Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am Infected


  • This topic is locked This topic is locked
26 replies to this topic

#1 Dave Clark

Dave Clark

  • Members
  • 215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tenerife
  • Local time:04:30 PM

Posted 17 May 2012 - 09:25 AM

My WinPatrol and Spyware Guard programs suddenly started to pop up saying that changes were trying to be made to the registry. I have refused all requests but they are incessant. Many programs were added to the startup without my permission and the computer has lost all of my passwords etc.etc.

I have enclosed the DDS Logs but the GMER program crashed after running for 6 hours which caused my computer to reboot. GMER was scanning the System Restore folders when it crashed.

Regards,

Dave

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0
Run by Anyone at 8:42:57 on 2012-05-17
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1062 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Soluto\soluto.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\My Lockbox\mylbx.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\WUAUCLT.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\ScanSoft\TextBridgePro11.0\opware32.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\PS3 Media Server\win32\service\wrapper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Soluto\SolutoService.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Telefonica\bin\tgsrvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Power Translator 11\LogoMedia TranslateDotNet Server.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No File
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: LEC: {1dbab667-a486-421e-afe4-cf07dd0088e5} - c:\program files\power translator 11\applications\LEC IE Translation Extension.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [mylbx] c:\program files\my lockbox\mylbx.exe /a
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Opware15] "c:\program files\scansoft\omnipage15.0\Opware15.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PDF3 Registry Controller] "c:\program files\scansoft\omnipage15.0\pdfconverter3\\RegistryController.exe"
mRun: [Omnipage] c:\program files\scansoft\textbridgepro11.0\opware32.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [AllShareAgent] c:\program files\samsung\allshare\AllShareAgent.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\anyone\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\anyone\startm~1\programs\startup\SHORTC~1.LNK -
StartupFolder: c:\docume~1\anyone\startm~1\programs\startup\shortc~2.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\anyone\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cordle~1.lnk - c:\program files\cordless usb phone\Cordless DUALphone Suite.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: Open with Scansoft PDF Converter 3.0 - c:\program files\scansoft\omnipage15.0\pdfconverter3\IEShellExt.dll /100
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: cleverreach.com\novastor
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://web.atar.rima-tde.net/sdccommon/download/tgctlcm.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277240890953
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
TCP: DhcpNameServer = 80.58.61.250 80.58.61.254
TCP: Interfaces\{5454DA06-5E1D-4D1A-B9A9-7F6123954141} : DhcpNameServer = 80.58.61.250 80.58.61.254
TCP: Interfaces\{FB50D478-4645-4576-8278-4064DD586429} : DhcpNameServer = 80.58.61.250 80.58.61.254
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: accmipca - accmipca.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\anyone\application data\mozilla\firefox\profiles\bhe4gn2q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\documents and settings\anyone\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [2010-5-3 223535]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2011-9-14 41912]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-9-25 56336]
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2012-4-29 51144]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-22 36000]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 RapportCerberus_32029;RapportCerberus_32029;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\32029\RapportCerberus32_32029.sys [2011-10-18 227312]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-9-25 70416]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-9-25 161936]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-22 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-22 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-22 83392]
R2 PS3 Media Server;PS3 Media Server;c:\program files\ps3 media server\win32\service\wrapper.exe [2011-5-17 366872]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-9-25 919352]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2012-4-24 584224]
R2 tgsrvc_telefonica;SupportSoft Repair Service (telefonica);c:\program files\telefonica\bin\tgsrvc.exe [2010-3-29 185640]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2012-4-2 66944]
R3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?]
R3 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-6-24 92008]
R4 synsend;synsend;\??\c:\windows\system32\drivers\775562410.sys --> c:\windows\system32\drivers\775562410.sys [?]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\anyone\desktop\movies temp\rosetta stone\virtual cd rom\vcdrom.sys --> c:\documents and settings\anyone\desktop\movies temp\rosetta stone\virtual cd rom\VCdRom.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\samsung\allshare\allsharedms\AllShareDMS.exe [2012-1-19 25504]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-8 257696]
S3 Backup Client Agent Service;Backup Client Agent Service;c:\program files\novastor\novastor novabackup\ManagementServer.Agent.Service.exe [2011-5-20 205824]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-11 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-11 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-5-17 40776]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2011-2-28 30576]
S3 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files\novastor\novastor novabackup\nsService.exe [2011-5-20 369296]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\samsung\allshare\AllShareSlideShowService.exe [2012-1-19 27584]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 0320991318273962mcinstcleanup;McAfee Application Installer Cleanup (0320991318273962);c:\docume~1\anyone\locals~1\temp\032099~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\anyone\locals~1\temp\032099~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-10-10 94880]
.
=============== Created Last 30 ================
.
2012-05-17 07:09:53 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-05-17 07:01:33 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite
2012-04-29 10:10:12 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-04-29 10:10:08 -------- d-----w- c:\program files\Soluto
.
==================== Find3M ====================
.
2012-05-08 09:11:00 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 09:04:51 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-08 09:04:50 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 09:57:56 1246752 ----a-w- c:\windows\system32\AutoPartNt.exe
2012-03-03 17:53:01 664 ----a-w- c:\windows\system32\d3d9caps.tmp
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-26 15:47:02 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2011-01-15 11:33:46 78 ----a-w- c:\program files\erunt.bat
2004-04-21 10:38:06 446464 ----a-w- c:\program files\HPUSBFW.EXE
2003-11-13 12:00:00 450560 ----a-w- c:\program files\HPUSBF.EXE
.
============= FINISH: 8:44:08.81 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:30 AM

Posted 18 May 2012 - 12:58 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Dave Clark

Dave Clark
  • Topic Starter

  • Members
  • 215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tenerife
  • Local time:04:30 PM

Posted 18 May 2012 - 04:28 AM

Hi Gringo and many thanks for the speedy reply to my topic.
Since posting I thought I would try to solve the problem myself by using my onboard A/V programs and ESET online scanner.
My onboard A/V progs just froze after a while, perhaps when they encountered the virus, the ESET did manage, even though it too froze a couple of times. ESET on first pass found and deleted a virus, viz "Variant of Win 32/Kryptic.AFSH Trojan. On the next pass before it froze it then found 3 more occurances of the same virus. I then ran it again, overnight, and it found another occurance of the same virus. I then got your welcome email.

Since running ComboFix, WinPatrol popped a message "Run Dll as an App Program Associated now = Microsoft Corporation rundll32.exe ieframe.dll,open url %l Changed to = C:\Windows\system32\rundll32.exe C:\Windows\system32\ieframe.dll,OpenURL %l Is this change OK?"
I've left the message open as I'm unsure what to do.

The info you wanted as follows:-

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira Free Antivirus
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Spyder2express
SpywareBlaster 4.4
SpywareGuard v2.2
Spybot - Search & Destroy
SUPERAntiSpyware Professional
McAfee SiteAdvisor
CCleaner
Java™ 7
Adobe Flash Player 11.2.202.228
Adobe Reader X (10.1.3)
Mozilla Firefox (7.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

