current date / time: 2012/03/02 00:49:29.0171
00:49:29.0171 2820 SystemInfo:
00:49:29.0171 2820
00:49:29.0171 2820 OS Version: 5.1.2600 ServicePack: 3.0
00:49:29.0171 2820 Product type: Workstation
00:49:29.0171 2820 ComputerName: BIZARRE
00:49:29.0171 2820 UserName: Marc
00:49:29.0171 2820 Windows directory: C:\WINDOWS
00:49:29.0171 2820 System windows directory: C:\WINDOWS
00:49:29.0171 2820 Processor architecture: Intel x86
00:49:29.0171 2820 Number of processors: 2
00:49:29.0171 2820 Page size: 0x1000
00:49:29.0171 2820 Boot type: Normal boot
00:49:29.0171 2820 ============================================================
00:49:30.0421 2820 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:49:30.0421 2820 Drive \Device\Harddisk1\DR10 - Size: 0x75400000 (1.83 Gb), SectorSize: 0x200, Cylinders: 0xEF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:49:30.0437 2820 \Device\Harddisk0\DR0:
00:49:30.0437 2820 MBR used
00:49:30.0437 2820 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
00:49:30.0437 2820 \Device\Harddisk1\DR10:
00:49:30.0437 2820 MBR used
00:49:30.0437 2820 \Device\Harddisk1\DR10\Partition0: MBR, Type 0x6, StartLBA 0x200B, BlocksNum 0x3A7FF5
00:49:30.0484 2820 Initialize success
00:49:30.0484 2820 ============================================================
00:49:33.0921 1572 ============================================================
00:49:33.0921 1572 Scan started
00:49:33.0921 1572 Mode: Manual;
00:49:33.0921 1572 ============================================================
00:49:34.0531 1572 Abiosdsk - ok
00:49:34.0546 1572 abp480n5 - ok
00:49:34.0578 1572 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:49:34.0578 1572 ACPI - ok
00:49:34.0609 1572 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:49:34.0609 1572 ACPIEC - ok
00:49:34.0609 1572 adpu160m - ok
00:49:34.0640 1572 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:49:34.0640 1572 aec - ok
00:49:34.0656 1572 AFD (38d7b715504da4741df35e3594fe2099) C:\WINDOWS\System32\drivers\afd.sys
00:49:34.0671 1572 AFD - ok
00:49:34.0671 1572 Aha154x - ok
00:49:34.0687 1572 aic78u2 - ok
00:49:34.0687 1572 aic78xx - ok
00:49:34.0703 1572 AliIde - ok
00:49:34.0718 1572 amsint - ok
00:49:34.0734 1572 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:49:34.0734 1572 Arp1394 - ok
00:49:34.0734 1572 asc - ok
00:49:34.0750 1572 asc3350p - ok
00:49:34.0750 1572 asc3550 - ok
00:49:34.0781 1572 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
00:49:34.0781 1572 Aspi32 - ok
00:49:34.0796 1572 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:49:34.0796 1572 AsyncMac - ok
00:49:34.0828 1572 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:49:34.0828 1572 atapi - ok
00:49:34.0828 1572 Atdisk - ok
00:49:34.0859 1572 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:49:34.0859 1572 Atmarpc - ok
00:49:34.0890 1572 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:49:34.0890 1572 audstub - ok
00:49:34.0921 1572 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
00:49:34.0921 1572 b57w2k - ok
00:49:34.0937 1572 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:49:34.0937 1572 Beep - ok
00:49:34.0968 1572 catchme - ok
00:49:35.0000 1572 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:49:35.0000 1572 cbidf2k - ok
00:49:35.0000 1572 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:49:35.0000 1572 CCDECODE - ok
00:49:35.0015 1572 cd20xrnt - ok
00:49:35.0015 1572 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:49:35.0015 1572 Cdaudio - ok
00:49:35.0046 1572 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:49:35.0046 1572 Cdfs - ok
00:49:35.0156 1572 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:49:35.0156 1572 Cdrom - ok
00:49:35.0265 1572 Changer - ok
00:49:35.0328 1572 CmdIde - ok
00:49:35.0343 1572 Cpqarray - ok
00:49:35.0359 1572 dac2w2k - ok
00:49:35.0359 1572 dac960nt - ok
00:49:35.0421 1572 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
00:49:35.0421 1572 Disk - ok
00:49:35.0453 1572 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:49:35.0468 1572 dmboot - ok
00:49:35.0484 1572 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:49:35.0484 1572 dmio - ok
00:49:35.0500 1572 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:49:35.0500 1572 dmload - ok
00:49:35.0531 1572 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:49:35.0531 1572 DMusic - ok
00:49:35.0531 1572 dpti2o - ok
00:49:35.0562 1572 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:49:35.0562 1572 drmkaud - ok
00:49:35.0593 1572 exFat (4d893323dae445e34a4c9038b0551bc9) C:\WINDOWS\system32\drivers\exFat.sys
00:49:35.0593 1572 exFat - ok
00:49:35.0609 1572 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:49:35.0609 1572 Fastfat - ok
00:49:35.0625 1572 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:49:35.0625 1572 Fdc - ok
00:49:35.0640 1572 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:49:35.0640 1572 Fips - ok
00:49:35.0656 1572 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:49:35.0656 1572 Flpydisk - ok
00:49:35.0687 1572 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:49:35.0687 1572 FltMgr - ok
00:49:35.0765 1572 Fs_Rec (30d42943a54704ef13e2562911dbfcea) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:49:35.0765 1572 Fs_Rec - ok
00:49:35.0796 1572 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:49:35.0796 1572 Ftdisk - ok
00:49:35.0828 1572 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:49:35.0828 1572 Gpc - ok
00:49:35.0843 1572 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:49:35.0859 1572 HDAudBus - ok
00:49:35.0875 1572 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:49:35.0875 1572 hidusb - ok
00:49:35.0890 1572 hpn - ok
00:49:35.0906 1572 HTTP (937031c085718c1c04a9c0864625ec6b) C:\WINDOWS\system32\Drivers\HTTP.sys
00:49:35.0921 1572 HTTP - ok
00:49:35.0921 1572 i2omgmt - ok
00:49:35.0937 1572 i2omp - ok
00:49:35.0953 1572 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:49:35.0953 1572 i8042prt - ok
00:49:35.0984 1572 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:49:35.0984 1572 Imapi - ok
00:49:36.0000 1572 ini910u - ok
00:49:36.0078 1572 IntcAzAudAddService (b3ed6daa38bdffa48e453d7d6007ce1b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:49:36.0093 1572 IntcAzAudAddService - ok
00:49:36.0109 1572 IntelIde - ok
00:49:36.0125 1572 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:49:36.0125 1572 intelppm - ok
00:49:36.0125 1572 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:49:36.0125 1572 Ip6Fw - ok
00:49:36.0140 1572 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:49:36.0140 1572 IpFilterDriver - ok
00:49:36.0156 1572 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:49:36.0156 1572 IpInIp - ok
00:49:36.0171 1572 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:49:36.0171 1572 IpNat - ok
00:49:36.0171 1572 IPSec - ok
00:49:36.0187 1572 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:49:36.0187 1572 IRENUM - ok
00:49:36.0218 1572 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:49:36.0218 1572 isapnp - ok
00:49:36.0234 1572 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:49:36.0234 1572 Kbdclass - ok
00:49:36.0250 1572 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:49:36.0250 1572 kbdhid - ok
00:49:36.0265 1572 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:49:36.0265 1572 kmixer - ok
00:49:36.0281 1572 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
00:49:36.0281 1572 KSecDD - ok
00:49:36.0296 1572 lbrtfdc - ok
00:49:36.0312 1572 lxtyxb - ok
00:49:36.0328 1572 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
00:49:36.0328 1572 ManyCam - ok
00:49:36.0359 1572 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:49:36.0359 1572 mnmdd - ok
00:49:36.0390 1572 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:49:36.0390 1572 Modem - ok
00:49:36.0390 1572 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:49:36.0390 1572 Mouclass - ok
00:49:36.0421 1572 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:49:36.0421 1572 mouhid - ok
00:49:36.0421 1572 MountMgr (1a1faa5102466f418494e94ff9b0b091) C:\WINDOWS\system32\drivers\MountMgr.sys
00:49:36.0421 1572 MountMgr - ok
00:49:36.0437 1572 mraid35x - ok
00:49:36.0453 1572 MRxDAV (4fefd389d71126ee581b9f9cb2918be4) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:49:36.0453 1572 MRxDAV - ok
00:49:36.0468 1572 MRxSmb (0af15a971f120246c9eef2c46e290539) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:49:36.0468 1572 MRxSmb - ok
00:49:36.0500 1572 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:49:36.0500 1572 Msfs - ok
00:49:36.0515 1572 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:49:36.0515 1572 MSKSSRV - ok
00:49:36.0515 1572 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:49:36.0515 1572 MSPCLOCK - ok
00:49:36.0531 1572 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:49:36.0531 1572 MSPQM - ok
00:49:36.0546 1572 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:49:36.0546 1572 mssmbios - ok
00:49:36.0562 1572 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
00:49:36.0562 1572 MSTEE - ok
00:49:36.0578 1572 Mup (6546fe6639499fa4bef180bdf08266a1) C:\WINDOWS\system32\drivers\Mup.sys
00:49:36.0578 1572 Mup - ok
00:49:36.0593 1572 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:49:36.0593 1572 NABTSFEC - ok
00:49:36.0609 1572 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:49:36.0609 1572 NDIS - ok
00:49:36.0625 1572 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:49:36.0625 1572 NdisIP - ok
00:49:36.0703 1572 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:49:36.0703 1572 NdisTapi - ok
00:49:36.0734 1572 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:49:36.0734 1572 Ndisuio - ok
00:49:36.0734 1572 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:49:36.0734 1572 NdisWan - ok
00:49:36.0750 1572 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
00:49:36.0750 1572 NDProxy - ok
00:49:36.0781 1572 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:49:36.0781 1572 NetBIOS - ok
00:49:36.0781 1572 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:49:36.0781 1572 NetBT - ok
00:49:36.0812 1572 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:49:36.0812 1572 NIC1394 - ok
00:49:36.0828 1572 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:49:36.0828 1572 Npfs - ok
00:49:36.0843 1572 Ntfs (4c51d5275ae8a16999edfe7e647d00de) C:\WINDOWS\system32\drivers\Ntfs.sys
00:49:36.0859 1572 Ntfs - ok
00:49:36.0890 1572 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:49:36.0890 1572 Null - ok
00:49:36.0984 1572 nv (9e1f2f09e34c92a96b9900b6a45d5026) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:49:37.0015 1572 nv - ok
00:49:37.0015 1572 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:49:37.0031 1572 NwlnkFlt - ok
00:49:37.0031 1572 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:49:37.0031 1572 NwlnkFwd - ok
00:49:37.0062 1572 ohci1394 (2553f7c60b8d291b5a812245e6d4da6e) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:49:37.0062 1572 ohci1394 - ok
00:49:37.0093 1572 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
00:49:37.0093 1572 Parport - ok
00:49:37.0093 1572 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:49:37.0093 1572 PartMgr - ok
00:49:37.0125 1572 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:49:37.0125 1572 ParVdm - ok
00:49:37.0140 1572 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:49:37.0140 1572 PCI - ok
00:49:37.0140 1572 PCIDump - ok
00:49:37.0156 1572 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:49:37.0156 1572 PCIIde - ok
00:49:37.0171 1572 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:49:37.0171 1572 Pcmcia - ok
00:49:37.0171 1572 PDCOMP - ok
00:49:37.0187 1572 PDFRAME - ok
00:49:37.0187 1572 PDRELI - ok
00:49:37.0203 1572 PDRFRAME - ok
00:49:37.0203 1572 perc2 - ok
00:49:37.0218 1572 perc2hib - ok
00:49:37.0250 1572 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:49:37.0250 1572 PptpMiniport - ok
00:49:37.0265 1572 PSched (d8e11d311785f89f1d70a28b0e879127) C:\WINDOWS\system32\DRIVERS\psched.sys
00:49:37.0265 1572 PSched - ok
00:49:37.0281 1572 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:49:37.0281 1572 Ptilink - ok
00:49:37.0296 1572 ql1080 - ok
00:49:37.0296 1572 Ql10wnt - ok
00:49:37.0296 1572 ql12160 - ok
00:49:37.0312 1572 ql1240 - ok
00:49:37.0312 1572 ql1280 - ok
00:49:37.0328 1572 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:49:37.0328 1572 RasAcd - ok
00:49:37.0343 1572 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:49:37.0343 1572 Rasl2tp - ok
00:49:37.0359 1572 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:49:37.0359 1572 RasPppoe - ok
00:49:37.0359 1572 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:49:37.0375 1572 Raspti - ok
00:49:37.0390 1572 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:49:37.0390 1572 Rdbss - ok
00:49:37.0390 1572 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:49:37.0390 1572 RDPCDD - ok
00:49:37.0421 1572 rdpdr (47ea20320e3d6fdc7b7bb22b2b881ca6) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:49:37.0421 1572 rdpdr - ok
00:49:37.0453 1572 RDPWD (e8e3107243b16a549b88d145ec051b06) C:\WINDOWS\system32\drivers\RDPWD.sys
00:49:37.0453 1572 RDPWD - ok
00:49:37.0484 1572 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:49:37.0484 1572 redbook - ok
00:49:37.0531 1572 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:49:37.0531 1572 Secdrv - ok
00:49:37.0546 1572 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:49:37.0546 1572 serenum - ok
00:49:37.0546 1572 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
00:49:37.0546 1572 Serial - ok
00:49:37.0562 1572 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:49:37.0562 1572 Sfloppy - ok
00:49:37.0593 1572 Si3112 (f459dd5ee69d4b68cb6767c9731b5faf) C:\WINDOWS\system32\drivers\Si3112.sys
00:49:37.0593 1572 Si3112 - ok
00:49:37.0625 1572 SI3132 (9604998d0c578608151b6e59266fcae1) C:\WINDOWS\system32\DRIVERS\SI3132.sys
00:49:37.0625 1572 SI3132 - ok
00:49:37.0640 1572 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
00:49:37.0640 1572 SiFilter - ok
00:49:37.0656 1572 Simbad - ok
00:49:37.0671 1572 SiRemFil (aaab072321d75a366269a6d089f3d71e) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
00:49:37.0671 1572 SiRemFil - ok
00:49:37.0687 1572 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:49:37.0687 1572 SLIP - ok
00:49:37.0703 1572 Sparrow - ok
00:49:37.0718 1572 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:49:37.0718 1572 splitter - ok
00:49:37.0765 1572 sptd (a199171385be17973fd800fa91f8f78a) C:\WINDOWS\System32\Drivers\sptd.sys
00:49:37.0781 1572 sptd - ok
00:49:37.0812 1572 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:49:37.0812 1572 Sr - ok
00:49:37.0906 1572 Srv (70cd8b8dd2a680b128617c19eb0ab94f) C:\WINDOWS\system32\DRIVERS\srv.sys
00:49:37.0906 1572 Srv - ok
00:49:37.0968 1572 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:49:37.0968 1572 streamip - ok
00:49:37.0968 1572 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:49:37.0968 1572 swenum - ok
00:49:37.0984 1572 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:49:38.0000 1572 swmidi - ok
00:49:38.0000 1572 symc810 - ok
00:49:38.0015 1572 symc8xx - ok
00:49:38.0015 1572 sym_hi - ok
00:49:38.0031 1572 sym_u3 - ok
00:49:38.0046 1572 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:49:38.0046 1572 sysaudio - ok
00:49:38.0078 1572 Tcpip (474d3dccb57defcd917311eec47204b9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:49:38.0078 1572 Tcpip - ok
00:49:38.0093 1572 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:49:38.0093 1572 TDPIPE - ok
00:49:38.0109 1572 TDTCP (c0578456f29e5f26285f81b7b71fe57d) C:\WINDOWS\system32\drivers\TDTCP.sys
00:49:38.0109 1572 TDTCP - ok
00:49:38.0125 1572 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:49:38.0125 1572 TermDD - ok
00:49:38.0140 1572 TosIde - ok
00:49:38.0156 1572 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:49:38.0156 1572 Udfs - ok
00:49:38.0156 1572 ultra - ok
00:49:38.0203 1572 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:49:38.0203 1572 Update - ok
00:49:38.0218 1572 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:49:38.0218 1572 usbccgp - ok
00:49:38.0218 1572 usbehci (52674b5dbee499342a599c7771abecaa) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:49:38.0218 1572 usbehci - ok
00:49:38.0250 1572 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:49:38.0250 1572 usbhub - ok
00:49:38.0250 1572 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:49:38.0250 1572 usbstor - ok
00:49:38.0265 1572 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:49:38.0281 1572 usbuhci - ok
00:49:38.0281 1572 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
00:49:38.0296 1572 usbvideo - ok
00:49:38.0312 1572 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:49:38.0312 1572 VgaSave - ok
00:49:38.0312 1572 ViaIde - ok
00:49:38.0328 1572 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:49:38.0328 1572 VolSnap - ok
00:49:38.0359 1572 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:49:38.0359 1572 Wanarp - ok
00:49:38.0359 1572 WDICA - ok
00:49:38.0375 1572 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:49:38.0375 1572 wdmaud - ok
00:49:38.0437 1572 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:49:38.0437 1572 WS2IFSL - ok
00:49:38.0453 1572 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:49:38.0453 1572 WSTCODEC - ok
00:49:38.0468 1572 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:49:38.0468 1572 WudfPf - ok
00:49:38.0484 1572 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:49:38.0484 1572 WudfRd - ok
00:49:38.0515 1572 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:49:38.0640 1572 \Device\Harddisk0\DR0 - ok
00:49:38.0640 1572 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR10
00:49:38.0703 1572 \Device\Harddisk1\DR10 - ok
00:49:38.0703 1572 Boot (0x1200) (e1368974d2177f259076018e25d4c5dc) \Device\Harddisk0\DR0\Partition0
00:49:38.0703 1572 \Device\Harddisk0\DR0\Partition0 - ok
00:49:38.0703 1572 Boot (0x1200) (daa1fd9eb682cef886043a180a5ec9df) \Device\Harddisk1\DR10\Partition0
00:49:38.0703 1572 \Device\Harddisk1\DR10\Partition0 - ok
00:49:38.0703 1572 ============================================================
00:49:38.0703 1572 Scan finished
00:49:38.0703 1572 ============================================================
00:49:38.0718 2784 Detected object count: 0
00:49:38.0718 2784 Actual detected object count: 0

