Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Hider.mpr


  • This topic is locked This topic is locked
16 replies to this topic

#1 Mythi

Mythi

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 27 May 2012 - 06:45 AM

Good day

It seems that my laptop has become infected with hider.mpr - this was first detected by AVG a couple of days ago and removed to the virus vault, however something is obviously amiss as it keeps detecting it but finds that the object is missing?!

I am unable to update AVG or even browse the internet and none of my malware/spyware programs will run. A google search on my old desktop (which is ancient) led me here. I really hope someone will be kind enough to help try and get rid of this.

Pretty please :)

I have attached a HJT log if its of any help

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 27 May 2012 - 10:29 AM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Please download these tools on your working PC then transfer them to the infected PC with a CD or USB drive:

Posted Image Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and paste them into your next post.
Posted Image Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it
  • You will be asked if you want to use Avast! Free anti virus for scanning - select No
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Please include the following in your next post:
  • OTL.txt and Extras.txt logs
  • aswMBR log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 Mythi

Mythi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 27 May 2012 - 01:03 PM

Good day to you RPMcMurphy

Thank you so much for helping.

Please find the requested logs below

OTL Log:

OTL logfile created on: 27/05/2012 17:50:47 - Run 1
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Documents and Settings\Jackie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.36% Memory free
3.85 Gb Paging File | 3.31 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.95 Gb Total Space | 90.07 Gb Free Space | 62.57% Space Free | Partition Type: NTFS

Computer Name: D9F4B33J | User Name: Jackie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/27 17:47:32 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jackie\Desktop\OTL.exe
PRC - [2012/03/07 00:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
PRC - [2011/03/25 13:34:00 | 004,371,768 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
PRC - [2011/03/23 14:12:38 | 001,406,264 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
PRC - [2011/03/23 14:12:34 | 002,032,952 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/08 14:18:04 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/10/08 14:15:50 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/10/08 14:13:36 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/10/08 14:09:26 | 000,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/05/02 18:16:54 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/03/15 12:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/01/11 19:57:20 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
PRC - [2006/12/11 17:12:06 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcrcoms.exe
PRC - [2006/12/11 17:11:58 | 000,082,864 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2400 Series\ezprint.exe
PRC - [2006/11/05 11:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 10:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/09/08 15:43:50 | 001,036,288 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/09/08 15:41:46 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/08/17 09:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2006/03/24 16:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/25 13:25:14 | 000,158,208 | ---- | M] () -- C:\Program Files\Virgin Media\Service Manager\Windows7Features.dll
MOD - [2008/04/14 01:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 01:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/02/22 05:46:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2007/10/08 14:03:22 | 000,245,760 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/05/17 14:42:26 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2007/01/11 19:57:20 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
MOD - [2006/11/27 08:50:22 | 000,117,760 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxcrpp5c.dll
MOD - [2006/11/22 15:05:12 | 000,012,288 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\fxctrstr.dll
MOD - [2006/11/22 14:51:26 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\LXPRMON.DLL
MOD - [2006/11/22 14:49:18 | 000,032,768 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\ipcmt.dll
MOD - [2006/11/05 10:58:44 | 000,516,096 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006/11/05 10:28:18 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006/09/08 15:44:08 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2006/08/18 13:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2006/08/08 20:54:18 | 000,278,528 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrscw.dll
MOD - [2006/05/25 21:20:44 | 000,241,664 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\iptk.dll
MOD - [2005/12/29 16:34:22 | 000,143,360 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrdrec.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\SCardSvr.exe -- (SCardSvr)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/05/06 10:42:36 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/24 17:14:35 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2011/03/23 14:12:38 | 001,406,264 | ---- | M] (Virgin Media) [Auto | Running] -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe -- (HsdService)
SRV - [2010/05/25 12:38:06 | 000,613,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/10/08 14:15:50 | 000,356,352 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/12/11 17:12:06 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxcrcoms.exe -- (lxcr_device)
SRV - [2006/09/08 15:41:46 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys -- (Trufos)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Virgin Media\Security\BitDefender\profos.sys -- (Profos)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Jackie\LOCALS~1\Temp\cpuz131\cpuz_x32.sys -- (cpuz131)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Jackie\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/09/26 06:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/08/27 11:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/01/28 14:23:36 | 000,061,312 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/03/24 16:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/10/26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/14 16:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 15:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 17:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6070825
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6070825
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6070825
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {208B8808-1FB0-4AC8-AC85-BD4B24911357}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{208B8808-1FB0-4AC8-AC85-BD4B24911357}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en-GB
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={3CCB8812-CE77-46F0-A77B-6811FEDBC17F}&mid=39eaf3ecdf9b47d6bca6d15565e79c15-9c178247fd72b167329b112d929510db39f7d8ce&lang=en&ds=AVG&pr=fr&d=2012-03-23 22:21:29&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B7456cb6f-059d-48a6-bacf-51ed36a2fec1%7D&mid=39eaf3ecdf9b47d6bca6d15565e79c15-9c178247fd72b167329b112d929510db39f7d8ce&ds=AVG&v=9.0.0.18.1&lang=us&pr=fr&d=2011-12-14%2018%3A13%3A07&sap=ku&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/05/27 13:33:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/24 17:14:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/06 11:58:31 | 000,000,000 | ---D | M]