WinPatrol winpatrol.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
BillP Studios WinPatrol winpatrol.exe
``````````End of Log````````````


ComboFix 12-05-17.08 - Anyone 18/05/2012 9:17.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1156 [GMT 1:00]
Running from: c:\documents and settings\Anyone\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SYNSEND
.
.
((((((((((((((((((((((((( Files Created from 2012-04-18 to 2012-05-18 )))))))))))))))))))))))))))))))
.
.
2012-05-17 07:09 . 2012-05-17 14:14 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-05-17 07:01 . 2012-05-17 07:01 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2012-04-29 10:10 . 2012-04-24 16:13 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-04-29 10:10 . 2012-04-29 10:10 -------- d-----w- c:\program files\Soluto
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 09:11 . 2011-10-22 09:44 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 09:11 . 2011-10-22 09:44 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-08 09:04 . 2012-04-08 07:22 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-08 09:04 . 2011-06-06 07:04 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2001-08-23 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2001-08-23 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2001-08-17 13:48 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 14:56 . 2011-01-08 16:24 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 09:57 . 2010-05-03 19:27 1246752 ----a-w- c:\windows\system32\AutoPartNt.exe
2012-03-03 17:53 . 2012-03-03 17:53 664 ----a-w- c:\windows\system32\d3d9caps.tmp
2012-03-01 11:01 . 2001-08-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2001-08-23 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2001-08-23 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2010-04-30 10:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-26 15:47 . 2012-04-10 20:21 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2011-01-15 11:33 . 2011-01-15 11:33 78 ----a-w- c:\program files\erunt.bat
2004-04-21 10:38 . 2011-11-20 21:46 446464 ----a-w- c:\program files\HPUSBFW.EXE
2003-11-13 12:00 . 2011-11-20 21:46 450560 ----a-w- c:\program files\HPUSBF.EXE
2011-09-29 06:53 . 2011-10-11 21:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-09-12 17351304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-11-17 329096]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Anyone\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Shortcut to Microsoft Outlook.lnk - [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cordless DUALphone Startup.lnk - c:\program files\Cordless USB Phone\Cordless DUALphone Suite.exe [2010-5-3 625000]
SpywareGuard (2).lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NovaBACKUP Tray Control.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NovaBACKUP Tray Control.lnk
backup=c:\windows\pss\NovaBACKUP Tray Control.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QLink.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QLink.lnk
backup=c:\windows\pss\QLink.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Anyone^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Anyone\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Anyone^Start Menu^Programs^Startup^Shortcut to sgmain.lnk]
path=c:\documents and settings\Anyone\Start Menu\Programs\Startup\Shortcut to sgmain.lnk
backup=c:\windows\pss\Shortcut to sgmain.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Anyone^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=c:\documents and settings\Anyone\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=c:\windows\pss\SpywareGuard.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-04-04 05:53 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AllShareAgent]
2012-01-19 11:39 285072 ----a-w- c:\program files\SAMSUNG\AllShare\AllShareAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2005-06-17 06:56 139264 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 04:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mylbx]
2012-02-13 21:19 2138432 ----a-w- c:\program files\My Lockbox\mylbx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-04-19 04:26 7700480 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-04-19 04:26 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
2002-05-14 15:08 49152 ----a-w- c:\program files\ScanSoft\TextBridgePro11.0\opware32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Opware15]
2005-07-05 23:58 69632 ----a-w- c:\program files\ScanSoft\OmniPage15.0\OpWare15.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF3 Registry Controller]
2005-04-12 09:16 106496 ----a-w- c:\program files\ScanSoft\OmniPage15.0\PDFConverter3\registrycontroller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-05-04 12:59 252136 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-01-15 03:41 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-01-30 17:46 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\dcc296\\DCC.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\ImpCnt.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\ZLink\\avi\\avi.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SAMSUNG\\AllShare\\AllShareDMS\\AllShareDMS.exe"=
"c:\\Program Files\\SAMSUNG\\AllShare\\AllShare.exe"=
"c:\\Program Files\\SAMSUNG\\AllShare\\AllShareAgent.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
"c:\\WINDOWS\\system32\\WUAUCLT.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24064:TCP"= 24064:TCP:BitTorrent
.
R0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [03/05/2010 09:24 223535]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [14/09/2011 14:37 41912]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [25/09/2011 19:00 56336]
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [29/04/2012 11:10 51144]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [22/10/2011 10:44 36000]
R1 RapportCerberus_32029;RapportCerberus_32029;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys [18/10/2011 13:29 227312]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [25/09/2011 19:00 70416]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [25/09/2011 19:00 161936]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22/10/2011 10:44 86224]
R2 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [17/05/2011 08:27 366872]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [25/09/2011 18:59 919352]
R2 tgsrvc_telefonica;SupportSoft Repair Service (telefonica);c:\program files\Telefonica\bin\tgsrvc.exe [29/03/2010 09:42 185640]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [02/04/2012 19:03 66944]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [07/06/2010 21:26 47360]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\Anyone\Desktop\Movies Temp\Rosetta Stone\Virtual CD ROM\VCdRom.sys --> c:\documents and settings\Anyone\Desktop\Movies Temp\Rosetta Stone\Virtual CD ROM\VCdRom.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\SAMSUNG\AllShare\AllShareDMS\AllShareDMS.exe [19/01/2012 12:41 25504]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [24/04/2012 17:32 584224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [08/04/2012 08:22 257696]
S3 Backup Client Agent Service;Backup Client Agent Service;c:\program files\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe [20/05/2011 15:28 205824]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/07/2010 10:53 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/07/2010 10:53 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [17/05/2012 08:09 40776]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [28/02/2011 22:28 30576]
S3 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files\NovaStor\NovaStor NovaBACKUP\nsService.exe [20/05/2011 19:01 369296]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 19:15 12872]
S3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\SAMSUNG\AllShare\AllShareSlideShowService.exe [19/01/2012 12:41 27584]
S3 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 15:41 92008]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 0320991318273962mcinstcleanup;McAfee Application Installer Cleanup (0320991318273962);c:\docume~1\Anyone\LOCALS~1\Temp\032099~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\Anyone\LOCALS~1\Temp\032099~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [10/10/2011 20:12 94880]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/07/2010 16:07 691696]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 09:04]
.
2012-05-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-11 09:53]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-11 09:53]
.
2012-05-01 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2010-05-05 14:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: Open with Scansoft PDF Converter 3.0 - c:\program files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
Trusted Zone: cleverreach.com\novastor
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
TCP: DhcpNameServer = 80.58.61.250 80.58.61.254
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Anyone\Application Data\Mozilla\Firefox\Profiles\bhe4gn2q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
.
- - - - ORPHANS REMOVED - - - -
.
Notify-accmipca - accmipca.dll
Notify-avgrsstarter - (no file)
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-18 09:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2052111302-1409082233-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FAE7143-D9AF-A29B-C1C3-A51F7AF14627}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iapicjodnilhanlflo"=hex:6b,61,62,65,6f,6e,6c,64,65,66,61,61,6c,61,6c,6c,6c,69,
62,6f,6b,67,00,7c
"hanliplhpbbpcmgn"=hex:6b,61,62,65,6f,6e,6c,64,65,66,61,61,6c,61,6c,6c,6c,69,
62,6f,6b,67,00,7c
"halicepdenggobla"=hex:6b,61,61,6a,69,66,67,6c,61,6e,61,67,62,6c,66,6c,6f,6d,
70,61,6d,69,00,00
"halicepdbnjcjlcg"=hex:70,62,61,6b,64,64,6a,6b,67,61,61,67,67,69,61,69,63,70,
61,64,63,6d,62,64,61,65,67,69,6a,6f,6c,64,6f,61,6c,64,63,65,67,68,63,63,62,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\documents and settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
.
- - - - - - - > 'explorer.exe'(2504)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\windows\system32\java.exe
c:\windows\System32\snmp.exe
c:\progra~1\MICROS~2\Office10\OUTLOOK.EXE
c:\windows\system32\devldr32.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\SAgent4.exe
c:\windows\system32\fxssvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Raxco\PerfectDisk\PDEngine.exe
c:\program files\Microsoft Office\Office10\WINWORD.EXE
.
**************************************************************************
.
Completion time: 2012-05-18 09:45:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-18 08:45
.
Pre-Run: 295,973,814,272 bytes free
Post-Run: 296,895,397,888 bytes free
.
- - End Of File - - 5158582A00F34F0C6EC8106D26CD51FC

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:30 AM

Posted 18 May 2012 - 07:13 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Dave Clark

Dave Clark
  • Topic Starter

  • Members
  • 215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tenerife
  • Local time:04:30 PM

Posted 18 May 2012 - 07:43 AM

Hi Gringo

Logs as requested

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-18 13:19:51
-----------------------------
13:19:51.531 OS Version: Windows 5.1.2600 Service Pack 3
13:19:51.531 Number of processors: 2 586 0x205
13:19:51.531 ComputerName: USER357 UserName: Anyone
13:19:52.484 Initialize success
13:25:31.343 AVAST engine defs: 12051701
13:25:36.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
13:25:36.953 Disk 0 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 3
13:25:36.984 Disk 0 MBR read successfully
13:25:36.984 Disk 0 MBR scan
13:25:37.078 Disk 0 Windows XP default MBR code
13:25:37.078 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 384893 MB offset 63
13:25:37.125 Disk 0 Partition - 00 0F Extended LBA 568973 MB offset 788261355
13:25:37.140 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 367008 MB offset 788261418
13:25:37.156 Disk 0 Partition - 00 05 Extended 201965 MB offset 1539894510
13:25:37.187 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 201965 MB offset 1539894573
13:25:37.234 Disk 0 scanning sectors +1953520065
13:25:37.328 Disk 0 scanning C:\WINDOWS\system32\drivers
13:26:01.078 Service scanning
13:26:24.171 Modules scanning
13:26:28.937 Disk 0 trace - called modules:
13:26:28.937 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:26:28.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a783ab8]
13:26:28.937 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000078[0x8a7cc2f0]
13:26:28.937 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a7cc030]
13:26:33.171 AVAST engine scan C:\WINDOWS
13:26:49.156 AVAST engine scan C:\WINDOWS\system32
13:34:29.796 AVAST engine scan C:\WINDOWS\system32\drivers
13:35:09.078 AVAST engine scan C:\Documents and Settings\Anyone
13:37:05.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Anyone\Desktop\MBR.dat"
13:37:05.421 The log file has been saved successfully to "C:\Documents and Settings\Anyone\Desktop\aswMBR.txt"


13:16:43.0250 2100 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
13:16:43.0640 2100 ============================================================
13:16:43.0640 2100 Current date / time: 2012/05/18 13:16:43.0640
13:16:43.0640 2100 SystemInfo:
13:16:43.0640 2100
13:16:43.0640 2100 OS Version: 5.1.2600 ServicePack: 3.0
13:16:43.0640 2100 Product type: Workstation
13:16:43.0640 2100 ComputerName: USER357
13:16:43.0640 2100 UserName: Anyone
13:16:43.0640 2100 Windows directory: C:\WINDOWS
13:16:43.0640 2100 System windows directory: C:\WINDOWS
13:16:43.0640 2100 Processor architecture: Intel x86
13:16:43.0640 2100 Number of processors: 2
13:16:43.0640 2100 Page size: 0x1000
13:16:43.0640 2100 Boot type: Normal boot
13:16:43.0640 2100 ============================================================
13:16:45.0703 2100 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:16:45.0703 2100 ============================================================
13:16:45.0703 2100 \Device\Harddisk0\DR0:
13:16:45.0703 2100 MBR partitions:
13:16:45.0703 2100 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2EFBE9AC
13:16:45.0734 2100 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EFBEA2A, BlocksNum 0x2CCD02C4
13:16:45.0750 2100 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x5BC8ED2D, BlocksNum 0x18A76C94
13:16:45.0750 2100 ============================================================
13:16:45.0781 2100 C: <-> \Device\Harddisk0\DR0\Partition0
13:16:45.0875 2100 D: <-> \Device\Harddisk0\DR0\Partition1
13:16:45.0890 2100 E: <-> \Device\Harddisk0\DR0\Partition2
13:16:45.0890 2100 ============================================================
13:16:45.0890 2100 Initialize success
13:16:45.0890 2100 ============================================================
13:17:30.0562 2408 ============================================================
13:17:30.0562 2408 Scan started
13:17:30.0562 2408 Mode: Manual;
13:17:30.0562 2408 ============================================================
13:17:31.0187 2408 0320991318273962mcinstcleanup - ok
13:17:31.0296 2408 aarich (020a4d26c5ef982c6688ccdaf1afbefe) C:\WINDOWS\system32\DRIVERS\aarich.sys
13:17:31.0296 2408 aarich - ok
13:17:31.0296 2408 Abiosdsk - ok
13:17:31.0312 2408 abp480n5 - ok
13:17:31.0343 2408 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:17:31.0343 2408 ACPI - ok
13:17:31.0359 2408 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:17:31.0359 2408 ACPIEC - ok
13:17:31.0421 2408 AcrSch2Svc (46a5cbb09b8f0c46f8cbe9210e5e3be2) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
13:17:31.0421 2408 AcrSch2Svc - ok
13:17:31.0453 2408 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
13:17:31.0453 2408 Adobe LM Service - ok
13:17:31.0515 2408 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:17:31.0531 2408 AdobeFlashPlayerUpdateSvc - ok
13:17:31.0531 2408 adpu160m - ok
13:17:31.0546 2408 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:17:31.0562 2408 aec - ok
13:17:31.0593 2408 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:17:31.0656 2408 AFD - ok
13:17:31.0671 2408 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:17:31.0671 2408 agp440 - ok
13:17:31.0687 2408 Aha154x - ok
13:17:31.0687 2408 aic78u2 - ok
13:17:31.0703 2408 aic78xx - ok
13:17:31.0734 2408 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
13:17:31.0734 2408 Alerter - ok
13:17:31.0750 2408 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
13:17:31.0750 2408 ALG - ok
13:17:31.0765 2408 AliIde - ok
13:17:31.0765 2408 amsint - ok
13:17:31.0828 2408 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:17:31.0828 2408 AntiVirSchedulerService - ok
13:17:31.0843 2408 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:17:31.0843 2408 AntiVirService - ok
13:17:31.0921 2408 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:17:31.0921 2408 Apple Mobile Device - ok
13:17:31.0953 2408 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
13:17:31.0953 2408 AppMgmt - ok
13:17:31.0968 2408 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:17:32.0062 2408 Arp1394 - ok
13:17:32.0062 2408 asc - ok
13:17:32.0078 2408 asc3350p - ok
13:17:32.0078 2408 asc3550 - ok
13:17:32.0125 2408 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
13:17:32.0171 2408 Aspi32 - ok
13:17:32.0250 2408 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:17:32.0250 2408 aspnet_state - ok
13:17:32.0281 2408 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:17:32.0281 2408 AsyncMac - ok
13:17:32.0312 2408 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:17:32.0312 2408 atapi - ok
13:17:32.0328 2408 Atdisk - ok
13:17:32.0343 2408 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:17:32.0375 2408 Atmarpc - ok
13:17:32.0406 2408 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
13:17:32.0406 2408 AudioSrv - ok
13:17:32.0421 2408 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:17:32.0453 2408 audstub - ok
13:17:32.0468 2408 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:17:32.0468 2408 avgntflt - ok
13:17:32.0531 2408 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:17:32.0593 2408 avipbb - ok