aswMBR report


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-02 00:50:54
-----------------------------
00:50:54.171 OS Version: Windows 5.1.2600 Service Pack 3
00:50:54.171 Number of processors: 2 586 0x602
00:50:54.171 ComputerName: BIZARRE UserName: Marc
00:50:54.937 Initialize success
00:51:13.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
00:51:13.343 Disk 0 Vendor: WDC_WD2500KS-00MJB0 02.01C03 Size: 238475MB BusType: 3
00:51:13.375 Disk 0 MBR read successfully
00:51:13.375 Disk 0 MBR scan
00:51:13.375 Disk 0 Windows XP default MBR code
00:51:13.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
00:51:13.375 Disk 0 scanning sectors +488376000
00:51:13.484 Disk 0 scanning C:\WINDOWS\system32\drivers
00:51:22.953 Service scanning
00:51:28.000 Modules scanning
00:51:48.937 Disk 0 trace - called modules:
00:51:48.953 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
00:51:48.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aed4ab8]
00:51:48.953 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000064[0x8aedae98]
00:51:48.953 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aed9d98]
00:51:48.968 Scan finished successfully
00:52:34.031 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Marc\Desktop\bleepingcomputer\curing\MBR.dat"
00:52:34.031 The log file has been saved successfully to "C:\Documents and Settings\Marc\Desktop\bleepingcomputer\curing\aswMBR.txt"


OTL Report
OTL logfile created on: 3/2/2012 12:53:53 AM - Run 1
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Documents and Settings\Marc\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.37 Gb Total Physical Memory | 3.04 Gb Available Physical Memory | 90.25% Memory free
5.22 Gb Paging File | 5.08 Gb Available in Paging File | 97.35% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 138.68 Gb Free Space | 59.55% Space Free | Partition Type: NTFS
Drive G: | 1.83 Gb Total Space | 1.81 Gb Free Space | 99.02% Space Free | Partition Type: FAT