13:17:32.0609 2408 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
13:17:32.0656 2408 avkmgr - ok
13:17:32.0718 2408 Backup Client Agent Service (18e324f7489d459d9bbcc20eb345a7ef) C:\Program Files\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe
13:17:32.0718 2408 Backup Client Agent Service - ok
13:17:32.0750 2408 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:17:32.0750 2408 Beep - ok
13:17:32.0765 2408 bgsvcgen - ok
13:17:32.0796 2408 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
13:17:32.0859 2408 BITS - ok
13:17:32.0921 2408 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:17:32.0937 2408 Bonjour Service - ok
13:17:32.0953 2408 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
13:17:32.0968 2408 Browser - ok
13:17:33.0000 2408 Capture Device Service (3014ca345e8ad68587babfb162dddec5) C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
13:17:33.0000 2408 Capture Device Service - ok
13:17:33.0031 2408 Cardex (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPANEL.SYS
13:17:33.0078 2408 Cardex - ok
13:17:33.0078 2408 catchme - ok
13:17:33.0109 2408 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:17:33.0156 2408 cbidf2k - ok
13:17:33.0187 2408 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:17:33.0218 2408 CCDECODE - ok
13:17:33.0234 2408 cd20xrnt - ok
13:17:33.0234 2408 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:17:33.0296 2408 Cdaudio - ok
13:17:33.0328 2408 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:17:33.0328 2408 Cdfs - ok
13:17:33.0359 2408 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:17:33.0406 2408 Cdrom - ok
13:17:33.0406 2408 Changer - ok
13:17:33.0437 2408 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
13:17:33.0453 2408 cisvc - ok
13:17:33.0468 2408 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
13:17:33.0484 2408 ClipSrv - ok
13:17:33.0531 2408 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:17:33.0546 2408 clr_optimization_v2.0.50727_32 - ok
13:17:33.0578 2408 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:17:33.0593 2408 clr_optimization_v4.0.30319_32 - ok
13:17:33.0593 2408 CmdIde - ok
13:17:33.0609 2408 COMSysApp - ok
13:17:33.0625 2408 Cpqarray - ok
13:17:33.0656 2408 cpuz135 - ok
13:17:33.0671 2408 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
13:17:33.0671 2408 CryptSvc - ok
13:17:33.0703 2408 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
13:17:33.0718 2408 ctljystk - ok
13:17:33.0765 2408 cvspydr2 (c6644d1a70c050fdd7ecbe8c3ac05313) C:\WINDOWS\system32\DRIVERS\cvspydr2.sys
13:17:33.0796 2408 cvspydr2 - ok
13:17:33.0796 2408 dac2w2k - ok
13:17:33.0812 2408 dac960nt - ok
13:17:33.0843 2408 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:17:33.0875 2408 DcomLaunch - ok
13:17:33.0906 2408 DefragFS (4bb22f61e7257ed353a39130b3ed2461) C:\WINDOWS\system32\drivers\DefragFS.sys
13:17:33.0906 2408 DefragFS - ok
13:17:33.0937 2408 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
13:17:33.0937 2408 Dhcp - ok
13:17:33.0937 2408 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:17:33.0953 2408 Disk - ok
13:17:33.0953 2408 dmadmin - ok
13:17:34.0000 2408 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:17:34.0046 2408 dmboot - ok
13:17:34.0062 2408 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:17:34.0078 2408 dmio - ok
13:17:34.0078 2408 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:17:34.0078 2408 dmload - ok
13:17:34.0109 2408 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
13:17:34.0109 2408 dmserver - ok
13:17:34.0125 2408 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:17:34.0156 2408 DMusic - ok
13:17:34.0203 2408 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
13:17:34.0203 2408 Dnscache - ok
13:17:34.0234 2408 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
13:17:34.0250 2408 Dot3svc - ok
13:17:34.0250 2408 dpti2o - ok
13:17:34.0265 2408 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:17:34.0312 2408 drmkaud - ok
13:17:34.0343 2408 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
13:17:34.0375 2408 dvd43llh - ok
13:17:34.0406 2408 E1000 (1dc189cd47ad4c8ca214b234b84ca228) C:\WINDOWS\system32\DRIVERS\e1000325.sys
13:17:34.0453 2408 E1000 - ok
13:17:34.0484 2408 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
13:17:34.0484 2408 EapHost - ok
13:17:34.0515 2408 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys
13:17:34.0546 2408 emu10k - ok
13:17:34.0562 2408 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys
13:17:34.0578 2408 emu10k1 - ok
13:17:34.0687 2408 EPSON_EB_RPCV4_01 (ec6a73cd8413f68655e5e0b99c415a21) C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
13:17:34.0687 2408 EPSON_EB_RPCV4_01 - ok
13:17:34.0703 2408 EPSON_PM_RPCV4_01 (8fe6ab59cab8f2c038fea9522a5eeba7) C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
13:17:34.0703 2408 EPSON_PM_RPCV4_01 - ok
13:17:34.0718 2408 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
13:17:34.0734 2408 ERSvc - ok
13:17:34.0750 2408 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:17:34.0765 2408 Eventlog - ok
13:17:34.0781 2408 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
13:17:34.0796 2408 EventSystem - ok
13:17:34.0828 2408 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:17:34.0828 2408 Fastfat - ok
13:17:34.0859 2408 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:17:34.0875 2408 FastUserSwitchingCompatibility - ok
13:17:34.0906 2408 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
13:17:34.0921 2408 Fax - ok
13:17:34.0921 2408 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:17:34.0968 2408 Fdc - ok
13:17:34.0984 2408 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:17:35.0031 2408 Fips - ok
13:17:35.0109 2408 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:17:35.0109 2408 FLEXnet Licensing Service - ok
13:17:35.0140 2408 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:17:35.0171 2408 Flpydisk - ok
13:17:35.0203 2408 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:17:35.0203 2408 FltMgr - ok
13:17:35.0265 2408 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:17:35.0265 2408 FontCache3.0.0.0 - ok
13:17:35.0281 2408 FSProFilter (3528c9ec493ca524a877d217c7d51600) C:\WINDOWS\system32\Drivers\FSPFltd.sys
13:17:35.0281 2408 FSProFilter - ok
13:17:35.0312 2408 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:17:35.0343 2408 Fs_Rec - ok
13:17:35.0359 2408 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:17:35.0359 2408 Ftdisk - ok
13:17:35.0390 2408 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
13:17:35.0421 2408 gameenum - ok
13:17:35.0453 2408 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:17:35.0484 2408 GEARAspiWDM - ok
13:17:35.0515 2408 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
13:17:35.0562 2408 giveio - ok
13:17:35.0578 2408 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:17:35.0609 2408 Gpc - ok
13:17:35.0671 2408 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
13:17:35.0671 2408 gupdate - ok
13:17:35.0687 2408 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
13:17:35.0703 2408 gupdatem - ok
13:17:35.0968 2408 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:17:36.0000 2408 helpsvc - ok
13:17:36.0125 2408 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
13:17:36.0171 2408 HidServ - ok
13:17:36.0234 2408 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:17:36.0343 2408 HidUsb - ok
13:17:36.0421 2408 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
13:17:36.0421 2408 hkmsvc - ok
13:17:36.0437 2408 hpn - ok
13:17:36.0437 2408 hpt3xx - ok
13:17:36.0468 2408 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:17:36.0468 2408 HTTP - ok
13:17:36.0484 2408 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
13:17:36.0515 2408 HTTPFilter - ok
13:17:36.0515 2408 i2omgmt - ok
13:17:36.0531 2408 i2omp - ok
13:17:36.0546 2408 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:17:36.0578 2408 i8042prt - ok
13:17:36.0625 2408 IAANTMon (d43e91e271c041bb86a6223462a41d28) C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
13:17:36.0640 2408 IAANTMon - ok
13:17:36.0687 2408 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys
13:17:36.0703 2408 iaStor - ok
13:17:36.0812 2408 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:17:36.0828 2408 idsvc - ok
13:17:36.0906 2408 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:17:36.0937 2408 Imapi - ok
13:17:36.0984 2408 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
13:17:37.0000 2408 ImapiService - ok
13:17:37.0000 2408 ini910u - ok
13:17:37.0015 2408 IntelIde - ok
13:17:37.0046 2408 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:17:37.0093 2408 intelppm - ok
13:17:37.0109 2408 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:17:37.0109 2408 ip6fw - ok
13:17:37.0140 2408 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:17:37.0187 2408 IpFilterDriver - ok
13:17:37.0218 2408 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:17:37.0250 2408 IpInIp - ok
13:17:37.0281 2408 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:17:37.0281 2408 IpNat - ok
13:17:37.0343 2408 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
13:17:37.0359 2408 iPod Service - ok
13:17:37.0390 2408 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:17:37.0406 2408 IPSec - ok
13:17:37.0421 2408 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:17:37.0437 2408 IRENUM - ok
13:17:37.0484 2408 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:17:37.0484 2408 isapnp - ok
13:17:37.0500 2408 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:17:37.0500 2408 Kbdclass - ok
13:17:37.0515 2408 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:17:37.0531 2408 kmixer - ok
13:17:37.0546 2408 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:17:37.0562 2408 KSecDD - ok
13:17:37.0593 2408 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
13:17:37.0609 2408 lanmanserver - ok
13:17:37.0640 2408 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
13:17:37.0656 2408 lanmanworkstation - ok
13:17:37.0671 2408 Lavasoft Kernexplorer - ok
13:17:37.0671 2408 Lbd - ok
13:17:37.0687 2408 lbrtfdc - ok
13:17:37.0765 2408 LEC TranslateDotNet Server (93cb5d5cc6e81275471087cadfebff90) C:\Program Files\Power Translator 11\LogoMedia TranslateDotNet Server.exe
13:17:37.0796 2408 LEC TranslateDotNet Server - ok
13:17:37.0843 2408 LightScribeService (6e5dac168d1ff9843e84a59d51d31107) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
13:17:37.0843 2408 LightScribeService - ok
13:17:37.0875 2408 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
13:17:37.0890 2408 LmHosts - ok
13:17:37.0906 2408 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
13:17:37.0968 2408 ltmodem5 - ok
13:17:38.0015 2408 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
13:17:38.0046 2408 MBAMSwissArmy - ok
13:17:38.0125 2408 McAfee SiteAdvisor Service (f5f945ab625031a276c6a8e8f92c3bdc) c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
13:17:38.0125 2408 McAfee SiteAdvisor Service - ok
13:17:38.0156 2408 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
13:17:38.0203 2408 mcdbus - ok
13:17:38.0265 2408 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
13:17:38.0265 2408 MDM - ok
13:17:38.0296 2408 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
13:17:38.0312 2408 Messenger - ok
13:17:38.0343 2408 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:17:38.0359 2408 mnmdd - ok
13:17:38.0406 2408 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
13:17:38.0421 2408 mnmsrvc - ok
13:17:38.0437 2408 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:17:38.0468 2408 Modem - ok
13:17:38.0500 2408 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
13:17:38.0531 2408 MODEMCSA - ok
13:17:38.0531 2408 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:17:38.0578 2408 Mouclass - ok
13:17:38.0609 2408 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:17:38.0625 2408 MountMgr - ok
13:17:38.0640 2408 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
13:17:38.0640 2408 MpFilter - ok
13:17:38.0656 2408 mraid35x - ok
13:17:38.0671 2408 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:17:38.0671 2408 MRxDAV - ok
13:17:38.0734 2408 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:17:38.0734 2408 MRxSmb - ok
13:17:38.0812 2408 MSCamSvc (d98350792a7ce82e7459a7c36481beda) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
13:17:38.0812 2408 MSCamSvc - ok
13:17:38.0828 2408 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
13:17:38.0843 2408 MSDTC - ok
13:17:38.0859 2408 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:17:38.0859 2408 Msfs - ok
13:17:38.0890 2408 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\WINDOWS\system32\Drivers\nx6000.sys
13:17:38.0921 2408 MSHUSBVideo - ok
13:17:38.0937 2408 MSIServer - ok
13:17:38.0968 2408 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:17:39.0015 2408 MSKSSRV - ok
13:17:39.0015 2408 MsMpSvc - ok
13:17:39.0046 2408 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:17:39.0078 2408 MSPCLOCK - ok
13:17:39.0109 2408 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:17:39.0140 2408 MSPQM - ok
13:17:39.0140 2408 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:17:39.0156 2408 mssmbios - ok
13:17:39.0187 2408 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:17:39.0218 2408 MSTEE - ok
13:17:39.0250 2408 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:17:39.0250 2408 Mup - ok
13:17:39.0281 2408 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:17:39.0312 2408 NABTSFEC - ok
13:17:39.0359 2408 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
13:17:39.0375 2408 napagent - ok
13:17:39.0453 2408 NBService (87a00faedd703d8d2bdcb29ce5eeea6b) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
13:17:39.0468 2408 NBService - ok
13:17:39.0484 2408 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:17:39.0500 2408 NDIS - ok
13:17:39.0515 2408 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:17:39.0546 2408 NdisIP - ok
13:17:39.0578 2408 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:17:39.0625 2408 NdisTapi - ok
13:17:39.0656 2408 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:17:39.0687 2408 Ndisuio - ok
13:17:39.0734 2408 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:17:39.0781 2408 NdisWan - ok
13:17:39.0812 2408 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:17:39.0859 2408 NDProxy - ok
13:17:39.0859 2408 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:17:39.0859 2408 NetBIOS - ok
13:17:39.0906 2408 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:17:39.0953 2408 NetBT - ok
13:17:39.0984 2408 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:17:40.0000 2408 NetDDE - ok
13:17:40.0000 2408 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:17:40.0015 2408 NetDDEdsdm - ok
13:17:40.0031 2408 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:17:40.0046 2408 Netlogon - ok
13:17:40.0078 2408 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
13:17:40.0093 2408 Netman - ok
13:17:40.0156 2408 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:17:40.0156 2408 NetTcpPortSharing - ok
13:17:40.0171 2408 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:17:40.0218 2408 NIC1394 - ok
13:17:40.0250 2408 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
13:17:40.0265 2408 Nla - ok
13:17:40.0312 2408 NMIndexingService - ok
13:17:40.0375 2408 NMSAccess (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Program Files\CDBurnerXP\NMSAccessU.exe
13:17:40.0375 2408 NMSAccess - ok
13:17:40.0390 2408 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:17:40.0390 2408 Npfs - ok
13:17:40.0437 2408 nsService (531c38a4932a7587c5ec2f7792dfe4ec) C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe
13:17:40.0453 2408 nsService - ok
13:17:40.0484 2408 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:17:40.0500 2408 Ntfs - ok
13:17:40.0515 2408 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
13:17:40.0515 2408 NtLmSsp - ok
13:17:40.0562 2408 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
13:17:40.0578 2408 NtmsSvc - ok
13:17:40.0593 2408 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:17:40.0609 2408 Null - ok
13:17:40.0765 2408 nv (34c114da0a5e03219444e46f122ff5a3) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:17:41.0015 2408 nv - ok
13:17:41.0109 2408 NVSvc (ff8112711b5f9823d4595579b2130955) C:\WINDOWS\system32\nvsvc32.exe
13:17:41.0125 2408 NVSvc - ok
13:17:41.0140 2408 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:17:41.0171 2408 NwlnkFlt - ok
13:17:41.0203 2408 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:17:41.0234 2408 NwlnkFwd - ok
13:17:41.0265 2408 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:17:41.0265 2408 ohci1394 - ok
13:17:41.0296 2408 OOD2000 (18cd59b762829860f96dc2569f1a7ad2) C:\WINDOWS\system32\OOD2000.exe
13:17:41.0312 2408 OOD2000 - ok
13:17:41.0343 2408 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:17:41.0375 2408 Parport - ok
13:17:41.0375 2408 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:17:41.0390 2408 PartMgr - ok
13:17:41.0437 2408 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:17:41.0468 2408 ParVdm - ok
13:17:41.0500 2408 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:17:41.0500 2408 PCI - ok
13:17:41.0515 2408 PCIDump - ok
13:17:41.0531 2408 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:17:41.0531 2408 PCIIde - ok
13:17:41.0546 2408 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:17:41.0593 2408 Pcmcia - ok
13:17:41.0625 2408 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
13:17:41.0656 2408 pcouffin - ok
13:17:41.0843 2408 PDAgent (05fab274d308f266a29300327e4fc757) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
13:17:41.0890 2408 PDAgent - ok
13:17:41.0953 2408 PDCOMP - ok
13:17:42.0093 2408 PDEngine (e3b9ad125fb87bdd99b271a6da065f60) C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
13:17:42.0125 2408 PDEngine - ok
13:17:42.0156 2408 PDFRAME - ok
13:17:42.0171 2408 PDRELI - ok
13:17:42.0187 2408 PDRFRAME - ok
13:17:42.0187 2408 perc2 - ok
13:17:42.0203 2408 perc2hib - ok
13:17:42.0234 2408 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:17:42.0265 2408 PlugPlay - ok
13:17:42.0281 2408 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:17:42.0296 2408 PolicyAgent - ok
13:17:42.0312 2408 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:17:42.0359 2408 PptpMiniport - ok
13:17:42.0390 2408 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
13:17:42.0437 2408 PQNTDrv - ok
13:17:42.0453 2408 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
13:17:42.0500 2408 Processor - ok
13:17:42.0500 2408 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:17:42.0515 2408 ProtectedStorage - ok
13:17:42.0609 2408 PS3 Media Server (e2e47486f9d39145daea03d007587a02) C:\Program Files\PS3 Media Server\win32\service\wrapper.exe
13:17:42.0625 2408 PS3 Media Server - ok
13:17:42.0625 2408 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:17:42.0671 2408 PSched - ok
13:17:42.0718 2408 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:17:42.0750 2408 Ptilink - ok
13:17:42.0796 2408 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:17:42.0796 2408 PxHelp20 - ok
13:17:42.0812 2408 ql1080 - ok
13:17:42.0812 2408 Ql10wnt - ok
13:17:42.0828 2408 ql12160 - ok
13:17:42.0843 2408 ql1240 - ok
13:17:42.0843 2408 ql1280 - ok
13:17:42.0953 2408 RapportCerberus_32029 (9919c63e9150af648c42d28b5d72a32f) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys
13:17:43.0015 2408 RapportCerberus_32029 - ok
13:17:43.0062 2408 RapportEI (90bc0b9ef6106b8f5f762bdf4f0ad723) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
13:17:43.0109 2408 RapportEI - ok
13:17:43.0125 2408 RapportKELL (8cc04334a2fda2b6d79631dbe62f5cd0) C:\WINDOWS\system32\Drivers\RapportKELL.sys
13:17:43.0125 2408 RapportKELL - ok
13:17:43.0203 2408 RapportMgmtService (f05d972bc3e532210a9a35d35ba2e889) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
13:17:43.0218 2408 RapportMgmtService - ok
13:17:43.0234 2408 RapportPG (a16ba67cf3f448bd163246dd725b7ffc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
13:17:43.0281 2408 RapportPG - ok
13:17:43.0281 2408 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:17:43.0312 2408 RasAcd - ok
13:17:43.0359 2408 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
13:17:43.0375 2408 RasAuto - ok
13:17:43.0390 2408 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:17:43.0437 2408 Rasl2tp - ok
13:17:43.0468 2408 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
13:17:43.0484 2408 RasMan - ok
13:17:43.0500 2408 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:17:43.0531 2408 RasPppoe - ok
13:17:43.0562 2408 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:17:43.0593 2408 Raspti - ok
13:17:43.0625 2408 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:17:43.0640 2408 Rdbss - ok
13:17:43.0656 2408 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:17:43.0703 2408 RDPCDD - ok
13:17:43.0718 2408 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:17:43.0765 2408 rdpdr - ok
13:17:43.0796 2408 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
13:17:43.0843 2408 RDPWD - ok
13:17:43.0875 2408 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
13:17:43.0890 2408 RDSessMgr - ok
13:17:43.0906 2408 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:17:43.0953 2408 redbook - ok
13:17:44.0000 2408 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
13:17:44.0015 2408 RemoteAccess - ok
13:17:44.0031 2408 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
13:17:44.0046 2408 RemoteRegistry - ok
13:17:44.0062 2408 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
13:17:44.0062 2408 RpcLocator - ok
13:17:44.0109 2408 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
13:17:44.0125 2408 RpcSs - ok
13:17:44.0140 2408 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
13:17:44.0156 2408 RSVP - ok
13:17:44.0187 2408 RTL8023 (29f9879a1fd386f7251ae9fdadb2cbf1) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
13:17:44.0218 2408 RTL8023 - ok
13:17:44.0250 2408 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
13:17:44.0281 2408 rtl8139 - ok
13:17:44.0328 2408 SABProcEnum - ok
13:17:44.0343 2408 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:17:44.0343 2408 SamSs - ok
13:17:44.0390 2408 SamsungAllShareV2.0 (9d19e17449c8e8759d6872f662104321) C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
13:17:44.0406 2408 SamsungAllShareV2.0 - ok
13:17:44.0437 2408 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:17:44.0500 2408 SASDIFSV - ok
13:17:44.0531 2408 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
13:17:44.0593 2408 SASENUM - ok
13:17:44.0625 2408 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:17:44.0703 2408 SASKUTIL - ok
13:17:44.0718 2408 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
13:17:44.0781 2408 SCardSvr - ok
13:17:44.0796 2408 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
13:17:44.0828 2408 Schedule - ok
13:17:44.0859 2408 ScsiAccess (54196cdac7e1d81d71c652e100b99e77) C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
13:17:44.0875 2408 ScsiAccess - ok
13:17:44.0890 2408 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:17:44.0921 2408 Secdrv - ok
13:17:44.0953 2408 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
13:17:44.0968 2408 seclogon - ok
13:17:44.0968 2408 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
13:17:45.0000 2408 SENS - ok
13:17:45.0000 2408 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:17:45.0031 2408 serenum - ok
13:17:45.0062 2408 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:17:45.0093 2408 Serial - ok
13:17:45.0125 2408 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:17:45.0187 2408 Sfloppy - ok
13:17:45.0234 2408 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys
13:17:45.0265 2408 sfman - ok
13:17:45.0296 2408 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
13:17:45.0312 2408 SharedAccess - ok
13:17:45.0343 2408 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:17:45.0359 2408 ShellHWDetection - ok
13:17:45.0375 2408 Simbad - ok
13:17:45.0406 2408 SimpleSlideShowServer (1435bf57b18b3fd2c28060ef4374e704) C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe
13:17:45.0421 2408 SimpleSlideShowServer - ok
13:17:45.0437 2408 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:17:45.0453 2408 SLIP - ok
13:17:45.0500 2408 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\WINDOWS\system32\DRIVERS\snapman.sys
13:17:45.0515 2408 snapman - ok
13:17:45.0531 2408 SNMP (60c377be6b3cc83f6a8584934b181d2e) C:\WINDOWS\System32\snmp.exe
13:17:45.0546 2408 SNMP - ok
13:17:45.0562 2408 SNMPTRAP (80a050795a107a76c2b1cd4cfbe010e6) C:\WINDOWS\System32\snmptrap.exe
13:17:45.0578 2408 SNMPTRAP - ok
13:17:46.0375 2408 SNPSTD3 (11bb0e11d42cc3a43d741d9b30839be1) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
13:17:46.0609 2408 SNPSTD3 - ok
13:17:47.0578 2408 Soluto (ff35c2d01ac36b446a1b997f305f0fc2) C:\WINDOWS\system32\DRIVERS\Soluto.sys
13:17:47.0593 2408 Soluto - ok
13:17:47.0703 2408 SolutoService (ed8397986be35c11bfb321636d6991ee) C:\Program Files\Soluto\SolutoService.exe
13:17:47.0718 2408 SolutoService - ok
13:17:47.0734 2408 Sparrow - ok
13:17:47.0765 2408 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:17:47.0812 2408 splitter - ok
13:17:47.0843 2408 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:17:47.0859 2408 Spooler - ok
13:17:47.0921 2408 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\System32\Drivers\sptd.sys
13:17:48.0000 2408 sptd - ok
13:17:48.0062 2408 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:17:48.0062 2408 sr - ok
13:17:48.0093 2408 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
13:17:48.0109 2408 srservice - ok
13:17:48.0140 2408 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:17:48.0156 2408 Srv - ok
13:17:48.0171 2408 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
13:17:48.0187 2408 SSDPSRV - ok
13:17:48.0218 2408 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:17:48.0250 2408 ssmdrv - ok
13:17:48.0296 2408 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
13:17:48.0328 2408 StarOpen - ok
13:17:48.0359 2408 StatusAgent4 (453811dda054e871f8b397a38821c511) C:\WINDOWS\system32\SAgent4.exe
13:17:48.0375 2408 StatusAgent4 - ok
13:17:48.0406 2408 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
13:17:48.0453 2408 stisvc - ok
13:17:48.0484 2408 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:17:48.0500 2408 streamip - ok
13:17:48.0562 2408 SupportSoft RemoteAssist - ok
13:17:48.0578 2408 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:17:48.0625 2408 swenum - ok
13:17:48.0640 2408 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:17:48.0687 2408 swmidi - ok
13:17:48.0687 2408 SwPrv - ok
13:17:48.0703 2408 symc810 - ok
13:17:48.0718 2408 symc8xx - ok
13:17:48.0718 2408 sym_hi - ok
13:17:48.0734 2408 sym_u3 - ok
13:17:48.0875 2408 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:17:48.0921 2408 sysaudio - ok
13:17:48.0953 2408 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
13:17:48.0984 2408 SysmonLog - ok
13:17:49.0000 2408 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
13:17:49.0046 2408 taphss - ok
13:17:49.0078 2408 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
13:17:49.0109 2408 TapiSrv - ok
13:17:49.0125 2408 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPanel.sys
13:17:49.0140 2408 TBPanel - ok
13:17:49.0171 2408 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:17:49.0187 2408 Tcpip - ok
13:17:49.0203 2408 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:17:49.0234 2408 TDPIPE - ok
13:17:49.0265 2408 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:17:49.0296 2408 TDTCP - ok
13:17:49.0328 2408 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:17:49.0343 2408 TermDD - ok
13:17:49.0390 2408 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
13:17:49.0421 2408 TermService - ok
13:17:49.0437 2408 tgsrvc_telefonica - ok
13:17:49.0484 2408 thdudf (9d4bbd6e27b5562aea8295de7134e386) C:\WINDOWS\system32\DRIVERS\thdudf.sys
13:17:49.0484 2408 thdudf - ok
13:17:49.0500 2408 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:17:49.0531 2408 Themes - ok
13:17:49.0531 2408 tifsfilter (b84b82c0cbeb1b0d7eb7a946bade5830) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
13:17:49.0546 2408 tifsfilter - ok
13:17:49.0578 2408 timounter (74711884439bdf9ccf446c79cb05fac0) C:\WINDOWS\system32\DRIVERS\timntr.sys
13:17:49.0578 2408 timounter - ok
13:17:49.0625 2408 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
13:17:49.0656 2408 TlntSvr - ok
13:17:49.0687 2408 TomTomHOMEService (f32e7cd2339c66760aa5178924b21e6b) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
13:17:49.0687 2408 TomTomHOMEService - ok
13:17:49.0703 2408 TosIde - ok
13:17:49.0718 2408 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
13:17:49.0734 2408 TrkWks - ok
13:17:49.0750 2408 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:17:49.0750 2408 Udfs - ok
13:17:49.0812 2408 UleadBurningHelper (5da331be5e7f226a49b269c102a782fd) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
13:17:49.0812 2408 UleadBurningHelper - ok
13:17:49.0828 2408 ultra - ok
13:17:49.0875 2408 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:17:49.0921 2408 Update - ok
13:17:49.0937 2408 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
13:17:49.0968 2408 upnphost - ok
13:17:49.0984 2408 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
13:17:50.0000 2408 UPS - ok
13:17:50.0031 2408 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:17:50.0062 2408 USBAAPL - ok
13:17:50.0093 2408 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:17:50.0140 2408 usbaudio - ok
13:17:50.0187 2408 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:17:50.0218 2408 usbccgp - ok
13:17:50.0250 2408 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:17:50.0281 2408 usbehci - ok
13:17:50.0296 2408 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:17:50.0343 2408 usbhub - ok
13:17:50.0375 2408 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:17:50.0421 2408 usbprint - ok
13:17:50.0453 2408 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:17:50.0515 2408 usbscan - ok
13:17:50.0546 2408 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:17:50.0578 2408 USBSTOR - ok
13:17:50.0609 2408 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:17:50.0656 2408 usbuhci - ok
13:17:50.0687 2408 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
13:17:50.0718 2408 usbvideo - ok
13:17:50.0796 2408 vcdrom - ok
13:17:50.0828 2408 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:17:50.0859 2408 VgaSave - ok
13:17:50.0875 2408 ViaIde - ok
13:17:50.0906 2408 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:17:50.0906 2408 VolSnap - ok
13:17:50.0937 2408 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
13:17:50.0953 2408 VSS - ok
13:17:50.0984 2408 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
13:17:51.0000 2408 W32Time - ok
13:17:51.0031 2408 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:17:51.0078 2408 Wanarp - ok
13:17:51.0078 2408 WDICA - ok
13:17:51.0109 2408 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:17:51.0156 2408 wdmaud - ok
13:17:51.0187 2408 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
13:17:51.0203 2408 WebClient - ok
13:17:51.0265 2408 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:17:51.0265 2408 winmgmt - ok
13:17:51.0312 2408 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
13:17:51.0328 2408 WmdmPmSN - ok
13:17:51.0359 2408 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
13:17:51.0375 2408 Wmi - ok
13:17:51.0406 2408 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
13:17:51.0421 2408 WmiApSrv - ok
13:17:51.0500 2408 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
13:17:51.0515 2408 WMPNetworkSvc - ok
13:17:51.0640 2408 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:17:51.0656 2408 WPFFontCache_v0400 - ok
13:17:51.0750 2408 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:17:51.0781 2408 WS2IFSL - ok
13:17:51.0843 2408 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
13:17:51.0859 2408 wscsvc - ok
13:17:51.0890 2408 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:17:51.0921 2408 WSTCODEC - ok
13:17:51.0937 2408 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
13:17:51.0953 2408 wuauserv - ok
13:17:52.0000 2408 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:17:52.0031 2408 WudfPf - ok
13:17:52.0046 2408 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:17:52.0093 2408 WudfRd - ok
13:17:52.0125 2408 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
13:17:52.0140 2408 WudfSvc - ok
13:17:52.0171 2408 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
13:17:52.0203 2408 WZCSVC - ok
13:17:52.0218 2408 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
13:17:52.0250 2408 xmlprov - ok
13:17:52.0296 2408 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:17:52.0781 2408 \Device\Harddisk0\DR0 - ok
13:17:52.0796 2408 Boot (0x1200) (f43120a4f38d07cf5ddeb53e34cc51cb) \Device\Harddisk0\DR0\Partition0
13:17:52.0796 2408 \Device\Harddisk0\DR0\Partition0 - ok
13:17:52.0812 2408 Boot (0x1200) (93b243732575c81b492b255350bb2df8) \Device\Harddisk0\DR0\Partition1
13:17:52.0812 2408 \Device\Harddisk0\DR0\Partition1 - ok
13:17:52.0843 2408 Boot (0x1200) (8121463a02dcb6660f4509908670342c) \Device\Harddisk0\DR0\Partition2
13:17:52.0843 2408 \Device\Harddisk0\DR0\Partition2 - ok
13:17:52.0843 2408 ============================================================
13:17:52.0843 2408 Scan finished
13:17:52.0859 2408 ============================================================
13:17:52.0859 0264 Detected object count: 0
13:17:52.0859 0264 Actual detected object count: 0
13:19:33.0421 2244 Deinitialize success


Regards,

Dave

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:30 AM

Posted 18 May 2012 - 07:50 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

RegNull::
[HKEY_USERS\S-1-5-21-2052111302-1409082233-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FAE7143-D9AF-A29B-C1C3-A51F7AF14627}*]

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Dave Clark

Dave Clark
  • Topic Starter

  • Members
  • 215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tenerife
  • Local time:04:30 PM

Posted 18 May 2012 - 09:02 AM

Hi Gringo,
Had a bit of a scare as Combofix didn't like the script on the notepad program I was using and stalled. When I tried to connect to the internet I had no internet connection at all, so I had to use my laptop to copy the text file into ComboFix and when it ran again I was again connected to the internet. Phew!!

Do you think the computer is now clean? and did ESET clear the Virus or was it the programs that you had me run? It is just for future reference. Is it safe to do what I did ie: run ESET. I'm not getting any of the continuos popups that I had when the virus was active.
Another question, is AVAST Free better than Avira Free, which is what I have at the present time, I only ask as Avira could not cope with the virus and just either stalled or shut down, I assume when it hit the virus.
Also was the virus dangerous in either computer harm or more importantly in security, re passwords, banking etc.

I've got to go out for about 3 hours, so if there's anything further then I'll sort it as soon as I get back and I'll also try running some progs etc to see if it's back to normal.

Regards,

Dave

ComboFix 12-05-17.08 - Anyone 18/05/2012 14:20:32.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1332 [GMT 1:00]
Running from: c:\documents and settings\Anyone\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Anyone\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-18 to 2012-05-18 )))))))))))))))))))))))))))))))
.
.
2012-05-17 07:09 . 2012-05-17 14:14 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-05-17 07:01 . 2012-05-17 07:01 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2012-04-29 10:10 . 2012-04-24 16:13 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-04-29 10:10 . 2012-04-29 10:10 -------- d-----w- c:\program files\Soluto
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 09:11 . 2011-10-22 09:44 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 09:11 . 2011-10-22 09:44 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-08 09:04 . 2012-04-08 07:22 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-08 09:04 . 2011-06-06 07:04 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2001-08-23 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2001-08-23 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2001-08-17 13:48 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 14:56 . 2011-01-08 16:24 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 09:57 . 2010-05-03 19:27 1246752 ----a-w- c:\windows\system32\AutoPartNt.exe