Computer Name: BIZARRE | User Name: Marc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/02 00:45:46 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marc\Desktop\OTL.exe
PRC - [2008/07/03 13:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2010/07/04 21:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (zenos1)
SRV - File not found [Auto | Stopped] -- -- (wscsvc)
SRV - File not found [Auto | Stopped] -- -- (wmp54gv4svc)
SRV - File not found [Auto | Stopped] -- -- (wkscfgsrv)
SRV - File not found [Auto | Stopped] -- -- (wintabservice)
SRV - File not found [Auto | Stopped] -- -- (winachsx)
SRV - File not found [Auto | Stopped] -- -- (WcesComm)
SRV - File not found [Auto | Stopped] -- -- (wacomvhid)
SRV - File not found [Auto | Stopped] -- -- (W700mgmt)
SRV - File not found [Auto | Stopped] -- -- (w300bus)
SRV - File not found [Auto | Stopped] -- -- (w200bus)
SRV - File not found [Auto | Stopped] -- -- (vtserver)
SRV - File not found [Auto | Stopped] -- -- (vncmirror)
SRV - File not found [Auto | Stopped] -- -- (vmkbd2)
SRV - File not found [Auto | Stopped] -- -- (VCAM)
SRV - File not found [Auto | Stopped] -- -- (VAIOMediaPlatform-MusicServer-HTTP)
SRV - File not found [Auto | Stopped] -- -- (vaiomediaplatform-musicserver-appserver)
SRV - File not found [Auto | Stopped] -- -- (USBVCD)
SRV - File not found [Auto | Stopped] -- -- (usbscan)
SRV - File not found [Auto | Stopped] -- -- (usbmate)
SRV - File not found [Auto | Stopped] -- -- (USBAAPL)
SRV - File not found [Auto | Stopped] -- -- (USB11LDR)
SRV - File not found [Auto | Stopped] -- -- (TeamViewer)
SRV - File not found [Auto | Stopped] -- -- (symtdi)
SRV - File not found [Auto | Stopped] -- -- (symndis)
SRV - File not found [Auto | Stopped] -- -- (stirusb)
SRV - File not found [Auto | Stopped] -- -- (ssidrv)
SRV - File not found [Auto | Stopped] -- -- (ss_mdfl)
SRV - File not found [Auto | Stopped] -- -- (sqlagent$pinnaclesys)
SRV - File not found [Auto | Stopped] -- -- (Spooler)
SRV - File not found [Auto | Stopped] -- -- (spmd)
SRV - File not found [Auto | Stopped] -- -- (SPLITCAM)
SRV - File not found [Auto | Stopped] -- -- (soma)
SRV - File not found [Auto | Stopped] -- -- (SNP2UVC)
SRV - File not found [Auto | Stopped] -- -- (slave)
SRV - File not found [Auto | Stopped] -- -- (SiS7018)
SRV - File not found [Auto | Stopped] -- -- (se59mdm)
SRV - File not found [Auto | Stopped] -- -- (sandboxu)
SRV - File not found [Auto | Stopped] -- -- (sagefserver)
SRV - File not found [Auto | Stopped] -- -- (s616bus)
SRV - File not found [Auto | Stopped] -- -- (RVIEG01)
SRV - File not found [Auto | Stopped] -- -- (rtl8185)
SRV - File not found [Auto | Stopped] -- -- (rtl8139)
SRV - File not found [Auto | Stopped] -- -- (richvideo)
SRV - File not found [Auto | Stopped] -- -- (qbfcservice)
SRV - File not found [Auto | Stopped] -- -- (pduip6000dmemcrdmgr)
SRV - File not found [Auto | Stopped] -- -- (PdiPorts)
SRV - File not found [Auto | Stopped] -- -- (pca)
SRV - File not found [Auto | Stopped] -- -- (osaio)
SRV - File not found [Auto | Stopped] -- -- (o2flash)
SRV - File not found [Auto | Stopped] -- -- (ntuneservice)
SRV - File not found [Auto | Stopped] -- -- (ntsyslog)
SRV - File not found [Auto | Stopped] -- -- (NPPTNT)
SRV - File not found [Auto | Stopped] -- -- (nimcdlbk)
SRV - File not found [Auto | Stopped] -- -- (NETw3x32)
SRV - File not found [Auto | Stopped] -- -- (NecUsb)
SRV - File not found [Auto | Stopped] -- -- (naveng)
SRV - File not found [Auto | Stopped] -- -- (Mvc25U870_VID_1262&PID_25FD)
SRV - File not found [Auto | Stopped] -- -- (msvad_simple)
SRV - File not found [Auto | Stopped] -- -- (msmframework)
SRV - File not found [Auto | Stopped] -- -- (MSCamSvc)
SRV - File not found [Auto | Stopped] -- -- (mksupdateint)
SRV - File not found [Auto | Stopped] -- -- (mcupdmgr.exe)
SRV - File not found [Auto | Stopped] -- -- (mcstrm)
SRV - File not found [Auto | Stopped] -- -- (mbackmonitor)
SRV - File not found [Auto | Stopped] -- -- (MagicTune)
SRV - File not found [Auto | Stopped] -- -- (Machnm32)
SRV - File not found [Auto | Stopped] -- -- (lightscribeservice)
SRV - File not found [Auto | Stopped] -- -- (l8042pr2)
SRV - File not found [Auto | Stopped] -- -- (keriomailserver)
SRV - File not found [Auto | Stopped] -- -- (k56)
SRV - File not found [Auto | Stopped] -- -- (JiaoCap)
SRV - File not found [Auto | Stopped] -- -- (ixiaendpoint)
SRV - File not found [Auto | Stopped] -- -- (incdrec)
SRV - File not found [Auto | Stopped] -- -- (imonnt)
SRV - File not found [Auto | Stopped] -- -- (igateway)
SRV - File not found [Auto | Stopped] -- -- (IBMTPCHK)
SRV - File not found [Auto | Stopped] -- -- (iaimfp3)
SRV - File not found [Auto | Stopped] -- -- (iaimfp0)
SRV - File not found [Auto | Stopped] -- -- (hsf_dpv)
SRV - File not found [Auto | Stopped] -- -- (hpqwmi)
SRV - File not found [Auto | Stopped] -- -- (hpgate)
SRV - File not found [Auto | Stopped] -- -- (houdinilicenseserver)
SRV - File not found [Auto | Stopped] -- -- (helpsvc)
SRV - File not found [Auto | Stopped] -- -- (GTF32BUS)
SRV - File not found [Auto | Stopped] -- -- (grmnusb)
SRV - File not found [Auto | Stopped] -- -- (FVXSCSI)
SRV - File not found [Auto | Stopped] -- -- (FGDSCSI)
SRV - File not found [Auto | Stopped] -- -- (FETNDIS)
SRV - File not found [Auto | Stopped] -- -- (ERSvc)
SRV - File not found [Auto | Stopped] -- -- (epson_pm_rpcv4_01)
SRV - File not found [Auto | Stopped] -- -- (emupia)
SRV - File not found [Auto | Stopped] -- -- (elbydelay)
SRV - File not found [Auto | Stopped] -- -- (dwusbdnt)
SRV - File not found [Auto | Stopped] -- -- (dsproct)
SRV - File not found [Auto | Stopped] -- -- (dlcc_device)
SRV - File not found [Auto | Stopped] -- -- (DeviceScanner)
SRV - File not found [Auto | Stopped] -- -- (db2licd)
SRV - File not found [Auto | Stopped] -- -- (db2jds)
SRV - File not found [Auto | Stopped] -- -- (cwbrxd)
SRV - File not found [Auto | Stopped] -- -- (centennialiptransferagent)
SRV - File not found [Auto | Stopped] -- -- (c-dillacdac11ba)
SRV - File not found [Auto | Stopped] -- -- (botcbs)
SRV - File not found [Auto | Stopped] -- -- (avg7rsw)
SRV - File not found [Auto | Stopped] -- -- (ATMsg)
SRV - File not found [Auto | Stopped] -- -- (atksgt)
SRV - File not found [Auto | Stopped] -- -- (atiavpci)
SRV - File not found [Auto | Stopped] -- -- (atiavaiw)
SRV - File not found [Auto | Stopped] -- -- (ati2mpaa)
SRV - File not found [Auto | Stopped] -- -- (as32svc)
SRV - File not found [Auto | Stopped] -- -- (ARCSOFTVIRTUALCAPTURE)
SRV - File not found [Auto | Stopped] -- -- (amoagent)
SRV - File not found [Auto | Stopped] -- -- (AmdIde)
SRV - File not found [Auto | Stopped] -- -- (aksusb)
SRV - File not found [Auto | Stopped] -- -- (a8djavs)


========== Driver Services (SafeList) ==========

DRV - [2011/09/29 09:04:22 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2011/06/28 01:35:06 | 000,436,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/10/13 06:47:20 | 000,074,280 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112)
DRV - [2008/05/06 08:01:50 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2007/05/24 11:28:22 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2005/05/04 11:18:26 | 002,951,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/01/20 00:30:52 | 000,067,200 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3132.sys -- (SI3132)
DRV - [2004/11/01 21:21:32 | 000,010,368 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2004/08/23 09:49:30 | 000,121,472 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6B528F7B-1290-4F85-BA27-8515B393FF4B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6B528F7B-1290-4F85-BA27-8515B393FF4B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKLM\..\SearchScopes\{6BA4BBC5-3A34-465E-A7AD-CA216AD72022}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6B528F7B-1290-4F85-BA27-8515B393FF4B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{454D5BFA-30B7-4CDF-98E2-5D78A9DB3271}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102868&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=5I&apn_dtid=YYYYYYCLUS&apn_uid=cf058a5f-614d-469f-b9f6-3fa4ee5baaec&apn_sauid=7BE87CCA-DC97-42C4-AB92-89C7D1AB5627&
IE - HKCU\..\SearchScopes\{6B528F7B-1290-4F85-BA27-8515B393FF4B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GGHP_enUS471
IE - HKCU\..\SearchScopes\{A37323CD-A4AF-4D12-924B-BE27FB193C1F}: "URL" = http://mp3tubetoolbar.com/?tmp=toolbar_sb_results&prt=pinballtbfour01ie&Keywords={searchTerms}&clid=d52d3be656af4865b66f7ff47438abfc
IE - HKCU\..\SearchScopes\{CE3B1290-11E7-4B34-9F05-B393A58D61BC}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110728,6901,0,8,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=d52d3be656af4865b66f7ff47438abfc&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?l=dis&o=102868&gct=hp"
FF - prefs.js..keyword.URL: "http://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 53677
FF - prefs.js..network.proxy.type: 0

FF - user.js..keyword.URL: "http://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q="
FF - user.js..keyword.enabled: 1

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/17 11:10:34 | 000,000,000 | ---D | M]

[2011/07/31 11:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marc\Application Data\Mozilla\Extensions
[2011/11/17 19:25:44 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\dksm9748.default\searchplugins\askcom.xml
[2011/07/31 11:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011/06/16 06:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/29 02:11:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [syst32] C:\Documents and Settings\Marc\Desktop\Log.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with x-ipod-magic-platinum - C:\Program Files\Xilisoft\iPod Magic Platinum\upod_link.HTM File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57284A03-6854-4A42-B83C-592C17CE7AF3}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Marc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/28 01:34:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: ss_mdfl - File not found
NetSvcs: zenos1 - File not found
NetSvcs: atiavpci - File not found
NetSvcs: a8djavs - File not found
NetSvcs: epson_pm_rpcv4_01 - File not found
NetSvcs: USBVCD - File not found
NetSvcs: W700mgmt - File not found
NetSvcs: wintabservice - File not found
NetSvcs: vaiomediaplatform-musicserver-appserver - File not found
NetSvcs: pduip6000dmemcrdmgr - File not found
NetSvcs: msmframework - File not found
NetSvcs: hpgate - File not found
NetSvcs: c-dillacdac11ba - File not found
NetSvcs: mksupdateint - File not found
NetSvcs: se59mdm - File not found
NetSvcs: symndis - File not found
NetSvcs: sqlagent$pinnaclesys - File not found
NetSvcs: rtl8139 - File not found
NetSvcs: sandboxu - File not found
NetSvcs: houdinilicenseserver - File not found
NetSvcs: USB11LDR - File not found
NetSvcs: Machnm32 - File not found
NetSvcs: FETNDIS - File not found
NetSvcs: avg7rsw - File not found
NetSvcs: NPPTNT - File not found
NetSvcs: VAIOMediaPlatform-MusicServer-HTTP - File not found
NetSvcs: incdrec - File not found
NetSvcs: dsproct - File not found
NetSvcs: as32svc - File not found
NetSvcs: imonnt - File not found
NetSvcs: ssidrv - File not found
NetSvcs: l8042pr2 - File not found
NetSvcs: db2licd - File not found
NetSvcs: VCAM - File not found
NetSvcs: vtserver - File not found
NetSvcs: centennialiptransferagent - File not found
NetSvcs: vmkbd2 - File not found
NetSvcs: vncmirror - File not found
NetSvcs: ixiaendpoint - File not found
NetSvcs: grmnusb - File not found
NetSvcs: ntuneservice - File not found
NetSvcs: soma - File not found
NetSvcs: mbackmonitor - File not found
NetSvcs: WcesComm - File not found
NetSvcs: USBAAPL - File not found
NetSvcs: PdiPorts - File not found
NetSvcs: atksgt - File not found
NetSvcs: dlcc_device - File not found
NetSvcs: MagicTune - File not found
NetSvcs: slave - File not found
NetSvcs: TeamViewer - File not found
NetSvcs: w200bus - File not found
NetSvcs: cwbrxd - File not found
NetSvcs: mcstrm - File not found
NetSvcs: SPLITCAM - File not found
NetSvcs: ScFBPNT3 - File not found
NetSvcs: LVRS - File not found
NetSvcs: openldap-slapd - File not found
NetSvcs: symtdi - File not found
NetSvcs: hpqwmi - File not found
NetSvcs: AmdIde - File not found
NetSvcs: wacomvhid - File not found
NetSvcs: spmd - File not found
NetSvcs: msvad_simple - File not found
NetSvcs: w300bus - File not found
NetSvcs: amoagent - File not found
NetSvcs: SiS7018 - File not found
NetSvcs: hsf_dpv - File not found
NetSvcs: ati2mpaa - File not found
NetSvcs: keriomailserver - File not found
NetSvcs: usbscan - File not found
NetSvcs: ATMsg - File not found
NetSvcs: usbmate - File not found
NetSvcs: GTF32BUS - File not found
NetSvcs: ARCSOFTVIRTUALCAPTURE - File not found
NetSvcs: igateway - File not found
NetSvcs: FGDSCSI - File not found
NetSvcs: MSCamSvc - File not found
NetSvcs: RVIEG01 - File not found
NetSvcs: elbydelay - File not found
NetSvcs: aksusb - File not found
NetSvcs: stirusb - File not found
NetSvcs: ntsyslog - File not found
NetSvcs: lightscribeservice - File not found
NetSvcs: o2flash - File not found
NetSvcs: wmp54gv4svc - File not found
NetSvcs: pca - File not found
NetSvcs: rtl8185 - File not found
NetSvcs: Mvc25U870_VID_1262&PID_25FD - File not found
NetSvcs: s616bus - File not found
NetSvcs: osaio - File not found
NetSvcs: iaimfp3 - File not found
NetSvcs: emupia - File not found
NetSvcs: NETw3x32 - File not found
NetSvcs: mcupdmgr.exe - File not found
NetSvcs: qbfcservice - File not found
NetSvcs: iaimfp0 - File not found
NetSvcs: SNP2UVC - File not found
NetSvcs: DeviceScanner - File not found
NetSvcs: wkscfgsrv - File not found
NetSvcs: IBMTPCHK - File not found
NetSvcs: JiaoCap - File not found
NetSvcs: db2jds - File not found
NetSvcs: FVXSCSI - File not found
NetSvcs: nimcdlbk - File not found
NetSvcs: k56 - File not found
NetSvcs: naveng - File not found
NetSvcs: atiavaiw - File not found
NetSvcs: botcbs - File not found
NetSvcs: richvideo - File not found
NetSvcs: sagefserver - File not found
NetSvcs: winachsx - File not found
NetSvcs: dwusbdnt - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - File not found