2012-03-03 17:53 . 2012-03-03 17:53 664 ----a-w- c:\windows\system32\d3d9caps.tmp
2012-03-01 11:01 . 2001-08-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2001-08-23 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2001-08-23 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2010-04-30 10:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-26 15:47 . 2012-04-10 20:21 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2011-01-15 11:33 . 2011-01-15 11:33 78 ----a-w- c:\program files\erunt.bat
2004-04-21 10:38 . 2011-11-20 21:46 446464 ----a-w- c:\program files\HPUSBFW.EXE
2003-11-13 12:00 . 2011-11-20 21:46 450560 ----a-w- c:\program files\HPUSBF.EXE
2011-09-29 06:53 . 2011-10-11 21:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-18_08.38.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\assembly\temp\W5EVCT2R4T\System.EnterpriseServices.Wrapper.dll
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\assembly\temp\CT27KPUBWD\System.dll
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\assembly\temp\CHARK92JST\System.Transactions.dll
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\assembly\temp\A7CD6RO5E7\System.Data.dll
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\assembly\temp\49IBKXAN09\System.XML.dll
+ 2012-05-18 13:33 . 2012-05-18 13:33 16384 c:\windows\Temp\Perflib_Perfdata_478.dat
+ 2001-08-23 12:00 . 2012-05-18 13:34 84618 c:\windows\system32\perfc009.dat
- 2001-08-23 12:00 . 2012-05-12 09:28 84618 c:\windows\system32\perfc009.dat
+ 2011-07-06 19:20 . 2008-04-14 04:42 69120 c:\windows\notepado.exe
+ 2012-01-20 06:12 . 2012-01-20 06:12 79112 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
- 2012-01-19 07:14 . 2012-01-19 07:14 79112 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
+ 2012-05-18 13:33 . 2010-03-18 12:16 87408 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\WindowsFormsIntegration.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 93024 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\UIAutomationTypes.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 35688 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\UIAutomationProvider.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 17784 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Windows.Presentation.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 58240 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Windows.Input.Manipulations.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 44920 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Web.ApplicationServices.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 37240 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.ServiceModel.Channels.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 64352 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Numerics.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 51032 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Device.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 50552 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Data.DataSetExtensions.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 81784 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Configuration.Install.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 81800 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.ComponentModel.DataAnnotations.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 39784 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.AddIn.Contract.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 68952 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\SMDiagnostics.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 12128 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\Microsoft.VisualC.Dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 97680 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 78168 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\ISymWrapper.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 81248 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\CustomMarshalers.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\Accessibility.dll
+ 2012-05-18 13:34 . 2012-05-18 13:34 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-12 09:21 . 2012-05-12 09:21 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-05-18 13:34 . 2012-05-18 13:34 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
- 2012-05-12 09:21 . 2012-05-12 09:21 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
- 2012-05-12 09:21 . 2012-05-12 09:21 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2012-05-18 13:34 . 2012-05-18 13:34 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2001-08-23 12:00 . 2012-05-18 13:34 494640 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2012-05-12 09:28 494640 c:\windows\system32\perfh009.dat
+ 2012-01-20 13:42 . 2012-01-20 13:42 616216 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
+ 2012-01-20 06:12 . 2012-01-20 06:12 296712 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUi.dll
- 2012-01-19 07:14 . 2012-01-19 07:14 296712 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUi.dll
- 2012-01-19 07:14 . 2012-01-19 07:14 810768 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupEngine.dll
+ 2012-01-20 06:12 . 2012-01-20 06:12 810768 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupEngine.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 350592 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\UIAutomationClientsideProviders.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 163168 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\UIAutomationClient.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 138592 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Xml.Linq.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 699224 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Xaml.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 857960 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Web.Services.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 269672 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Transactions.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 675672 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Speech.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 113512 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.ServiceProcess.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 129912 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.ServiceModel.Routing.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 390008 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.ServiceModel.Discovery.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 505208 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.ServiceModel.Activities.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 261472 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Security.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 122264 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 291184 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Runtime.Remoting.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 349568 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Runtime.DurableInstancing.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 334688 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Printing.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 231760 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Net.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 253280 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Messaging.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 134528 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Management.Instrumentation.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 378720 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Management.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 123736 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.IO.Log.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 125816 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.IdentityModel.Selectors.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 392552 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.IdentityModel.dll
+ 2012-05-18 13:33 . 2010-03-17 23:51 109568 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.EnterpriseServices.Wrapper.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 246128 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.EnterpriseServices.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 120152 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Dynamic.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 607064 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Drawing.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 182144 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.DirectoryServices.Protocols.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 395120 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.DirectoryServices.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 285072 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.DirectoryServices.AccountManagement.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 829280 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Deployment.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 747360 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Data.SqlXml.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 436600 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Data.Services.Client.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 683872 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Data.Linq.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 409448 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.configuration.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 210816 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.ComponentModel.Composition.dll
+ 2012-05-18 13:33 . 2011-12-15 07:07 156440 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.AddIn.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 122248 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Activities.DurableInstancing.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 525704 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Activities.Core.Presentation.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 112976 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\sysglobl.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 581464 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\ReachFramework.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 832856 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\PresentationUI.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 194424 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\PresentationFramework.Royale.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 478576 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\PresentationFramework.Luna.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 167288 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\PresentationFramework.Classic.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 232304 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\PresentationFramework.Aero.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 661352 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\Microsoft.VisualBasic.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 349576 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\Microsoft.VisualBasic.Compatibility.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 170368 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 387960 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\Microsoft.Transactions.Bridge.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 746336 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\Microsoft.JScript.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 505184 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\Microsoft.CSharp.dll
- 2012-05-12 09:21 . 2012-05-12 09:21 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-05-18 13:34 . 2012-05-18 13:34 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-05-12 09:21 . 2012-05-12 09:21 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-05-18 13:34 . 2012-05-18 13:34 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-05-18 13:34 . 2012-05-18 13:34 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-12 09:21 . 2012-05-12 09:21 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-05-18 13:34 . 2012-05-18 13:34 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-12 09:21 . 2012-05-12 09:21 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-05-18 13:33 . 2012-01-19 07:14 1372432 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\WindowsBase.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 2207568 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.XML.dll
+ 2012-05-18 13:33 . 2011-12-15 07:07 5029160 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Windows.Forms.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 1711496 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Windows.Forms.DataVisualization.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 6067048 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.ServiceModel.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 1026936 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Runtime.Serialization.dll
+ 2012-05-18 13:33 . 2011-12-15 07:07 3512584 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 4464480 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Data.Entity.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 2970968 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Data.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 1339736 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Core.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 1462648 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Activities.Presentation.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 1199968 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\System.Activities.dll
+ 2012-05-18 13:33 . 2012-01-19 07:14 6432552 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\PresentationFramework.dll
+ 2012-05-18 13:33 . 2012-01-19 07:14 3792160 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\PresentationCore.dll
+ 2012-05-18 13:33 . 2011-12-15 07:07 5202192 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\mscorlib.dll
+ 2012-05-18 13:33 . 2010-03-18 12:16 2989456 c:\windows\Microsoft.NET\Framework\v4.0.30319\GAC37460\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-05-18 13:34 . 2012-05-18 13:34 5202192 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-05-12 09:21 . 2012-05-12 09:21 5202192 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-22 09:09 . 2012-01-22 09:09 1700352 c:\windows\Installer\10d1e2a.msp
- 2012-02-16 20:20 . 2012-02-16 20:20 2048000 c:\windows\assembly\temp\49IBKXAN09\System.XML.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-09-12 17351304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-11-17 329096]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Anyone\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Shortcut to Microsoft Outlook.lnk - [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cordless DUALphone Startup.lnk - c:\program files\Cordless USB Phone\Cordless DUALphone Suite.exe [2010-5-3 625000]
SpywareGuard (2).lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NovaBACKUP Tray Control.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NovaBACKUP Tray Control.lnk
backup=c:\windows\pss\NovaBACKUP Tray Control.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QLink.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QLink.lnk
backup=c:\windows\pss\QLink.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Anyone^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Anyone\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Anyone^Start Menu^Programs^Startup^Shortcut to sgmain.lnk]
path=c:\documents and settings\Anyone\Start Menu\Programs\Startup\Shortcut to sgmain.lnk
backup=c:\windows\pss\Shortcut to sgmain.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Anyone^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=c:\documents and settings\Anyone\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=c:\windows\pss\SpywareGuard.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-04-04 05:53 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AllShareAgent]
2012-01-19 11:39 285072 ----a-w- c:\program files\SAMSUNG\AllShare\AllShareAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2005-06-17 06:56 139264 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 04:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mylbx]
2012-02-13 21:19 2138432 ----a-w- c:\program files\My Lockbox\mylbx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-04-19 04:26 7700480 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-04-19 04:26 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
2002-05-14 15:08 49152 ----a-w- c:\program files\ScanSoft\TextBridgePro11.0\opware32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Opware15]
2005-07-05 23:58 69632 ----a-w- c:\program files\ScanSoft\OmniPage15.0\OpWare15.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF3 Registry Controller]
2005-04-12 09:16 106496 ----a-w- c:\program files\ScanSoft\OmniPage15.0\PDFConverter3\registrycontroller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-05-04 12:59 252136 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-01-15 03:41 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-01-30 17:46 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\dcc296\\DCC.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\ImpCnt.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\ZLink\\avi\\avi.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SAMSUNG\\AllShare\\AllShareDMS\\AllShareDMS.exe"=
"c:\\Program Files\\SAMSUNG\\AllShare\\AllShare.exe"=
"c:\\Program Files\\SAMSUNG\\AllShare\\AllShareAgent.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
"c:\\WINDOWS\\system32\\WUAUCLT.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24064:TCP"= 24064:TCP:BitTorrent
.
R0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [03/05/2010 09:24 223535]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [14/09/2011 14:37 41912]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [25/09/2011 19:00 56336]
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [29/04/2012 11:10 51144]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [22/10/2011 10:44 36000]
R1 RapportCerberus_32029;RapportCerberus_32029;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys [18/10/2011 13:29 227312]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [25/09/2011 19:00 70416]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [25/09/2011 19:00 161936]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22/10/2011 10:44 86224]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [25/09/2011 18:59 919352]
R2 tgsrvc_telefonica;SupportSoft Repair Service (telefonica);c:\program files\Telefonica\bin\tgsrvc.exe [29/03/2010 09:42 185640]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [02/04/2012 19:03 66944]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [07/06/2010 21:26 47360]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\Anyone\Desktop\Movies Temp\Rosetta Stone\Virtual CD ROM\VCdRom.sys --> c:\documents and settings\Anyone\Desktop\Movies Temp\Rosetta Stone\Virtual CD ROM\VCdRom.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [17/05/2011 08:27 366872]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\SAMSUNG\AllShare\AllShareDMS\AllShareDMS.exe [19/01/2012 12:41 25504]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [24/04/2012 17:32 584224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [08/04/2012 08:22 257696]
S3 Backup Client Agent Service;Backup Client Agent Service;c:\program files\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe [20/05/2011 15:28 205824]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/07/2010 10:53 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/07/2010 10:53 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [17/05/2012 08:09 40776]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [28/02/2011 22:28 30576]
S3 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files\NovaStor\NovaStor NovaBACKUP\nsService.exe [20/05/2011 19:01 369296]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 19:15 12872]
S3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\SAMSUNG\AllShare\AllShareSlideShowService.exe [19/01/2012 12:41 27584]
S3 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 15:41 92008]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 0320991318273962mcinstcleanup;McAfee Application Installer Cleanup (0320991318273962);c:\docume~1\Anyone\LOCALS~1\Temp\032099~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\Anyone\LOCALS~1\Temp\032099~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [10/10/2011 20:12 94880]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/07/2010 16:07 691696]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 99142925
*NewlyCreated* - ASWMBR
*Deregistered* - 99142925
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 09:04]
.
2012-05-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-11 09:53]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-11 09:53]
.
2012-05-01 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2010-05-05 14:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: Open with Scansoft PDF Converter 3.0 - c:\program files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
Trusted Zone: cleverreach.com\novastor
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
TCP: DhcpNameServer = 80.58.61.250 80.58.61.254
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Anyone\Application Data\Mozilla\Firefox\Profiles\bhe4gn2q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-18 14:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RapportIaso]
"ImagePath"="\??\c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\documents and settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
.
- - - - - - - > 'explorer.exe'(2444)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-05-18 14:40:34
ComboFix-quarantined-files.txt 2012-05-18 13:40
ComboFix2.txt 2012-05-18 08:45
.
Pre-Run: 296,799,219,712 bytes free
Post-Run: 296,597,114,880 bytes free
.
- - End Of File - - 309227E00BCDA0DE3C31CA34AB761DC1

Edited by Dave Clark, 18 May 2012 - 09:04 AM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:30 AM

Posted 18 May 2012 - 11:15 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

BitTorrent
Java™ 7
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Dave Clark

Dave Clark
  • Topic Starter

  • Members
  • 215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tenerife
  • Local time:04:30 PM

Posted 18 May 2012 - 12:38 PM

Hi Gringo,
Before I start on the additional tasks,
The computer keeps restarting on it's own and the startup menu's keep changing,
Spybot is now constantly coming up with requests for changes to the registry. I have compiled a brief list of some of them, most of which seem very strange.

Startup ctfmon.exe (which according to Bleeping Computer is a Virus.
Ditto NoDriveTypeAutoRun ??
Ditto NoDrives
Delete in registry AutoRun Command Processor
Change to registry UserNit ?
Add to Registry BootExecute
Add DisableRegistryTools
Add solutoinstaller.exe
Ditto ExcludeFromKnownDlls
Firewall Delete Google\Google Earth\client
Firewall Add %windir%\system32\sessmgr.exe:*:enabled:@_____________(changed to quickly)
Firewall Add %windir%Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll.-20000
Firewall Add Nero
Firewall Add Bittorrent
Firewall Add dcc296\DCC.exe:*:Enabled
Firewall Add Incredimail
Firewall Add C:\Windows\system32\dpvsetup.exe:*:Enabled:MS Dirct Play Voice Test
Ditto |system32\spool\drivers w32x86\3\SAGENT4.EXE:*:Disabled:SAgent4
Ditto \xscint.exe:*:Enabled:
Ditto |AVG
The list just keeps on repeating no matter wether I allow or Deny the change

What do I do next? run the programs you have said in your last post?

Dave

#10 Dave Clark

Dave Clark
  • Topic Starter

  • Members
  • 215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tenerife
  • Local time:04:30 PM

Posted 18 May 2012 - 01:13 PM

Hi Gringo,
My Avira A/V started up and is running now and already there are 8 warnings, don't know what they are as the prog is still running

Dave

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:30 AM

Posted 18 May 2012 - 04:31 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Dave Clark

Dave Clark
  • Topic Starter

  • Members
  • 215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tenerife
  • Local time:04:30 PM

Posted 18 May 2012 - 05:02 PM

Hi Gringo,

Getting late here in Tenerife so please leave me instructions for tomorrow, including if you want me to run the programs in your previous post. I've included the log you want and also the report from the warnings issued by Avira AV.

OTL logfile created on: 18/05/2012 22:35:54 - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Anyone\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 48.92% Memory free
3.85 Gb Paging File | 2.65 Gb Available in Paging File | 68.91% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 375.87 Gb Total Space | 275.91 Gb Free Space | 73.40% Space Free | Partition Type: NTFS
Drive D: | 358.41 Gb Total Space | 311.14 Gb Free Space | 86.81% Space Free | Partition Type: NTFS
Drive E: | 197.23 Gb Total Space | 151.25 Gb Free Space | 76.69% Space Free | Partition Type: NTFS

Computer Name: USER357 | User Name: Anyone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Anyone\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\WINDOWS\system32\java.exe (Oracle Corporation)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\PS3 Media Server\win32\service\wrapper.exe (Tanuki Software, Ltd.)
PRC - C:\Program Files\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Program Files\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\Telefonica\bin\tgsrvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe (RTX Products A/S)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\vsnpstd3.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\SpywareGuard\sgmain.exe ()
PRC - C:\Program Files\SpywareGuard\sgbhp.exe ()
PRC - C:\WINDOWS\system32\SAgent4.exe (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\system32\devldr32.exe (Creative Technology Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\IncrediMail\Bin\wlessfp1.dll ()
MOD - C:\Program Files\IncrediMail\Bin\ImLookExU.dll ()
MOD - C:\Program Files\IncrediMail\Bin\ImComUtlU.dll ()
MOD - C:\Program Files\IncrediMail\Bin\ImAppRU.dll ()
MOD - C:\Program Files\IncrediMail\Bin\PMC.dll ()
MOD - C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\nvshell.dll ()
MOD - C:\WINDOWS\system32\nvapi.dll ()
MOD - C:\Program Files\Vtune\TBPanelExt.dll ()
MOD - C:\WINDOWS\vsnpstd3.exe ()
MOD - C:\Program Files\SpywareGuard\sgmain.exe ()
MOD - C:\Program Files\SpywareGuard\sgbhp.exe ()
MOD - C:\Program Files\SpywareGuard\dlprotect.dll ()
MOD - C:\Program Files\SpywareGuard\spywareguard.dll ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe File not found
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe File not found
SRV - (bgsvcgen) -- C:\WINDOWS\system32\bgsvcgen.exe File not found
SRV - (0320991318273962mcinstcleanup) McAfee Application Installer Cleanup (0320991318273962) -- C:\DOCUME~1\Anyone\LOCALS~1\Temp\032099~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto)
SRV - (SamsungAllShareV2.0) -- C:\Program Files\SAMSUNG\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
SRV - (SimpleSlideShowServer) -- C:\Program Files\SAMSUNG\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (nsService) -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe (NovaStor)
SRV - (Backup Client Agent Service) -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe (NovaStor Corporation)
SRV - (PS3 Media Server) -- C:\Program Files\PS3 Media Server\win32\service\wrapper.exe (Tanuki Software, Ltd.)
SRV - (ScsiAccess) -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe ()
SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.)
SRV - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (tgsrvc_telefonica) SupportSoft Repair Service (telefonica) -- C:\Program Files\Telefonica\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (LEC TranslateDotNet Server) -- C:\Program Files\Power Translator 11\LogoMedia TranslateDotNet Server.exe (Language Engineering Corporation, LLC)
SRV - (Capture Device Service) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (IAANTMon) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (StatusAgent4) -- C:\WINDOWS\system32\SAgent4.exe (SEIKO EPSON CORPORATION)
SRV - (OOD2000) -- C:\WINDOWS\system32\OOD2000.exe (O&O Software GmbH)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (vcdrom) -- C:\Documents and Settings\Anyone\Desktop\Movies Temp\Rosetta Stone\Virtual CD ROM\VCdRom.sys File not found
DRV - (SABProcEnum) -- C:\Program Files\Internet Explorer\SABProcEnum.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (cpuz135) -- C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Soluto) -- C:\WINDOWS\system32\drivers\Soluto.sys (Soluto LTD.)
DRV - (thdudf) -- C:\WINDOWS\system32\drivers\thdudf.sys (TOSHIBA Corporation)
DRV - (RapportCerberus_32029) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys ()
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\system32\drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (FSProFilter) -- C:\WINDOWS\system32\drivers\FSPFltd.sys (FSPro Labs)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (DefragFS) -- C:\WINDOWS\System32\drivers\DefragFs.sys (Raxco Software, Inc.)
DRV - (MSHUSBVideo) -- C:\WINDOWS\system32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\WINDOWS\system32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (TBPanel) -- C:\WINDOWS\System32\drivers\TBPanel.sys (Windows ® 2000 DDK provider)
DRV - (Cardex) -- C:\WINDOWS\system32\drivers\TBPanel.sys (Windows ® 2000 DDK provider)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (aarich) -- C:\WINDOWS\system32\drivers\aarich.sys (Adaptec, Inc.)
DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (cvspydr2) -- C:\WINDOWS\system32\drivers\cvspydr2.sys (Colorvision Inc)
DRV - (sfman) Creative SoundFont Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) Creative Interface Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) Creative SB Live! (WDM) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2052111302-1409082233-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2052111302-1409082233-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2052111302-1409082233-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2052111302-1409082233-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2052111302-1409082233-725345543-1003\..\SearchScopes\{b167b83b-348e-4f8a-a00d-693f28ede787}: "URL" = http://search.expatshield.com/g/results.php?c=s&q={searchTerms}
IE - HKU\S-1-5-21-2052111302-1409082233-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2052111302-1409082233-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.87
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/10/10 20:12:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/11 19:10:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/30 16:38:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/13 07:48:22 | 000,000,000 | ---D | M]

[2010/07/27 09:11:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anyone\Application Data\Mozilla\Extensions
[2010/07/27 09:11:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anyone\Application Data\Mozilla\Extensions\home2@tomtom.com
[2012/05/01 17:43:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anyone\Application Data\Mozilla\Firefox\Profiles\bhe4gn2q.default\extensions
[2011/01/06 14:29:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Anyone\Application Data\Mozilla\Firefox\Profiles\bhe4gn2q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2012/05/01 17:43:06 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Anyone\Application Data\Mozilla\Firefox\Profiles\bhe4gn2q.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010/08/05 17:44:23 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Anyone\Application Data\Mozilla\Firefox\Profiles\bhe4gn2q.default\extensions\firefox@tvunetworks.com
[2011/10/11 22:15:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/05 19:59:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2012/04/11 19:10:24 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011/10/10 20:12:55 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010/10/08 17:33:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/29 07:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/05 19:58:33 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/29 01:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Anyone\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Documents and Settings\Anyone\Application Data\Mozilla\plugins\npPxPlay.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\WINDOWS\system32\TVUAx\npTVUAx.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Documents and Settings\Anyone\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Anyone\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/05/18 09:37:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (LEC) - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files\Power Translator 11\Applications\LEC IE Translation Extension.dll (Language Engineering Corporation, LLC)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-2052111302-1409082233-725345543-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-2052111302-1409082233-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cordless DUALphone Startup.lnk = C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe (RTX Products A/S)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpywareGuard (2).lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Documents and Settings\Anyone\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Anyone\Start Menu\Programs\Startup\Shortcut to Microsoft Outlook.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2052111302-1409082233-725345543-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2052111302-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll (ScanSoft, Inc.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKU\S-1-5-21-2052111302-1409082233-725345543-1003\..Trusted Domains: cleverreach.com ([novastor] http in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1409082233-725345543-1003\..Trusted Domains: google-analytics.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1409082233-725345543-1003\..Trusted Domains: novastor.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-1409082233-725345543-1003\..Trusted Domains: novastor.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://web.atar.rima-tde.net/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277240890953 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5454DA06-5E1D-4D1A-B9A9-7F6123954141}: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB50D478-4645-4576-8278-4064DD586429}: DhcpNameServer = 80.58.61.250 80.58.61.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\accmipca: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Anyone\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Anyone\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/30 10:44:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/18 22:33:58 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Anyone\Desktop\OTL.exe
[2012/05/18 13:16:28 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Anyone\Desktop\aswMBR.exe
[2012/05/18 13:15:43 | 002,126,424 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Anyone\Desktop\tdsskiller.exe