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player 11
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/02 00:52:47 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marc\Desktop\OTL.exe
[2012/02/29 13:33:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Desktop\bleepingcomputer
[2012/02/29 12:21:59 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/29 03:46:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/29 02:14:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/02/29 02:10:56 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2012/02/29 02:10:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2012/02/29 02:10:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2012/02/29 02:10:55 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2012/02/29 00:52:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/29 00:39:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/29 00:39:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Marc\Start Menu\Programs\Administrative Tools
[2012/02/29 00:04:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/28 23:26:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Marc\Recent
[2012/02/16 11:37:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Application Data\Google
[2012/02/16 11:37:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2012/02/16 11:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/02/05 08:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Start Menu\Programs\Xilisoft
[2012/02/05 08:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\Xilisoft
[2012/02/05 08:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\My Documents\Xilisoft
[2012/02/05 07:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Application Data\Xilisoft

========== Files - Modified Within 30 Days ==========

[2012/03/02 00:45:46 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marc\Desktop\OTL.exe
[2012/03/02 00:42:10 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/01 23:59:10 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-920026266-1177238915-1003UA.job
[2012/03/01 19:00:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2012/03/01 11:59:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-920026266-1177238915-1003Core.job
[2012/03/01 11:42:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/29 13:35:10 | 000,039,291 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/02/29 13:34:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/29 13:34:01 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Marc\defogger_reenable
[2012/02/29 02:11:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/29 00:52:21 | 000,000,348 | RHS- | M] () -- C:\boot.ini
[2012/02/29 00:42:20 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/29 00:38:57 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Marc\My Documents\MBR.dat
[2012/02/29 00:25:23 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/28 23:42:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/28 23:14:13 | 000,000,258 | ---- | M] () -- C:\Documents and Settings\Marc\My Documents\cc_20120228_231409.reg
[2012/02/16 20:00:27 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\Google Chrome.lnk
[2012/02/16 20:00:27 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/05 08:56:40 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\Xilisoft DVD Ripper Ultimate 5.lnk
[2012/02/05 06:55:35 | 000,003,763 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\-_Demonoid.me_-XFreesoft_DVD_Ripper_v2_3_0_6_LAXiTY_11189994.9438.torrent

========== Files Created - No Company Name ==========

[2012/02/29 13:33:53 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Marc\defogger_reenable
[2012/02/29 00:52:21 | 000,000,232 | ---- | C] () -- C:\Boot.bak
[2012/02/29 00:52:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/29 00:38:57 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Marc\My Documents\MBR.dat
[2012/02/28 23:14:11 | 000,000,258 | ---- | C] () -- C:\Documents and Settings\Marc\My Documents\cc_20120228_231409.reg
[2012/02/16 11:37:04 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/16 11:37:03 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/05 08:56:40 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\Xilisoft DVD Ripper Ultimate 5.lnk
[2012/02/05 06:55:34 | 000,003,763 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\-_Demonoid.me_-XFreesoft_DVD_Ripper_v2_3_0_6_LAXiTY_11189994.9438.torrent
[2012/02/04 21:23:27 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/01/02 22:28:18 | 000,103,733 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2012/01/02 22:28:18 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/12/31 07:28:26 | 000,015,394 | -HS- | C] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\63i36mw078uibsc30k1dd3e5pwi7e0hbpcwq1u5b4a824
[2011/12/31 07:28:26 | 000,015,394 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\63i36mw078uibsc30k1dd3e5pwi7e0hbpcwq1u5b4a824
[2011/12/22 01:45:10 | 000,015,848 | -HS- | C] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\143306s0j286x770y614f0jar4x1
[2011/12/22 01:45:10 | 000,015,848 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\143306s0j286x770y614f0jar4x1
[2011/12/18 10:48:51 | 000,000,312 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~rUUsGBSbT6IWl8
[2011/12/18 10:48:51 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~rUUsGBSbT6IWl8r
[2011/12/18 10:48:42 | 000,000,440 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rUUsGBSbT6IWl8
[2011/10/17 12:44:05 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/27 00:24:38 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/31 11:52:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/30 00:54:29 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2011/06/30 00:54:29 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2011/06/30 00:54:28 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2011/06/30 00:54:28 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2011/06/30 00:54:28 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2011/06/30 00:54:28 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2011/06/30 00:54:28 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2011/06/30 00:54:28 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2011/06/30 00:53:54 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2011/06/30 00:53:52 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2011/06/30 00:53:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2011/06/30 00:26:51 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2011/06/29 00:24:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/06/28 04:22:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/28 04:21:06 | 000,095,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/28 01:38:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/28 01:37:12 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2011/06/28 01:30:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/28 01:30:24 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2011/06/28 01:30:14 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\libpng13.dll
[2010/10/13 06:40:57 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

========== Custom Scans ==========


< c:\windows\*. /SL >

< c:\windows\*. /RP >

< %ALLUSERSPROFILE%\Application Data\*. >
[2012/01/17 11:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2012/01/17 11:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2012/02/29 00:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/01/07 08:29:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/02/16 11:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/08/31 03:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/28 01:34:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/07/08 09:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2011/12/31 07:29:30 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

< %APPDATA%\*. >
[2011/06/30 00:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Adobe
[2012/01/18 01:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Apple Computer
[2012/01/07 08:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\AVG2012
[2011/06/28 07:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\DMCache
[2011/06/28 01:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Dream Aquarium
[2012/02/16 12:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Google
[2011/10/17 13:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Identities
[2011/07/21 05:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\IDM
[2011/06/30 00:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Macromedia
[2011/08/31 03:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Malwarebytes
[2011/12/26 13:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\ManyCam
[2012/02/03 00:56:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Marc\Application Data\Microsoft
[2011/07/31 11:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Mozilla
[2012/02/03 01:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Registry Mechanic
[2011/07/01 01:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Sun
[2012/02/28 23:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\uTorrent
[2011/08/06 07:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\VirtualStore
[2011/07/21 05:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\vlc
[2011/06/29 00:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\WinRAR
[2012/02/05 08:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Xilisoft
[2011/07/08 09:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Yahoo!

< %APPDATA%\*.exe /s >
[2011/07/21 05:10:55 | 004,502,088 | ---- | M] (Tonec Inc.) -- C:\Documents and Settings\Marc\Application Data\IDM\idmupdt.exe
[2011/08/01 00:38:13 | 000,061,440 | R--- | M] (Flexera Software, Inc.) -- C:\Documents and Settings\Marc\Application Data\Microsoft\Installer\{3F7423FB-8E9A-4EF4-BB8A-EAD6314CCB3D}\NewShortcut1_9046FC1E1C604E8F87F08E640274C274.exe
[2011/08/01 00:38:13 | 000,061,440 | R--- | M] (Flexera Software, Inc.) -- C:\Documents and Settings\Marc\Application Data\Microsoft\Installer\{3F7423FB-8E9A-4EF4-BB8A-EAD6314CCB3D}\NewShortcut7_B56E5B51EA954C948003CC703E2AFAD5.exe

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2011/06/28 04:20:24 | 000,102,400 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011/06/28 04:20:24 | 001,130,496 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011/06/28 04:20:23 | 000,925,696 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2011/12/22 01:59:18 | 000,052,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

< End of report >

OTL Extras Report
OTL Extras logfile created on: 3/2/2012 12:53:53 AM - Run 1
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Documents and Settings\Marc\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.37 Gb Total Physical Memory | 3.04 Gb Available Physical Memory | 90.25% Memory free
5.22 Gb Paging File | 5.08 Gb Available in Paging File | 97.35% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 138.68 Gb Free Space | 59.55% Space Free | Partition Type: NTFS
Drive G: | 1.83 Gb Total Space | 1.81 Gb Free Space | 99.02% Space Free | Partition Type: FAT

Computer Name: BIZARRE | User Name: Marc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Marc\My Documents\Downloads\Programs\Facemoods.exe" = C:\Documents and Settings\Marc\My Documents\Downloads\Programs\Facemoods.exe:*:Enabled:InstallCore™ -- (InstallCore© Technologies )


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - SP1 x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F7423FB-8E9A-4EF4-BB8A-EAD6314CCB3D}" = Scratch Live 2.2.0 (22033)
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable - SP1 x86 8.0.59193
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1BE2E250A03B1B061C7B1106DFAD2854D80CA4E1" = Windows Driver Package - Silicon Image (Si3132r5) SCSIAdapter (05/30/2007 1.5.18.0)
"298382AC8E4E687D39BE262E05E55DBDE04068E3" = Windows Driver Package - Silicon Image (SI3132) SCSIAdapter (06/05/2007 1.0.21.1)
"29C13BAC76521EA72E38DB0C360AF18FC15519C9" = Windows Driver Package - Silicon Image System (05/30/2007 1.5.18.0)
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"ManyCam" = ManyCam 2.6.65 (remove only)
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"Registry Mechanic_is1" = Registry Mechanic 10.0.0.132
"Unlocker" = Unlocker 1.9.0
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR archiver
"Xilisoft DVD Ripper Ultimate 5" = Xilisoft DVD Ripper Ultimate

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/28/2012 6:04:04 PM | Computer Name = BIZARRE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/28/2012 6:04:04 PM | Computer Name = BIZARRE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/28/2012 6:05:27 PM | Computer Name = BIZARRE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 2/28/2012 6:05:28 PM | Computer Name = BIZARRE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/28/2012 7:04:24 PM | Computer Name = BIZARRE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 2/28/2012 7:04:27 PM | Computer Name = BIZARRE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/28/2012 7:04:28 PM | Computer Name = BIZARRE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/28/2012 7:04:28 PM | Computer Name = BIZARRE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/28/2012 7:04:28 PM | Computer Name = BIZARRE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/28/2012 7:04:28 PM | Computer Name = BIZARRE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 2/29/2012 7:01:43 AM | Computer Name = BIZARRE | Source = DCOM | ID = 10010
Description = The server {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE} did not register
with DCOM within the required timeout.