[2012/05/18 09:14:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/18 09:14:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/18 09:14:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/18 09:14:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/18 09:13:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/18 09:10:00 | 004,496,857 | R--- | C] (Swearware) -- C:\Documents and Settings\Anyone\Desktop\ComboFix.exe
[2012/05/17 08:09:53 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/17 08:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anyone\My Documents\NovaBACKUP
[2012/05/17 08:01:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012/05/16 20:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anyone\Desktop\New Folder
[2012/05/14 19:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anyone\Desktop\Temp
[2012/04/29 11:10:12 | 000,051,144 | ---- | C] (Soluto LTD.) -- C:\WINDOWS\System32\drivers\Soluto.sys
[2012/04/29 11:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2012/04/29 11:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Soluto
[2011/11/20 22:46:45 | 000,450,560 | ---- | C] (Hewlett-Packard Company) -- C:\Program Files\HPUSBF.EXE
[2011/11/20 22:46:44 | 000,446,464 | ---- | C] (Hewlett-Packard Company) -- C:\Program Files\HPUSBFW.EXE
[2010/06/26 08:06:09 | 001,531,392 | ---- | C] (Toshiba Samsung Storage Technology Corporation) -- C:\Documents and Settings\Anyone\Application Data\tsdnwin.dll
[2010/06/07 21:26:13 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Anyone\Application Data\pcouffin.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/18 22:34:06 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anyone\Desktop\OTL.exe
[2012/05/18 18:07:06 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/18 18:04:29 | 000,088,723 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/05/18 18:04:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/18 15:04:58 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/18 14:51:38 | 000,021,734 | ---- | M] () -- C:\WINDOWS\System32\notepad.ini
[2012/05/18 14:42:56 | 000,494,640 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/18 14:42:56 | 000,084,618 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/18 13:37:05 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Anyone\Desktop\MBR.dat
[2012/05/18 13:16:28 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Anyone\Desktop\aswMBR.exe
[2012/05/18 13:15:56 | 002,126,424 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Anyone\Desktop\tdsskiller.exe
[2012/05/18 09:37:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/18 09:10:00 | 004,496,857 | R--- | M] (Swearware) -- C:\Documents and Settings\Anyone\Desktop\ComboFix.exe
[2012/05/18 09:06:10 | 000,879,714 | ---- | M] () -- C:\Documents and Settings\Anyone\Desktop\SecurityCheck.exe
[2012/05/18 08:54:46 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/05/17 09:16:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/17 08:57:00 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Anyone\Desktop\gmer.zip
[2012/05/17 08:48:03 | 000,000,428 | ---- | M] () -- C:\WINDOWS\zipgenius.xml
[2012/05/17 08:24:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Anyone\defogger_reenable
[2012/05/16 19:20:56 | 000,000,119 | ---- | M] () -- C:\Documents and Settings\Anyone\Application Data\mbam.context.scan
[2012/05/13 07:55:20 | 000,284,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/12 22:00:05 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/12 12:07:12 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/12 10:17:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/08 14:18:45 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kindle Collection Manager.lnk
[2012/05/08 10:11:00 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/05/08 10:11:00 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/05/08 10:04:56 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/08 10:04:51 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/08 10:04:50 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/05 16:09:51 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2012/05/04 12:39:39 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Anyone\Desktop\Microsoft Word (2).lnk
[2012/05/02 10:15:30 | 000,010,720 | ---- | M] () -- C:\WINDOWS\System32\EPPICResdb0000
[2012/05/02 10:15:30 | 000,000,121 | ---- | M] () -- C:\WINDOWS\System32\EPPICResdb
[2012/05/02 10:15:28 | 000,000,225 | ---- | M] () -- C:\WINDOWS\System32\KYGASM.dat
[2012/05/01 22:16:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/01 18:44:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/01 17:40:21 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\Anyone\Desktop\Digigood.rtf
[2012/05/01 09:00:38 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2012/04/30 17:40:19 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\Anyone\Application Data\vso_ts_preview.xml
[2012/04/24 17:13:24 | 000,051,144 | ---- | M] (Soluto LTD.) -- C:\WINDOWS\System32\drivers\Soluto.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/18 13:37:05 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Anyone\Desktop\MBR.dat
[2012/05/18 09:14:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/18 09:14:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/18 09:14:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/18 09:14:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/18 09:14:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/18 09:06:03 | 000,879,714 | ---- | C] () -- C:\Documents and Settings\Anyone\Desktop\SecurityCheck.exe
[2012/05/17 08:58:02 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Anyone\Desktop\gmer.exe
[2012/05/17 08:56:58 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Anyone\Desktop\gmer.zip
[2012/05/17 08:24:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Anyone\defogger_reenable
[2012/05/16 19:20:56 | 000,000,119 | ---- | C] () -- C:\Documents and Settings\Anyone\Application Data\mbam.context.scan
[2012/05/12 22:02:04 | 000,174,552 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/05/12 12:07:12 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/01 17:40:21 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Anyone\Desktop\Digigood.rtf
[2012/04/10 21:21:17 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2012/04/10 21:21:14 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/04/10 21:21:14 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/04/10 21:21:12 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/03/08 23:16:13 | 000,276,766 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/16 18:46:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/09 16:47:26 | 000,026,874 | ---- | C] () -- C:\Documents and Settings\Anyone\Application Data\Comma Separated Values (Windows).ADR
[2011/11/04 18:21:16 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Anyone\Application Data\vso_ts_preview.xml
[2011/10/10 11:13:46 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/07/27 11:27:55 | 000,000,159 | ---- | C] () -- C:\WINDOWS\rar_crck.ini
[2011/07/08 08:58:30 | 000,021,734 | ---- | C] () -- C:\WINDOWS\System32\notepad.ini
[2011/07/06 18:00:52 | 000,000,097 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\1.12.1.lic
[2011/06/16 18:10:50 | 000,064,176 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/02/18 11:48:08 | 000,114,688 | ---- | C] () -- C:\WINDOWS\tsnpstd3.exe
[2011/02/18 11:48:03 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2011/02/18 11:48:03 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\vsnpstd3.dll
[2011/02/18 11:48:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnpstd3.exe
[2011/02/18 11:43:49 | 000,031,831 | ---- | C] () -- C:\WINDOWS\unvpeye.ini
[2011/01/16 17:17:06 | 000,709,456 | ---- | C] () -- C:\WINDOWS\is-91RPS.exe
[2011/01/15 12:33:46 | 000,000,078 | ---- | C] () -- C:\Program Files\erunt.bat
[2011/01/14 12:48:22 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/11/23 15:18:30 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/10/08 17:19:10 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/10/08 17:19:10 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/10/08 17:19:10 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/10/08 17:19:10 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/10/08 17:19:10 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/10/08 17:19:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/10/08 13:02:22 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/10/07 15:42:27 | 000,005,080 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\oafcpcef.qqj
[2010/10/07 15:28:53 | 000,004,932 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kbkwknay.ayh
[2010/10/06 17:29:50 | 000,004,938 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ypkpiykb.yyr
[2010/10/06 15:40:38 | 000,005,097 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ojobkspa.ako
[2010/10/05 11:46:49 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/10/05 11:46:49 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/10/05 11:46:49 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/10/05 11:46:49 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/10/05 11:46:49 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/10/05 11:46:49 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/10/05 11:46:49 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/10/05 11:46:49 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/10/05 11:46:49 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/10/05 11:46:49 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/10/05 11:46:49 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/10/05 11:46:49 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/10/05 11:46:49 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/10/05 11:46:49 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/10/05 11:46:49 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/10/05 11:46:49 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/10/05 11:46:49 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/10/05 11:46:49 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/10/05 11:46:49 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/07/31 13:48:57 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/07/19 15:40:30 | 000,000,955 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2010/07/02 20:35:06 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2010/06/23 10:36:54 | 000,000,453 | ---- | C] () -- C:\Documents and Settings\Anyone\Application Data\SamsungLiveUpdateConfig.ini
[2010/06/07 21:26:13 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Anyone\Application Data\pcouffin.cat
[2010/06/07 21:26:13 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Anyone\Application Data\pcouffin.inf
[2010/06/07 14:57:52 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/06/07 13:14:28 | 000,000,073 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/06/07 13:13:52 | 000,001,188 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/05/29 14:07:35 | 000,072,704 | ---- | C] () -- C:\WINDOWS\System32\XMain32A.dll
[2010/05/29 14:07:34 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\Snbd6w95.dll
[2010/05/29 14:06:35 | 000,000,356 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 240 bytes -> C:\Documents and Settings\All Users\Application Data\sdpsenv.dat:naughtypirates

< End of report >

AND THE AVIRA WARNINGS:-



Avira Free Antivirus
Report file date: 18 May 2012 18:09

Scanning for 3715932 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Microsoft Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : USER357

Version information:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02/05/2012 17:40:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 08/05/2012 09:10:58
AVSCAN.DLL : 12.3.0.15 54736 Bytes 08/05/2012 09:10:58
LUKE.DLL : 12.3.0.15 68304 Bytes 08/05/2012 09:11:00
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08/05/2012 16:51:19
AVREG.DLL : 12.3.0.17 232200 Bytes 10/05/2012 16:51:42
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 19:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 10:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 16:27:52
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 17:24:40
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 16:55:08
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10/05/2012 16:51:36
VBASE006.VDF : 7.11.29.137 2048 Bytes 10/05/2012 16:51:36
VBASE007.VDF : 7.11.29.138 2048 Bytes 10/05/2012 16:51:36
VBASE008.VDF : 7.11.29.139 2048 Bytes 10/05/2012 16:51:37
VBASE009.VDF : 7.11.29.140 2048 Bytes 10/05/2012 16:51:37
VBASE010.VDF : 7.11.29.141 2048 Bytes 10/05/2012 16:51:37
VBASE011.VDF : 7.11.29.142 2048 Bytes 10/05/2012 16:51:37
VBASE012.VDF : 7.11.29.143 2048 Bytes 10/05/2012 16:51:37
VBASE013.VDF : 7.11.29.144 2048 Bytes 10/05/2012 16:51:37
VBASE014.VDF : 7.11.30.3 198144 Bytes 14/05/2012 16:52:06
VBASE015.VDF : 7.11.30.69 186368 Bytes 17/05/2012 16:52:08
VBASE016.VDF : 7.11.30.70 2048 Bytes 17/05/2012 16:53:36
VBASE017.VDF : 7.11.30.71 2048 Bytes 17/05/2012 16:53:36
VBASE018.VDF : 7.11.30.72 2048 Bytes 17/05/2012 16:53:37
VBASE019.VDF : 7.11.30.73 2048 Bytes 17/05/2012 16:53:37
VBASE020.VDF : 7.11.30.74 2048 Bytes 17/05/2012 16:53:37
VBASE021.VDF : 7.11.30.75 2048 Bytes 17/05/2012 16:53:38
VBASE022.VDF : 7.11.30.76 2048 Bytes 17/05/2012 16:53:38
VBASE023.VDF : 7.11.30.77 2048 Bytes 17/05/2012 16:53:38
VBASE024.VDF : 7.11.30.78 2048 Bytes 17/05/2012 16:53:39
VBASE025.VDF : 7.11.30.79 2048 Bytes 17/05/2012 16:53:39
VBASE026.VDF : 7.11.30.80 2048 Bytes 17/05/2012 16:53:40
VBASE027.VDF : 7.11.30.81 2048 Bytes 17/05/2012 16:53:40
VBASE028.VDF : 7.11.30.82 2048 Bytes 17/05/2012 16:53:40
VBASE029.VDF : 7.11.30.83 2048 Bytes 17/05/2012 16:53:41
VBASE030.VDF : 7.11.30.84 2048 Bytes 17/05/2012 16:53:42
VBASE031.VDF : 7.11.30.112 107520 Bytes 18/05/2012 16:51:30
Engine version : 8.2.10.68
AEVDF.DLL : 8.1.2.2 106868 Bytes 26/10/2011 09:10:15
AESCRIPT.DLL : 8.1.4.19 455034 Bytes 11/05/2012 09:09:36
AESCN.DLL : 8.1.8.2 131444 Bytes 27/01/2012 10:26:51
AESBX.DLL : 8.2.5.5 606579 Bytes 12/03/2012 17:17:58
AERDL.DLL : 8.1.9.15 639348 Bytes 08/09/2011 22:16:06
AEPACK.DLL : 8.2.16.13 807287 Bytes 11/05/2012 09:09:35
AEOFFICE.DLL : 8.1.2.28 201082 Bytes 27/04/2012 09:13:59
AEHEUR.DLL : 8.1.4.28 4800886 Bytes 17/05/2012 09:12:52
AEHELP.DLL : 8.1.21.0 254326 Bytes 11/05/2012 09:09:19
AEGEN.DLL : 8.1.5.28 422260 Bytes 27/04/2012 09:10:14
AEEXP.DLL : 8.1.0.40 82292 Bytes 17/05/2012 09:12:53
AEEMU.DLL : 8.1.3.0 393589 Bytes 01/09/2011 22:46:01
AECORE.DLL : 8.1.25.6 201078 Bytes 15/03/2012 17:12:21
AEBB.DLL : 8.1.1.0 53618 Bytes 01/09/2011 22:46:01
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08/05/2012 09:10:57
AVPREF.DLL : 12.3.0.15 51920 Bytes 08/05/2012 09:10:58
AVREP.DLL : 12.3.0.15 179208 Bytes 08/05/2012 16:51:19
AVARKT.DLL : 12.3.0.15 211408 Bytes 08/05/2012 09:10:58
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08/05/2012 09:10:58
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08/05/2012 09:11:00
AVSMTP.DLL : 12.3.0.15 63440 Bytes 08/05/2012 09:10:58
NETNT.DLL : 12.3.0.15 17104 Bytes 08/05/2012 09:11:00
RCIMAGE.DLL : 12.3.0.15 4450000 Bytes 08/05/2012 09:10:57
RCTEXT.DLL : 12.3.0.15 96720 Bytes 08/05/2012 09:10:57

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\PROFILES\AVSCAN-20120518-180114-FFDFC600.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended
Skipped files.......................: C:\Documents and Settings\All Users\Application Data\Rosetta Stone, C:\Documents and Settings\Anyone\Desktop\All Books, C:\Documents and Settings\Anyone\Desktop\Anti -Virus Progs, C:\Documents and Settings\Anyone\Desktop\Avi Films-Not Seen, C:\Documents and Settings\Anyone\Desktop\AVS Suite, C:\Documents and Settings\Anyone\Desktop\CD Progs, C:\Documents and Settings\Anyone\Desktop\Computer Progs, C:\Documents and Settings\Anyone\Desktop\DVD Progs, C:\Documents and Settings\Anyone\Desktop\From Camera, C:\Documents and Settings\Anyone\Desktop\General Progs, C:\Documents and Settings\Anyone\Desktop\iPAD & Kindle, C:\Documents and Settings\Anyone\Desktop\Movie Progs, C:\Documents and Settings\Anyone\Desktop\Office Progs, C:\Documents and Settings\Anyone\Desktop\Photo Progs, C:\Documents and Settings\Anyone\Desktop\Recom Progs, C:\Documents and Settings\Anyone\Desktop\User Guides, C:\Documents and Settings\Anyone\Desktop\WebCam Progs, C:\Documents and Settings\Anyone\My Documents\TomTom, D:\My Documents\DVD\DVD Covers, D:\My Documents\Elaine, D:\My Documents\Generations, D:\My Documents\My Music, D:\My Documents\Photographs, D:\My Documents\Proshow, D:\My Documents\TomTom\Backup of Maps - Patched, D:\My Documents\TomTom\Central _Europe_850_2871, D:\My Documents\TomTom\Europe_850.2800, D:\My Documents\TomTom\TomTom.Maps.of.USA.Canada.and.Mexico.Plus.v8.50.2784.Retail-T0nK4, E:\Photographs,
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: 18 May 2012 18:09

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting search for hidden objects.
c:\documents and settings\anyone\my documents\my pictures\lifecam files\vid\done.wmv
c:\documents and settings\anyone\my documents\my pictures\lifecam files\vid\done.wmv
[NOTE] The file is not visible.
c:\documents and settings\anyone\my documents\my pictures\lifecam files\vid\thumbs.db
c:\documents and settings\anyone\my documents\my pictures\lifecam files\vid\thumbs.db
[NOTE] The file is not visible.
c:\documents and settings\anyone\my documents\my pictures\lifecam files\vid
c:\documents and settings\anyone\my documents\my pictures\lifecam files\vid
[NOTE] The directory is not visible.

The scan of running processes will be started
Scan process 'msdtc.exe' - '42' Module(s) have been scanned
Scan process 'dllhost.exe' - '63' Module(s) have been scanned
Scan process 'dllhost.exe' - '47' Module(s) have been scanned
Scan process 'vssvc.exe' - '50' Module(s) have been scanned
Scan process 'avscan.exe' - '74' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '102' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '74' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '55' Module(s) have been scanned
Scan process 'alg.exe' - '35' Module(s) have been scanned
Scan process 'PDEngine.exe' - '34' Module(s) have been scanned
Scan process 'avshadow.exe' - '25' Module(s) have been scanned
Scan process 'fxssvc.exe' - '37' Module(s) have been scanned
Scan process 'tgsrvc.exe' - '14' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'SAgent4.exe' - '17' Module(s) have been scanned
Scan process 'ImApp.exe' - '104' Module(s) have been scanned
Scan process 'IncMail.exe' - '131' Module(s) have been scanned
Scan process 'snmp.exe' - '43' Module(s) have been scanned
Scan process 'java.exe' - '64' Module(s) have been scanned
Scan process 'wrapper.exe' - '55' Module(s) have been scanned
Scan process 'PDAgent.exe' - '38' Module(s) have been scanned
Scan process 'sgbhp.exe' - '18' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '39' Module(s) have been scanned
Scan process 'ctfmon.exe' - '28' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '40' Module(s) have been scanned
Scan process 'iaantmon.exe' - '12' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'OUTLOOK.EXE' - '84' Module(s) have been scanned
Scan process 'E_S40RP7.EXE' - '12' Module(s) have been scanned
Scan process 'devldr32.exe' - '33' Module(s) have been scanned
Scan process 'E_S40ST7.EXE' - '16' Module(s) have been scanned
Scan process 'sgmain.exe' - '35' Module(s) have been scanned
Scan process 'Cordless DUALphone Suite.exe' - '37' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '28' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '37' Module(s) have been scanned
Scan process 'Skype.exe' - '121' Module(s) have been scanned
Scan process 'avgnt.exe' - '68' Module(s) have been scanned
Scan process 'vsnpstd3.exe' - '20' Module(s) have been scanned
Scan process 'winpatrol.exe' - '45' Module(s) have been scanned
Scan process 'Explorer.EXE' - '97' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '62' Module(s) have been scanned
Scan process 'avguard.exe' - '64' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'sched.exe' - '40' Module(s) have been scanned
Scan process 'spoolsv.exe' - '62' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '165' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '29' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '54' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '82' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).
C:\Program Files\Handbrake\uninst.exe
[WARNING] Invalid end of file
C:\Documents and Settings\Anyone\Desktop\A-V Repair Progs\VobSub\uninstall.exe
[WARNING] Invalid compressed data
The registry was scanned ( '5544' files ).


Starting the file scan:

Begin scan in 'C:\' <Active Drive>
C:\Documents and Settings\All Users\Application Data\MFAData\pack\bins\f10idatx1170qq.bin
[WARNING] The file is password protected
C:\Documents and Settings\All Users\Application Data\MFAData\pack\bins\f10idatx1191nu.bin
[WARNING] The file is password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BabylonToolbar.zip
[WARNING] The file is password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip
[WARNING] The file is password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride1.zip
[WARNING] The file is password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAutoRuntmp.zip
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-01-2011 - 16-16-58.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-11-2011 - 22-24-52.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-12-2011 - 22-44-46.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-13-2011 - 17-28-34.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2011 - 19-45-07.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-15-2011 - 21-41-21.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-16-2011 - 17-26-17.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-16-2012 - 21-58-55.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-18-2011 - 23-01-57.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-19-2011 - 09-33-12.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-21-2011 - 13-08-05.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-21-2011 - 19-12-03.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-24-2011 - 21-57-59.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-26-2011 - 19-56-22.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-01-2011 - 22-54-06.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-09-2012 - 22-35-53.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-14-2011 - 12-26-24.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-15-2011 - 00-45-57.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-16-2011 - 11-00-46.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-21-2011 - 14-14-09.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-22-2012 - 10-08-14.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-25-2011 - 10-45-14.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-05-2011 - 00-38-13.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-05-2011 - 17-40-23.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-16-2011 - 12-40-53.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-20-2011 - 15-07-14.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 05-12-2012 - 13-17-53.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 05-17-2012 - 03-08-01.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 05-18-2012 - 08-58-35.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-07-2011 - 16-34-02.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-12-2011 - 22-38-43.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-16-2011 - 20-39-24.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-17-2011 - 17-49-44.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-18-2011 - 13-20-53.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-23-2011 - 14-03-51.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-24-2011 - 10-57-10.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-30-2011 - 08-49-21.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-30-2011 - 20-07-44.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 07-04-2011 - 11-44-14.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 07-06-2011 - 20-41-17.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 07-07-2011 - 09-26-31.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 07-07-2011 - 20-24-59.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 07-08-2011 - 23-18-22.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 07-11-2011 - 23-32-51.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 07-13-2011 - 12-11-09.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 07-13-2011 - 21-46-15.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 07-15-2011 - 08-44-03.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 07-20-2011 - 22-58-05.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 07-21-2011 - 14-53-07.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 07-25-2011 - 20-53-22.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 07-28-2011 - 14-45-41.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 08-01-2011 - 17-11-49.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 08-07-2011 - 22-04-45.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 08-09-2011 - 19-12-10.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 08-19-2011 - 20-29-26.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 08-29-2011 - 21-19-37.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 09-12-2011 - 19-18-20.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 09-27-2011 - 21-35-55.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-07-2011 - 10-37-59.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-09-2011 - 20-31-24.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-20-2011 - 23-05-37.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-21-2011 - 23-30-09.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-06-2011 - 22-40-56.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-09-2011 - 16-43-37.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-18-2010 - 10-53-27.SBU
[WARNING] The file is password protected
C:\Documents and Settings\Anyone\Desktop\A-V Repair Progs\VobSub\uninstall.exe
[WARNING] Invalid compressed data
The directory 'C:\Documents and Settings\Anyone\Desktop\All Books\' was excluded from scanning!
The directory 'C:\Documents and Settings\Anyone\Desktop\Anti -Virus Progs\' was excluded from scanning!
The directory 'C:\Documents and Settings\Anyone\Desktop\Avi Films-Not Seen\' was excluded from scanning!
The directory 'C:\Documents and Settings\Anyone\Desktop\AVS Suite\' was excluded from scanning!
The directory 'C:\Documents and Settings\Anyone\Desktop\CD Progs\' was excluded from scanning!
The directory 'C:\Documents and Settings\Anyone\Desktop\Computer Progs\' was excluded from scanning!
The directory 'C:\Documents and Settings\Anyone\Desktop\DVD Progs\' was excluded from scanning!
The directory 'C:\Documents and Settings\Anyone\Desktop\General Progs\' was excluded from scanning!
The directory 'C:\Documents and Settings\Anyone\Desktop\iPAD & Kindle\' was excluded from scanning!
The directory 'C:\Documents and Settings\Anyone\Desktop\Movie Progs\' was excluded from scanning!
The directory 'C:\Documents and Settings\Anyone\Desktop\Office Progs\' was excluded from scanning!
The directory 'C:\Documents and Settings\Anyone\Desktop\Photo Progs\' was excluded from scanning!
The directory 'C:\Documents and Settings\Anyone\Desktop\User Guides\' was excluded from scanning!
The directory 'C:\Documents and Settings\Anyone\Desktop\WebCam Progs\' was excluded from scanning!
C:\Documents and Settings\Anyone\My Documents\My Downloads\AVSPhotoEditor.exe
[WARNING] Invalid end of file
The directory 'C:\Documents and Settings\Anyone\My Documents\TomTom\' was excluded from scanning!
C:\Program Files\Gabest\VobSub\uninstall.exe
[WARNING] Invalid compressed data
C:\Program Files\Generations\cosmo.exe
[WARNING] Invalid end of file
C:\Program Files\Handbrake\uninst.exe
[WARNING] Invalid end of file
C:\Program Files\ieSpell\uninst.exe
[WARNING] Invalid end of file
C:\Sierra\Gen8\cosmo.exe
[WARNING] Invalid end of file
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP425\A1088779.data
[WARNING] Error read format
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP425\A1089140.data
[WARNING] Error read format
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP425\A1089529.data
[WARNING] Error read format
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP425\A1089914.data
[WARNING] Error read format
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP425\A1090303.data
[WARNING] Error read format
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP425\A1090688.data
[WARNING] Error read format
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP425\A1091075.data
[WARNING] Error read format
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP425\A1091458.data
[WARNING] Error read format
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP425\A1091841.data
[WARNING] Error read format
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP425\A1092226.data
[WARNING] Error read format
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP425\A1092619.data
[WARNING] Error read format
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP425\A1093004.data
[WARNING] Error read format
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP425\A1093389.data
[WARNING] Error read format
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP425\A1093776.data
[WARNING] Error read format
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP425\A1094159.data
[WARNING] Error read format
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP425\A1094544.data
[WARNING] Error read format
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP426\A1095019.data
[WARNING] Error read format
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP426\A1095409.data
[WARNING] Error read format
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP426\A1095802.data
[WARNING] Error read format
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP426\A1096188.data
[WARNING] Error read format
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP426\A1096577.data
[WARNING] Error read format
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP426\A1096962.data
[WARNING] Error read format
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP426\A1097351.data
[WARNING] Error read format
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP426\A1097753.data
[WARNING] Error read format
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP426\A1098147.data
[WARNING] Error read format
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP426\A1098536.data
[WARNING] Error read format
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP444\A1248470.dll
[WARNING] Error multiple volume
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP445\A1251998.dll
[WARNING] Error multiple volume
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP499\A1481775.exe
[WARNING] The file is password protected
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP499\A1481839.exe
[WARNING] Invalid compressed data
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP499\A1481847.exe
[WARNING] Unsupported archive version
C:\System Volume Information\_restore{952DCA5E-E3D9-41C3-9465-A927F129AB87}\RP499\A1481850.exe
[WARNING] Invalid compressed data
C:\VueScan\vuescan.dat
[WARNING] The file is password protected
Begin scan in 'D:\' <My Office>


End of the scan: 18 May 2012 22:45
Used time: 4:35:45 Hour(s)

The scan has been canceled!

15317 Scanned directories
868844 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
868844 Files not concerned
5628 Archives were scanned
113 Warnings
3 Notes
1171733 Objects were scanned with rootkit scan
3 Hidden objects were found

Edited by Dave Clark, 18 May 2012 - 05:07 PM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:30 AM

Posted 18 May 2012 - 08:30 PM

greetings


The OTL report looks good and the Avira report has nothing to worry about (it will always have those types of warnings and checking the files it lists thay are ok)


we are makeing changes to the computer so spybot will keep giving notices so that is not a problem.


Go ahead and run my instructions in post 8 and let me have the reports



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Dave Clark

Dave Clark
  • Topic Starter

  • Members
  • 215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tenerife
  • Local time:04:30 PM

Posted 19 May 2012 - 03:27 AM

Hi Gringo,

Just a couple of points before you look at the reports.
SpyBot goes through the whole sequence of asking about changes to the registry and Firewall on EVERY boot (All 76 of them). I thought that once the changes were made then SpyBot would calm down. I've had to disable SpyBot which has never happened before.What is causing Spybot to act as it is ?

Ctfmon, according to Bleeping Computer Startup List is a virus. My entry in startup is Name= ctfmon Filename= ctfmon.exe
this according to the list is a Troj/delbot-B TROJAN/IRC backdoor !!! Will you please confirm Gringo.

What, I wonder has caused the computer to reboot on it's own.

Logs as requested:-


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:02:00, on 19/05/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Soluto\soluto.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Soluto\SolutoService.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Telefonica\bin\tgsrvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\IncrediMail\Bin\IncMail.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Power Translator 11\LogoMedia TranslateDotNet Server.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files\Power Translator 11\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Shortcut to Microsoft Outlook.lnk = ?
O4 - Global Startup: Cordless DUALphone Startup.lnk = C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
O4 - Global Startup: SpywareGuard (2).lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://novastor.cleverreach.com
O15 - Trusted Zone: http://*.google-analytics.com
O15 - Trusted Zone: http://*.novastor.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://web.atar.rima-tde.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277240890953
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 10.4.1) -
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Plug-in 1.6.0_20) -
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.7.0) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 10.4.1) -
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: accmipca - Invalid registry found
O20 - Winlogon Notify: avgrsstarter - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Backup Client Agent Service - NovaStor Corporation - C:\Program Files\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - Unknown owner - C:\WINDOWS\system32\bgsvcgen.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Power Translator 11\LogoMedia TranslateDotNet Server.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NovaStor NovaBACKUP Backup/Copy Engine (nsService) - NovaStor - C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PS3 Media Server - Tanuki Software, Ltd. - C:\Program Files\PS3 Media Server\win32\service\wrapper.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: SupportSoft RemoteAssist - Unknown owner - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (file missing)
O23 - Service: SupportSoft Repair Service (telefonica) (tgsrvc_telefonica) - SupportSoft, Inc. - C:\Program Files\Telefonica\bin\tgsrvc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 16245 bytes


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.19.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Anyone :: USER357 [administrator]

19/05/2012 08:31:45
mbam-log-2012-05-19 (08-31-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203832
Time elapsed: 11 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:30 AM

Posted 19 May 2012 - 03:52 AM

teatimer

  • Please disable Teatimer as it may interfere with the fix.

    First:
  • Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
  • Choose Exit Spybot S&D Resident

Second:
  • Open Spybot S&D
  • Click Mode, check Advanced Mode
  • Go To Left Panel, Click Tools, then also in left panel, click Resident
  • If your firewall raises a question, say OK
  • Uncheck the box labeled Resident Tea-Timer and OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
third:


Don't forget to re-enable it, when your computer is clean.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users