Error - 2/29/2012 7:02:13 AM | Computer Name = BIZARRE | Source = DCOM | ID = 10010
Description = The server {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE} did not register
with DCOM within the required timeout.

Error - 2/29/2012 7:02:43 AM | Computer Name = BIZARRE | Source = DCOM | ID = 10010
Description = The server {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE} did not register
with DCOM within the required timeout.

Error - 2/29/2012 7:03:13 AM | Computer Name = BIZARRE | Source = DCOM | ID = 10010
Description = The server {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE} did not register
with DCOM within the required timeout.

Error - 2/29/2012 7:03:43 AM | Computer Name = BIZARRE | Source = DCOM | ID = 10010
Description = The server {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE} did not register
with DCOM within the required timeout.

Error - 2/29/2012 7:04:13 AM | Computer Name = BIZARRE | Source = DCOM | ID = 10010
Description = The server {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE} did not register
with DCOM within the required timeout.

Error - 2/29/2012 7:04:43 AM | Computer Name = BIZARRE | Source = DCOM | ID = 10010
Description = The server {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE} did not register
with DCOM within the required timeout.

Error - 2/29/2012 7:05:13 AM | Computer Name = BIZARRE | Source = DCOM | ID = 10010
Description = The server {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE} did not register
with DCOM within the required timeout.

Error - 2/29/2012 7:05:43 AM | Computer Name = BIZARRE | Source = DCOM | ID = 10010
Description = The server {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE} did not register
with DCOM within the required timeout.

Error - 2/29/2012 7:35:19 AM | Computer Name = BIZARRE | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.


< End of report >

#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:05 AM

Posted 02 March 2012 - 08:32 AM

Hi,

Please prepare the Windows XP CD if you have it because it may come in handy later on.


P2P Warning:

µTorrent

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes .

These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


=============================================


:step1: Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    :OTL
    SRV - File not found [Auto | Stopped] -- -- (zenos1)
    SRV - File not found [Auto | Stopped] -- -- (wscsvc)
    SRV - File not found [Auto | Stopped] -- -- (wmp54gv4svc)
    SRV - File not found [Auto | Stopped] -- -- (wkscfgsrv)
    SRV - File not found [Auto | Stopped] -- -- (wintabservice)
    SRV - File not found [Auto | Stopped] -- -- (winachsx)
    SRV - File not found [Auto | Stopped] -- -- (WcesComm)
    SRV - File not found [Auto | Stopped] -- -- (wacomvhid)
    SRV - File not found [Auto | Stopped] -- -- (W700mgmt)
    SRV - File not found [Auto | Stopped] -- -- (w300bus)
    SRV - File not found [Auto | Stopped] -- -- (w200bus)
    SRV - File not found [Auto | Stopped] -- -- (vtserver)
    SRV - File not found [Auto | Stopped] -- -- (vncmirror)
    SRV - File not found [Auto | Stopped] -- -- (vmkbd2)
    SRV - File not found [Auto | Stopped] -- -- (VCAM)
    SRV - File not found [Auto | Stopped] -- -- (VAIOMediaPlatform-MusicServer-HTTP)
    SRV - File not found [Auto | Stopped] -- -- (vaiomediaplatform-musicserver-appserver)
    SRV - File not found [Auto | Stopped] -- -- (USBVCD)
    SRV - File not found [Auto | Stopped] -- -- (usbscan)
    SRV - File not found [Auto | Stopped] -- -- (usbmate)
    SRV - File not found [Auto | Stopped] -- -- (USBAAPL)
    SRV - File not found [Auto | Stopped] -- -- (USB11LDR)
    SRV - File not found [Auto | Stopped] -- -- (TeamViewer)
    SRV - File not found [Auto | Stopped] -- -- (symtdi)
    SRV - File not found [Auto | Stopped] -- -- (symndis)
    SRV - File not found [Auto | Stopped] -- -- (stirusb)
    SRV - File not found [Auto | Stopped] -- -- (ssidrv)
    SRV - File not found [Auto | Stopped] -- -- (ss_mdfl)
    SRV - File not found [Auto | Stopped] -- -- (sqlagent$pinnaclesys)
    SRV - File not found [Auto | Stopped] -- -- (Spooler)
    SRV - File not found [Auto | Stopped] -- -- (spmd)
    SRV - File not found [Auto | Stopped] -- -- (SPLITCAM)
    SRV - File not found [Auto | Stopped] -- -- (soma)
    SRV - File not found [Auto | Stopped] -- -- (SNP2UVC)
    SRV - File not found [Auto | Stopped] -- -- (slave)
    SRV - File not found [Auto | Stopped] -- -- (SiS7018)
    SRV - File not found [Auto | Stopped] -- -- (se59mdm)
    SRV - File not found [Auto | Stopped] -- -- (sandboxu)
    SRV - File not found [Auto | Stopped] -- -- (sagefserver)
    SRV - File not found [Auto | Stopped] -- -- (s616bus)
    SRV - File not found [Auto | Stopped] -- -- (RVIEG01)
    SRV - File not found [Auto | Stopped] -- -- (rtl8185)
    SRV - File not found [Auto | Stopped] -- -- (rtl8139)
    SRV - File not found [Auto | Stopped] -- -- (richvideo)
    SRV - File not found [Auto | Stopped] -- -- (qbfcservice)
    SRV - File not found [Auto | Stopped] -- -- (pduip6000dmemcrdmgr)
    SRV - File not found [Auto | Stopped] -- -- (PdiPorts)
    SRV - File not found [Auto | Stopped] -- -- (pca)
    SRV - File not found [Auto | Stopped] -- -- (osaio)
    SRV - File not found [Auto | Stopped] -- -- (o2flash)
    SRV - File not found [Auto | Stopped] -- -- (ntuneservice)
    SRV - File not found [Auto | Stopped] -- -- (ntsyslog)
    SRV - File not found [Auto | Stopped] -- -- (NPPTNT)
    SRV - File not found [Auto | Stopped] -- -- (nimcdlbk)
    SRV - File not found [Auto | Stopped] -- -- (NETw3x32)
    SRV - File not found [Auto | Stopped] -- -- (NecUsb)
    SRV - File not found [Auto | Stopped] -- -- (naveng)
    SRV - File not found [Auto | Stopped] -- -- (Mvc25U870_VID_1262&PID_25FD)
    SRV - File not found [Auto | Stopped] -- -- (msvad_simple)
    SRV - File not found [Auto | Stopped] -- -- (msmframework)
    SRV - File not found [Auto | Stopped] -- -- (MSCamSvc)
    SRV - File not found [Auto | Stopped] -- -- (mksupdateint)
    SRV - File not found [Auto | Stopped] -- -- (mcupdmgr.exe)
    SRV - File not found [Auto | Stopped] -- -- (mcstrm)
    SRV - File not found [Auto | Stopped] -- -- (mbackmonitor)
    SRV - File not found [Auto | Stopped] -- -- (MagicTune)
    SRV - File not found [Auto | Stopped] -- -- (Machnm32)
    SRV - File not found [Auto | Stopped] -- -- (lightscribeservice)
    SRV - File not found [Auto | Stopped] -- -- (l8042pr2)
    SRV - File not found [Auto | Stopped] -- -- (keriomailserver)
    SRV - File not found [Auto | Stopped] -- -- (k56)
    SRV - File not found [Auto | Stopped] -- -- (JiaoCap)
    SRV - File not found [Auto | Stopped] -- -- (ixiaendpoint)
    SRV - File not found [Auto | Stopped] -- -- (incdrec)
    SRV - File not found [Auto | Stopped] -- -- (imonnt)
    SRV - File not found [Auto | Stopped] -- -- (igateway)
    SRV - File not found [Auto | Stopped] -- -- (IBMTPCHK)
    SRV - File not found [Auto | Stopped] -- -- (iaimfp3)
    SRV - File not found [Auto | Stopped] -- -- (iaimfp0)
    SRV - File not found [Auto | Stopped] -- -- (hsf_dpv)
    SRV - File not found [Auto | Stopped] -- -- (hpqwmi)
    SRV - File not found [Auto | Stopped] -- -- (hpgate)
    SRV - File not found [Auto | Stopped] -- -- (houdinilicenseserver)
    SRV - File not found [Auto | Stopped] -- -- (helpsvc)
    SRV - File not found [Auto | Stopped] -- -- (GTF32BUS)
    SRV - File not found [Auto | Stopped] -- -- (grmnusb)
    SRV - File not found [Auto | Stopped] -- -- (FVXSCSI)
    SRV - File not found [Auto | Stopped] -- -- (FGDSCSI)
    SRV - File not found [Auto | Stopped] -- -- (FETNDIS)
    SRV - File not found [Auto | Stopped] -- -- (ERSvc)
    SRV - File not found [Auto | Stopped] -- -- (epson_pm_rpcv4_01)
    SRV - File not found [Auto | Stopped] -- -- (emupia)
    SRV - File not found [Auto | Stopped] -- -- (elbydelay)
    SRV - File not found [Auto | Stopped] -- -- (dwusbdnt)
    SRV - File not found [Auto | Stopped] -- -- (dsproct)
    SRV - File not found [Auto | Stopped] -- -- (dlcc_device)
    SRV - File not found [Auto | Stopped] -- -- (DeviceScanner)
    SRV - File not found [Auto | Stopped] -- -- (db2licd)
    SRV - File not found [Auto | Stopped] -- -- (db2jds)
    SRV - File not found [Auto | Stopped] -- -- (cwbrxd)
    SRV - File not found [Auto | Stopped] -- -- (centennialiptransferagent)
    SRV - File not found [Auto | Stopped] -- -- (c-dillacdac11ba)
    SRV - File not found [Auto | Stopped] -- -- (botcbs)
    SRV - File not found [Auto | Stopped] -- -- (avg7rsw)
    SRV - File not found [Auto | Stopped] -- -- (ATMsg)
    SRV - File not found [Auto | Stopped] -- -- (atksgt)
    SRV - File not found [Auto | Stopped] -- -- (atiavpci)
    SRV - File not found [Auto | Stopped] -- -- (atiavaiw)
    SRV - File not found [Auto | Stopped] -- -- (ati2mpaa)
    SRV - File not found [Auto | Stopped] -- -- (as32svc)
    SRV - File not found [Auto | Stopped] -- -- (ARCSOFTVIRTUALCAPTURE)
    SRV - File not found [Auto | Stopped] -- -- (amoagent)
    SRV - File not found [Auto | Stopped] -- -- (AmdIde)
    SRV - File not found [Auto | Stopped] -- -- (aksusb)
    SRV - File not found [Auto | Stopped] -- -- (a8djavs)
    IE - HKLM\..\SearchScopes,DefaultScope = {6B528F7B-1290-4F85-BA27-8515B393FF4B}
    IE - HKCU\..\SearchScopes,DefaultScope = {6B528F7B-1290-4F85-BA27-8515B393FF4B}
    IE - HKCU\..\SearchScopes\{454D5BFA-30B7-4CDF-98E2-5D78A9DB3271}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102868&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=5I&apn_dtid=YYYYYYCLUS&apn_uid=cf058a5f-614d-469f-b9f6-3fa4ee5baaec&apn_sauid=7BE87CCA-DC97-42C4-AB92-89C7D1AB5627&
    IE - HKCU\..\SearchScopes\{A37323CD-A4AF-4D12-924B-BE27FB193C1F}: "URL" = http://mp3tubetoolbar.com/?tmp=toolbar_sb_results&prt=pinballtbfour01ie&Keywords={searchTerms}&clid=d52d3be656af4865b66f7ff47438abfc
    FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=d52d3be656af4865b66f7ff47438abfc&subid=&keywords={searchTerms}"
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Ask.com"
    FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?l=dis&o=102868&gct=hp"
    FF - prefs.js..keyword.URL: "http://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q="
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 53677
    FF - user.js..keyword.URL: "http://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q="
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O8 - Extra context menu item: Download with x-ipod-magic-platinum - C:\Program Files\Xilisoft\iPod Magic Platinum\upod_link.HTM File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
    [2011/12/31 07:28:26 | 000,015,394 | -HS- | C] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\63i36mw078uibsc30k1dd3e5pwi7e0hbpcwq1u5b4a824
    2011/12/31 07:28:26 | 000,015,394 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\63i36mw078uibsc30k1dd3e5pwi7e0hbpcwq1u5b4a824
    [2011/12/22 01:45:10 | 000,015,848 | -HS- | C] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\143306s0j286x770y614f0jar4x1
    [2011/12/22 01:45:10 | 000,015,848 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\143306s0j286x770y614f0jar4x1
    [2011/12/18 10:48:51 | 000,000,312 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~rUUsGBSbT6IWl8
    [2011/12/18 10:48:51 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~rUUsGBSbT6IWl8r
    [2011/12/18 10:48:42 | 000,000,440 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rUUsGBSbT6IWl8
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusOverride"=-
    "FirewallOverride"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications"=-
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [CREATERESTOREPOINT] 
    
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.


:step2: Run OTL.
  • Click the None button at the top (Between "Run fix" and "Clean up" button).
  • Copy and Paste the following code into the Custom Scan box.

    /md5start
    tcpip.sys 
    ipsec.sys 
    spoolsv.exe 
    wscntfy.exe 
    /md5stop
    netsvcs
    
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad windows.
  • Please copy (Edit->Select All, Edit->Copy) the contents of that file, and post them when you reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 herec0m3strouble

herec0m3strouble
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 02 March 2012 - 09:47 AM

First OTL Copy/Paste
========== OTL ==========
Error: No service named zenos1 was found to stop!
Service\Driver key zenos1 not found.
Error: No service named wscsvc was found to stop!
Service\Driver key wscsvc not found.
Error: No service named wmp54gv4svc was found to stop!
Service\Driver key wmp54gv4svc not found.
Error: No service named wkscfgsrv was found to stop!
Service\Driver key wkscfgsrv not found.
Error: No service named wintabservice was found to stop!
Service\Driver key wintabservice not found.
Error: No service named winachsx was found to stop!
Service\Driver key winachsx not found.
Error: No service named WcesComm was found to stop!
Service\Driver key WcesComm not found.
Error: No service named wacomvhid was found to stop!
Service\Driver key wacomvhid not found.
Error: No service named W700mgmt was found to stop!
Service\Driver key W700mgmt not found.
Error: No service named w300bus was found to stop!
Service\Driver key w300bus not found.
Error: No service named w200bus was found to stop!
Service\Driver key w200bus not found.
Error: No service named vtserver was found to stop!
Service\Driver key vtserver not found.
Error: No service named vncmirror was found to stop!
Service\Driver key vncmirror not found.
Error: No service named vmkbd2 was found to stop!
Service\Driver key vmkbd2 not found.
Error: No service named VCAM was found to stop!
Service\Driver key VCAM not found.
Error: No service named VAIOMediaPlatform-MusicServer-HTTP was found to stop!
Service\Driver key VAIOMediaPlatform-MusicServer-HTTP not found.
Error: No service named vaiomediaplatform-musicserver-appserver was found to stop!
Service\Driver key vaiomediaplatform-musicserver-appserver not found.
Error: No service named USBVCD was found to stop!
Service\Driver key USBVCD not found.
Error: No service named usbscan was found to stop!
Service\Driver key usbscan not found.
Error: No service named usbmate was found to stop!
Service\Driver key usbmate not found.
Error: No service named USBAAPL was found to stop!
Service\Driver key USBAAPL not found.
Error: No service named USB11LDR was found to stop!
Service\Driver key USB11LDR not found.
Error: No service named TeamViewer was found to stop!
Service\Driver key TeamViewer not found.
Error: No service named symtdi was found to stop!
Service\Driver key symtdi not found.
Error: No service named symndis was found to stop!
Service\Driver key symndis not found.
Error: No service named stirusb was found to stop!
Service\Driver key stirusb not found.
Error: No service named ssidrv was found to stop!
Service\Driver key ssidrv not found.
Error: No service named ss_mdfl was found to stop!
Service\Driver key ss_mdfl not found.
Error: No service named sqlagent$pinnaclesys was found to stop!
Service\Driver key sqlagent$pinnaclesys not found.
Error: No service named Spooler was found to stop!
Service\Driver key Spooler not found.
Error: No service named spmd was found to stop!
Service\Driver key spmd not found.
Error: No service named SPLITCAM was found to stop!
Service\Driver key SPLITCAM not found.
Error: No service named soma was found to stop!
Service\Driver key soma not found.
Error: No service named SNP2UVC was found to stop!
Service\Driver key SNP2UVC not found.
Error: No service named slave was found to stop!
Service\Driver key slave not found.
Error: No service named SiS7018 was found to stop!
Service\Driver key SiS7018 not found.
Error: No service named se59mdm was found to stop!
Service\Driver key se59mdm not found.
Error: No service named sandboxu was found to stop!
Service\Driver key sandboxu not found.
Error: No service named sagefserver was found to stop!
Service\Driver key sagefserver not found.
Error: No service named s616bus was found to stop!
Service\Driver key s616bus not found.
Error: No service named RVIEG01 was found to stop!
Service\Driver key RVIEG01 not found.
Error: No service named rtl8185 was found to stop!
Service\Driver key rtl8185 not found.
Error: No service named rtl8139 was found to stop!
Service\Driver key rtl8139 not found.
Error: No service named richvideo was found to stop!
Service\Driver key richvideo not found.
Error: No service named qbfcservice was found to stop!
Service\Driver key qbfcservice not found.
Error: No service named pduip6000dmemcrdmgr was found to stop!
Service\Driver key pduip6000dmemcrdmgr not found.
Error: No service named PdiPorts was found to stop!
Service\Driver key PdiPorts not found.
Error: No service named pca was found to stop!
Service\Driver key pca not found.
Error: No service named osaio was found to stop!
Service\Driver key osaio not found.
Error: No service named o2flash was found to stop!
Service\Driver key o2flash not found.
Error: No service named ntuneservice was found to stop!
Service\Driver key ntuneservice not found.
Error: No service named ntsyslog was found to stop!
Service\Driver key ntsyslog not found.
Error: No service named NPPTNT was found to stop!
Service\Driver key NPPTNT not found.
Error: No service named nimcdlbk was found to stop!
Service\Driver key nimcdlbk not found.
Error: No service named NETw3x32 was found to stop!
Service\Driver key NETw3x32 not found.
Error: No service named NecUsb was found to stop!
Service\Driver key NecUsb not found.
Error: No service named naveng was found to stop!
Service\Driver key naveng not found.
Error: No service named Mvc25U870_VID_1262&PID_25FD was found to stop!
Service\Driver key Mvc25U870_VID_1262&PID_25FD not found.
Error: No service named msvad_simple was found to stop!
Service\Driver key msvad_simple not found.
Error: No service named msmframework was found to stop!
Service\Driver key msmframework not found.
Error: No service named MSCamSvc was found to stop!
Service\Driver key MSCamSvc not found.
Error: No service named mksupdateint was found to stop!
Service\Driver key mksupdateint not found.
Error: No service named mcupdmgr.exe was found to stop!
Service\Driver key mcupdmgr.exe not found.
Error: No service named mcstrm was found to stop!
Service\Driver key mcstrm not found.
Error: No service named mbackmonitor was found to stop!
Service\Driver key mbackmonitor not found.
Error: No service named MagicTune was found to stop!
Service\Driver key MagicTune not found.
Error: No service named Machnm32 was found to stop!
Service\Driver key Machnm32 not found.
Error: No service named lightscribeservice was found to stop!
Service\Driver key lightscribeservice not found.
Error: No service named l8042pr2 was found to stop!
Service\Driver key l8042pr2 not found.
Error: No service named keriomailserver was found to stop!
Service\Driver key keriomailserver not found.
Error: No service named k56 was found to stop!
Service\Driver key k56 not found.
Error: No service named JiaoCap was found to stop!
Service\Driver key JiaoCap not found.
Error: No service named ixiaendpoint was found to stop!
Service\Driver key ixiaendpoint not found.
Error: No service named incdrec was found to stop!
Service\Driver key incdrec not found.
Error: No service named imonnt was found to stop!
Service\Driver key imonnt not found.
Error: No service named igateway was found to stop!
Service\Driver key igateway not found.
Error: No service named IBMTPCHK was found to stop!
Service\Driver key IBMTPCHK not found.
Error: No service named iaimfp3 was found to stop!
Service\Driver key iaimfp3 not found.
Error: No service named iaimfp0 was found to stop!
Service\Driver key iaimfp0 not found.
Error: No service named hsf_dpv was found to stop!
Service\Driver key hsf_dpv not found.
Error: No service named hpqwmi was found to stop!
Service\Driver key hpqwmi not found.
Error: No service named hpgate was found to stop!
Service\Driver key hpgate not found.
Error: No service named houdinilicenseserver was found to stop!
Service\Driver key houdinilicenseserver not found.
Error: No service named helpsvc was found to stop!
Service\Driver key helpsvc not found.
Error: No service named GTF32BUS was found to stop!
Service\Driver key GTF32BUS not found.
Error: No service named grmnusb was found to stop!
Service\Driver key grmnusb not found.
Error: No service named FVXSCSI was found to stop!
Service\Driver key FVXSCSI not found.
Error: No service named FGDSCSI was found to stop!
Service\Driver key FGDSCSI not found.
Error: No service named FETNDIS was found to stop!
Service\Driver key FETNDIS not found.
Error: No service named ERSvc was found to stop!
Service\Driver key ERSvc not found.
Error: No service named epson_pm_rpcv4_01 was found to stop!
Service\Driver key epson_pm_rpcv4_01 not found.
Error: No service named emupia was found to stop!
Service\Driver key emupia not found.
Error: No service named elbydelay was found to stop!
Service\Driver key elbydelay not found.
Error: No service named dwusbdnt was found to stop!
Service\Driver key dwusbdnt not found.
Error: No service named dsproct was found to stop!
Service\Driver key dsproct not found.
Error: No service named dlcc_device was found to stop!
Service\Driver key dlcc_device not found.
Error: No service named DeviceScanner was found to stop!
Service\Driver key DeviceScanner not found.
Error: No service named db2licd was found to stop!
Service\Driver key db2licd not found.
Error: No service named db2jds was found to stop!
Service\Driver key db2jds not found.
Error: No service named cwbrxd was found to stop!
Service\Driver key cwbrxd not found.
Error: No service named centennialiptransferagent was found to stop!
Service\Driver key centennialiptransferagent not found.
Error: No service named c-dillacdac11ba was found to stop!
Service\Driver key c-dillacdac11ba not found.
Error: No service named botcbs was found to stop!
Service\Driver key botcbs not found.
Error: No service named avg7rsw was found to stop!
Service\Driver key avg7rsw not found.
Error: No service named ATMsg was found to stop!
Service\Driver key ATMsg not found.
Error: No service named atksgt was found to stop!
Service\Driver key atksgt not found.
Error: No service named atiavpci was found to stop!
Service\Driver key atiavpci not found.
Error: No service named atiavaiw was found to stop!
Service\Driver key atiavaiw not found.
Error: No service named ati2mpaa was found to stop!
Service\Driver key ati2mpaa not found.
Error: No service named as32svc was found to stop!
Service\Driver key as32svc not found.
Error: No service named ARCSOFTVIRTUALCAPTURE was found to stop!
Service\Driver key ARCSOFTVIRTUALCAPTURE not found.
Error: No service named amoagent was found to stop!
Service\Driver key amoagent not found.
Error: No service named AmdIde was found to stop!
Service\Driver key AmdIde not found.
Error: No service named aksusb was found to stop!
Service\Driver key aksusb not found.
Error: No service named a8djavs was found to stop!
Service\Driver key a8djavs not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{454D5BFA-30B7-4CDF-98E2-5D78A9DB3271}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{454D5BFA-30B7-4CDF-98E2-5D78A9DB3271}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A37323CD-A4AF-4D12-924B-BE27FB193C1F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A37323CD-A4AF-4D12-924B-BE27FB193C1F}\ not found.
Prefs.js: "Yahoo-Mp3Tube" removed from browser.search..defaultengine
Prefs.js: "Yahoo-Mp3Tube" removed from browser.search..defaultenginename
Prefs.js: "Yahoo-Mp3Tube" removed from browser.search..order.1
Prefs.js: "Yahoo-Mp3Tube" removed from browser.search..selectedEngine
Prefs.js: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=d52d3be656af4865b66f7ff47438abfc&subid=&keywords={searchTerms}" removed from browser.search..selectedEngineURL
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: "http://www.ask.com/?l=dis&o=102868&gct=hp" removed from browser.startup.homepage
Prefs.js: "http://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=" removed from keyword.URL
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 53677 removed from network.proxy.http_port
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with x-ipod-magic-platinum\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
File C:\Documents and Settings\Marc\Local Settings\Application Data\63i36mw078uibsc30k1dd3e5pwi7e0hbpcwq1u5b4a824 not found.
File C:\Documents and Settings\Marc\Local Settings\Application Data\143306s0j286x770y614f0jar4x1 not found.
File C:\Documents and Settings\All Users\Application Data\143306s0j286x770y614f0jar4x1 not found.
File C:\Documents and Settings\All Users\Application Data\~rUUsGBSbT6IWl8 not found.
File C:\Documents and Settings\All Users\Application Data\~rUUsGBSbT6IWl8r not found.
File C:\Documents and Settings\All Users\Application Data\rUUsGBSbT6IWl8 not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\DisableNotifications not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The request is not supported.

Please contact Microsoft Product Support Services for further help.
Additional information: Unable to query host name.
G:\bleepingcomputer\BC repair\cmd.bat deleted successfully.
G:\bleepingcomputer\BC repair\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.34.0 log created on 03022012_094116

Second OTL Copy/Paste
OTL logfile created on: 3/2/2012 9:43:11 AM - Run 2
OTL by OldTimer - Version 3.2.34.0 Folder = G:\bleepingcomputer\BC repair
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.37 Gb Total Physical Memory | 3.02 Gb Available Physical Memory | 89.65% Memory free
5.22 Gb Paging File | 5.07 Gb Available in Paging File | 97.08% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 138.63 Gb Free Space | 59.53% Space Free | Partition Type: NTFS
Drive G: | 1.83 Gb Total Space | 1.81 Gb Free Space | 98.97% Space Free | Partition Type: FAT

Computer Name: BIZARRE | User Name: Marc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: ss_mdfl - File not found
NetSvcs: zenos1 - File not found
NetSvcs: atiavpci - File not found
NetSvcs: a8djavs - File not found
NetSvcs: epson_pm_rpcv4_01 - File not found
NetSvcs: USBVCD - File not found
NetSvcs: W700mgmt - File not found
NetSvcs: wintabservice - File not found
NetSvcs: vaiomediaplatform-musicserver-appserver - File not found
NetSvcs: pduip6000dmemcrdmgr - File not found
NetSvcs: msmframework - File not found
NetSvcs: hpgate - File not found
NetSvcs: c-dillacdac11ba - File not found
NetSvcs: mksupdateint - File not found
NetSvcs: se59mdm - File not found
NetSvcs: symndis - File not found
NetSvcs: sqlagent$pinnaclesys - File not found
NetSvcs: rtl8139 - File not found
NetSvcs: sandboxu - File not found
NetSvcs: houdinilicenseserver - File not found
NetSvcs: USB11LDR - File not found
NetSvcs: Machnm32 - File not found
NetSvcs: FETNDIS - File not found
NetSvcs: avg7rsw - File not found
NetSvcs: NPPTNT - File not found
NetSvcs: VAIOMediaPlatform-MusicServer-HTTP - File not found
NetSvcs: incdrec - File not found
NetSvcs: dsproct - File not found
NetSvcs: as32svc - File not found
NetSvcs: imonnt - File not found
NetSvcs: ssidrv - File not found
NetSvcs: l8042pr2 - File not found
NetSvcs: db2licd - File not found
NetSvcs: VCAM - File not found
NetSvcs: vtserver - File not found
NetSvcs: centennialiptransferagent - File not found
NetSvcs: vmkbd2 - File not found
NetSvcs: vncmirror - File not found
NetSvcs: ixiaendpoint - File not found
NetSvcs: grmnusb - File not found
NetSvcs: ntuneservice - File not found
NetSvcs: soma - File not found
NetSvcs: mbackmonitor - File not found
NetSvcs: WcesComm - File not found
NetSvcs: USBAAPL - File not found
NetSvcs: PdiPorts - File not found
NetSvcs: atksgt - File not found
NetSvcs: dlcc_device - File not found
NetSvcs: MagicTune - File not found
NetSvcs: slave - File not found
NetSvcs: TeamViewer - File not found
NetSvcs: w200bus - File not found
NetSvcs: cwbrxd - File not found
NetSvcs: mcstrm - File not found
NetSvcs: SPLITCAM - File not found
NetSvcs: ScFBPNT3 - File not found
NetSvcs: LVRS - File not found
NetSvcs: openldap-slapd - File not found
NetSvcs: symtdi - File not found
NetSvcs: hpqwmi - File not found
NetSvcs: AmdIde - File not found
NetSvcs: wacomvhid - File not found
NetSvcs: spmd - File not found
NetSvcs: msvad_simple - File not found
NetSvcs: w300bus - File not found
NetSvcs: amoagent - File not found
NetSvcs: SiS7018 - File not found
NetSvcs: hsf_dpv - File not found
NetSvcs: ati2mpaa - File not found
NetSvcs: keriomailserver - File not found
NetSvcs: usbscan - File not found
NetSvcs: ATMsg - File not found
NetSvcs: usbmate - File not found
NetSvcs: GTF32BUS - File not found
NetSvcs: ARCSOFTVIRTUALCAPTURE - File not found
NetSvcs: igateway - File not found
NetSvcs: FGDSCSI - File not found
NetSvcs: MSCamSvc - File not found
NetSvcs: RVIEG01 - File not found
NetSvcs: elbydelay - File not found
NetSvcs: aksusb - File not found
NetSvcs: stirusb - File not found
NetSvcs: ntsyslog - File not found
NetSvcs: lightscribeservice - File not found
NetSvcs: o2flash - File not found
NetSvcs: wmp54gv4svc - File not found
NetSvcs: pca - File not found
NetSvcs: rtl8185 - File not found
NetSvcs: Mvc25U870_VID_1262&PID_25FD - File not found
NetSvcs: s616bus - File not found
NetSvcs: osaio - File not found
NetSvcs: iaimfp3 - File not found
NetSvcs: emupia - File not found
NetSvcs: NETw3x32 - File not found
NetSvcs: mcupdmgr.exe - File not found
NetSvcs: qbfcservice - File not found
NetSvcs: iaimfp0 - File not found
NetSvcs: SNP2UVC - File not found
NetSvcs: DeviceScanner - File not found
NetSvcs: wkscfgsrv - File not found
NetSvcs: IBMTPCHK - File not found
NetSvcs: JiaoCap - File not found
NetSvcs: db2jds - File not found
NetSvcs: FVXSCSI - File not found
NetSvcs: nimcdlbk - File not found
NetSvcs: k56 - File not found
NetSvcs: naveng - File not found
NetSvcs: atiavaiw - File not found
NetSvcs: botcbs - File not found
NetSvcs: richvideo - File not found
NetSvcs: sagefserver - File not found
NetSvcs: winachsx - File not found
NetSvcs: dwusbdnt - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - File not found

========== Custom Scans ==========


< >


< MD5 for: TCPIP.SYS >
[2010/10/13 06:47:05 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=474D3DCCB57DEFCD917311EEC47204B9 -- C:\WINDOWS\system32\drivers\tcpip.sys

< End of report >

#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:05 AM

Posted 02 March 2012 - 10:19 AM

Thanks, please do the following:


:step1: Please download SystemLook from jpshortstuff and save it to your Desktop

Download Mirror #1
Download Mirror #2

  • Double-click the SystemLook and copy-paste the following into the box
    :filefind
    tcpip.sys 
    ipsec.sys 
    spoolsv.exe 
    wscntfy.exe
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply


:step2: Please delete your copy of Combofix (do not uninstall) and then download and run a new copy.

Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 herec0m3strouble

herec0m3strouble
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 02 March 2012 - 11:02 AM

SystemLook Log
SystemLook 30.07.11 by jpshortstuff
Log created at 10:44 on 02/03/2012 by Marc
Administrator - Elevation successful

========== filefind ==========

Searching for "tcpip.sys"
C:\WINDOWS\system32\drivers\tcpip.sys --a---- 361600 bytes [04:47 13/10/2010] [04:47 13/10/2010] 474D3DCCB57DEFCD917311EEC47204B9

Searching for "ipsec.sys"
No files found.

Searching for "spoolsv.exe"
No files found.

Searching for "wscntfy.exe"
No files found.

-= EOF =-


Last ComboFix Log

ComboFix 12-03-02.01 - Marc 03/02/2012 10:46:26.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3454.3092 [GMT 2:00]
Running from: g:\bleepingcomputer\BC repair\curing\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\oobe\msoobe.exe
c:\windows\system32\oobe\oobebaln.exe
.
c:\windows\system32\drivers\ipsec.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-02-02 to 2012-03-02 )))))))))))))))))))))))))))))))
.
.
2012-03-02 08:51 . 2012-03-02 08:51 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-28 22:04 . 2012-02-28 22:04 -------- d-----w- c:\program files\ESET
2012-02-16 09:36 . 2012-02-16 09:37 -------- d-----w- c:\program files\Google
2012-02-05 06:56 . 2012-02-05 06:56 -------- d-----w- c:\program files\Xilisoft
2012-02-05 05:18 . 2012-02-05 06:30 -------- d-----w- c:\documents and settings\Marc\Application Data\Xilisoft
2012-02-04 19:23 . 2012-02-28 22:42 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-21 23:59 . 2008-04-14 12:00 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-10 13:24 . 2011-12-18 11:46 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-16 04:17 . 2011-07-31 09:51 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-10-13 . 474D3DCCB57DEFCD917311EEC47204B9 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-04 14396416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784]
"nwiz"="nwiz.exe" [2005-10-10 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-10 86016]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"syst32"="c:\documents and settings\Marc\Desktop\Log.exe" [2012-01-11 180332]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-07 128512]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, credssp.dll, digest.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Marc\\My Documents\\Downloads\\Programs\\Facemoods.exe"=
.
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [9/29/2011 9:04 AM 21632]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/2/2012 10:51 AM 40776]
S0 lxtyxb;lxtyxb;c:\windows\system32\drivers\atrqs.sys --> c:\windows\system32\drivers\atrqs.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/16/2012 11:37 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/16/2012 11:37 AM 136176]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/28/2011 1:35 AM 436792]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - HELPSVC
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NecUsbSevice REG_MULTI_SZ NecUsb
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
ss_mdfl
zenos1
atiavpci
a8djavs
epson_pm_rpcv4_01
USBVCD
W700mgmt
wintabservice
vaiomediaplatform-musicserver-appserver
pduip6000dmemcrdmgr
msmframework
hpgate
c-dillacdac11ba
mksupdateint
se59mdm
symndis
sqlagent$pinnaclesys
rtl8139
sandboxu
houdinilicenseserver
USB11LDR
Machnm32
FETNDIS
avg7rsw
NPPTNT
VAIOMediaPlatform-MusicServer-HTTP
incdrec
dsproct
as32svc
imonnt
ssidrv
l8042pr2
db2licd
VCAM
vtserver
centennialiptransferagent
vmkbd2
vncmirror
ixiaendpoint
grmnusb
ntuneservice
soma
mbackmonitor
WcesComm
USBAAPL
PdiPorts
atksgt
dlcc_device
MagicTune
slave
TeamViewer
w200bus
cwbrxd
mcstrm
SPLITCAM
ScFBPNT3
LVRS
openldap-slapd
symtdi
hpqwmi
AmdIde
wacomvhid
spmd
msvad_simple
w300bus
amoagent
SiS7018
hsf_dpv
ati2mpaa
keriomailserver
usbscan
ATMsg
usbmate
GTF32BUS
ARCSOFTVIRTUALCAPTURE
igateway
FGDSCSI
MSCamSvc
RVIEG01
elbydelay
aksusb
stirusb
ntsyslog
lightscribeservice
o2flash
wmp54gv4svc
pca
rtl8185
Mvc25U870_VID_1262&PID_25FD
s616bus
osaio
iaimfp3
emupia
NETw3x32
mcupdmgr.exe
qbfcservice
iaimfp0
SNP2UVC
DeviceScanner
wkscfgsrv
IBMTPCHK
JiaoCap
db2jds
FVXSCSI
nimcdlbk
k56
naveng
atiavaiw
botcbs
richvideo
sagefserver
winachsx
dwusbdnt
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
napagent
hkmsvc
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-16 09:54]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-16 09:54]
.
2012-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-920026266-1177238915-1003Core.job
- c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-21 05:00]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-920026266-1177238915-1003UA.job
- c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-21 05:00]
.
2012-03-01 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-06-27 08:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Marc\Application Data\Mozilla\Firefox\Profiles\dksm9748.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.http -
FF - prefs.js: network.proxy.http_port -
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-02 10:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(136)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\system32\nvsvc32.exe
.
**************************************************************************
.
Completion time: 2012-03-02 10:54:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-02 08:54
.
Pre-Run: 148,804,935,680 bytes free
Post-Run: 148,795,060,224 bytes free
.
- - End Of File - - E6E5247D9F00ED68278E2E6897BBC254

#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:05 AM

Posted 02 March 2012 - 11:42 AM

Do you have the Windows XP installation disk?

Can you please tell me what is this: C:\Documents and Settings\Marc\Desktop\Log.exe



We need to execute a ComboFix script.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy-paste the text in the code box below into it:

File::
c:\windows\system32\drivers\atrqs.sys

Driver::
lxtyxb

ClearJavaCache::

FileLook::
C:\Documents and Settings\Marc\Desktop\Log.exe


4. Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

5. Refering to the picture above, drag CFScript into ComboFix.exe

6. When finished, it shall produce a log for you which I will require in your next reply.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 herec0m3strouble

herec0m3strouble
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 02 March 2012 - 12:00 PM

I tried doing a quick search and I have yet to locate the XP cd

C:\Documents and Settings\Marc\Desktop\Log.exe
I'm honestly not sure, i think it is one of the original combofix logs, but when i double click it, this comes up (Couldn't load module 0x000021df.) so I am assuming it isnt that important. :/

here is the CFScrips Combofix log you asked for
ComboFix 12-03-02.01 - Marc 03/02/2012 11:48:28.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3454.3095 [GMT 2:00]
Running from: g:\bleepingcomputer\BC repair\curing\ComboFix.exe
Command switches used :: g:\bleepingcomputer\BC repair\curing\CFScript.txt
.
FILE ::
"c:\windows\system32\drivers\atrqs.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\ipsec.sys . . . is missing!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_lxtyxb
.
.
((((((((((((((((((((((((( Files Created from 2012-02-02 to 2012-03-02 )))))))))))))))))))))))))))))))
.
.
2012-03-02 09:53 . 2012-03-02 09:53 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-29 00:10 . 2012-02-29 00:10 -------- d-----w- c:\windows\system32\xircom
2012-02-29 00:10 . 2012-02-29 00:10 -------- d-----w- c:\windows\system32\wbem\snmp
2012-02-29 00:10 . 2012-02-29 00:10 -------- d-----w- c:\windows\srchasst
2012-02-29 00:10 . 2012-02-29 00:10 -------- d-----w- c:\program files\microsoft frontpage
2012-02-28 22:04 . 2012-02-28 22:04 -------- d-----w- c:\program files\ESET
2012-02-16 09:36 . 2012-02-16 09:37 -------- d-----w- c:\program files\Google
2012-02-05 06:56 . 2012-02-05 06:56 -------- d-----w- c:\program files\Xilisoft
2012-02-05 05:18 . 2012-02-05 06:30 -------- d-----w- c:\documents and settings\Marc\Application Data\Xilisoft
2012-02-04 19:23 . 2012-02-28 22:42 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-21 23:59 . 2008-04-14 12:00 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-10 13:24 . 2011-12-18 11:46 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-16 04:17 . 2011-07-31 09:51 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\documents and settings\Marc\Desktop\Log.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 180332
Created time: 2012-01-11 11:49
Modified time: 2012-01-11 11:48
MD5: 39DF245716CBBC468F0DF2198B7D6FA2
SHA1: ECDAA776E67E05C7536DFDF539AB83712125B288
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-10-13 . 474D3DCCB57DEFCD917311EEC47204B9 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-04 14396416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784]
"nwiz"="nwiz.exe" [2005-10-10 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-10 86016]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"syst32"="c:\documents and settings\Marc\Desktop\Log.exe" [2012-01-11 180332]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-07 128512]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, credssp.dll, digest.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Marc\\My Documents\\Downloads\\Programs\\Facemoods.exe"=
.
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [9/29/2011 9:04 AM 21632]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/16/2012 11:37 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/16/2012 11:37 AM 136176]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/28/2011 1:35 AM 436792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NecUsbSevice REG_MULTI_SZ NecUsb
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
ss_mdfl
zenos1
atiavpci
a8djavs
epson_pm_rpcv4_01
USBVCD
W700mgmt
wintabservice
vaiomediaplatform-musicserver-appserver
pduip6000dmemcrdmgr
msmframework
hpgate
c-dillacdac11ba
mksupdateint
se59mdm
symndis
sqlagent$pinnaclesys
rtl8139
sandboxu
houdinilicenseserver
USB11LDR
Machnm32
FETNDIS
avg7rsw
NPPTNT
VAIOMediaPlatform-MusicServer-HTTP
incdrec
dsproct
as32svc
imonnt
ssidrv
l8042pr2
db2licd
VCAM
vtserver
centennialiptransferagent
vmkbd2
vncmirror
ixiaendpoint
grmnusb
ntuneservice
soma
mbackmonitor
WcesComm
USBAAPL
PdiPorts
atksgt
dlcc_device
MagicTune
slave
TeamViewer
w200bus
cwbrxd
mcstrm
SPLITCAM
ScFBPNT3
LVRS
openldap-slapd
symtdi
hpqwmi
AmdIde
wacomvhid
spmd
msvad_simple
w300bus
amoagent
SiS7018
hsf_dpv
ati2mpaa
keriomailserver
usbscan
ATMsg
usbmate
GTF32BUS
ARCSOFTVIRTUALCAPTURE
igateway
FGDSCSI
MSCamSvc
RVIEG01
elbydelay
aksusb
stirusb
ntsyslog
lightscribeservice
o2flash
wmp54gv4svc
pca
rtl8185
Mvc25U870_VID_1262&PID_25FD
s616bus
osaio
iaimfp3
emupia
NETw3x32
mcupdmgr.exe
qbfcservice
iaimfp0
SNP2UVC
DeviceScanner
wkscfgsrv
IBMTPCHK
JiaoCap
db2jds
FVXSCSI
nimcdlbk
k56
naveng
atiavaiw
botcbs
richvideo
sagefserver
winachsx
dwusbdnt
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
napagent
hkmsvc
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-16 09:54]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-16 09:54]
.
2012-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-920026266-1177238915-1003Core.job
- c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-21 05:00]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-920026266-1177238915-1003UA.job
- c:\documents and settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-21 05:00]
.
2012-03-01 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-06-27 08:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Marc\Application Data\Mozilla\Firefox\Profiles\dksm9748.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.http -
FF - prefs.js: network.proxy.http_port -
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-02 11:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1520)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\system32\nvsvc32.exe
.
**************************************************************************
.
Completion time: 2012-03-02 11:56:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-02 09:56
ComboFix2.txt 2012-03-02 08:54
.
Pre-Run: 148,802,613,248 bytes free
Post-Run: 148,762,607,616 bytes free
.
- - End Of File - - 533E919ED0F0129E9524D6EBC5323978

#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:05 AM

Posted 02 March 2012 - 12:27 PM

Some critical system files are missing, if you can locate the XP installation disk then things will be easier for us. :)


:step1: Please go to http://virscan.org/
  • Navigate the following file path into the "Suspicious files to scan" box on the top of the page:

    C:\Documents and Settings\Marc\Desktop\Log.exe

  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.


:step2: Please click Start > Run > copy-paste the bolded text below then press Enter.

SFC.EXE /SCANNOW

  • The program may (or it may not) ask you for your Windows XP installation CD, please insert it at the prompt.
  • If it doesn't ask you for the CD this means that it wasn't necessary to replace any files.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 herec0m3strouble

herec0m3strouble
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 02 March 2012 - 12:40 PM

http://r.virscan.org/report/a744ebdb0463af21d8edc03c9191fcc1.html

After running what you said, my computer is saying that there were some replaced files and it is asking for the Service Pack 3 CD, unfortunately I can't at this time locate the windows XP cd.

#12 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:05 AM

Posted 02 March 2012 - 09:47 PM

Hi,

Do you have access on another Windows XP PC so that we can grab a copy of those missing files?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#13 herec0m3strouble

herec0m3strouble
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 02 March 2012 - 11:06 PM

Yes ive actually been downloading and poating logs back and fourth the whole time since mine doesnt have internet access

#14 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:05 AM

Posted 02 March 2012 - 11:26 PM

That's great! Now please copy the following files and save them in C:\ drive of the infected PC. Run the OTL scan afterward.

  • c:\windows\system32\drivers\tcpip.sys
  • c:\windows\system32\drivers\ipsec.sys
  • c:\windows\System32\spoolsv.exe
  • c:\windows\System32\wscntfy.exe


Run OTL.
  • Click the None button at the top (Between "Run fix" and "Clean up" button).
  • Copy and Paste the following code into the Custom Scan box.

    /md5start
    tcpip.sys 
    ipsec.sys
    spoolsv.exe 
    wscntfy.exe
    /md5stop
    
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad windows.
  • Please copy (Edit->Select All, Edit->Copy) the contents of that file, and post them when you reply.

Edited by sempai, 02 March 2012 - 11:27 PM.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#15 herec0m3strouble

herec0m3strouble
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 03 March 2012 - 12:10 AM

like just copy the file names?

edit: oh ok nevermind, i get it, sorry, let me see if i can do that now

the only file i was able to locate was tcpip.sys

Edited by herec0m3strouble, 03 March 2012 - 12:23 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users