[2008/08/26 17:12:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jackie\Application Data\Mozilla\Extensions
[2012/05/05 09:17:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kfk1uquo.default\extensions
[2012/05/06 10:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/02 20:49:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/06 10:54:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012/01/26 19:12:35 | 000,634,964 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\JACKIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KFK1UQUO.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/05/06 10:54:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/01 02:13:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/04/24 17:14:36 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/24 17:14:31 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/05/06 09:14:35 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/24 17:14:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/24 17:14:31 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/24 17:14:31 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/24 17:14:31 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/04/24 17:14:31 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Jackie\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U32 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Service Manager (Enabled) = C:\Program Files\Virgin Media\Service Manager\nprpspa.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Jackie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Documents and Settings\Jackie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Jackie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Search = C:\Documents and Settings\Jackie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Jackie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Documents and Settings\Jackie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Documents and Settings\Jackie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/27 10:45:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DHSClient.exe] C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LXCRCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_32.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jackie\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jackie\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/27 17:50:21 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jackie\Desktop\OTL.exe
[2012/05/27 14:45:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/27 14:45:42 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/27 13:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012/05/27 13:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/05/27 13:33:48 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/05/27 13:33:47 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/05/27 13:33:41 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/05/27 13:33:40 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/05/27 13:33:39 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/05/27 13:33:36 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/05/27 13:33:36 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/05/27 13:33:34 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/05/27 13:32:58 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/05/27 13:32:57 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/05/27 13:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/05/27 13:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/05/27 13:27:28 | 000,083,064 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR250.SYS
[2012/05/27 13:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackie\Local Settings\Application Data\NPE
[2012/05/27 13:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2012/05/27 12:32:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackie\Desktop\Trend Micro
[2012/05/27 12:32:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackie\Start Menu\Programs\HiJackThis
[2012/05/27 12:17:54 | 002,126,936 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jackie\Desktop\TDSSKiller.exe
[2012/05/27 11:48:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/27 10:13:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/27 10:13:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/27 10:13:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/27 10:13:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/27 10:12:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/27 10:12:41 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/05/27 10:11:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/27 10:10:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jackie\Start Menu\Programs\Administrative Tools
[2012/05/27 10:09:38 | 004,529,532 | R--- | C] (Swearware) -- C:\Documents and Settings\Jackie\Desktop\ComboFix.exe
[2012/05/27 07:38:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jackie\Recent
[2012/05/25 18:40:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackie\Start Menu\Programs\SwiftKit
[2012/05/25 18:17:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackie\My Documents\Screenshots
[2012/05/12 15:20:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/05/07 18:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackie\Desktop\viewbookingdetails.aspx_files
[2012/05/06 10:54:36 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/05/06 10:54:36 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/05/06 10:54:35 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/05/06 10:54:34 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/05/06 10:42:36 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/06 10:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackie\Application Data\Radialpoint
[2012/05/06 10:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Virgin Media
[2012/05/06 10:25:37 | 000,000,000 | ---D | C] -- C:\Program Files\Virgin Media
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/27 17:50:19 | 000,074,678 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012/05/27 17:47:32 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jackie\Desktop\OTL.exe
[2012/05/27 17:46:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2012/05/27 17:44:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/27 17:23:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/27 17:08:45 | 000,161,553 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/05/27 17:08:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/27 17:08:38 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/27 17:08:38 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2012/05/27 17:08:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/27 17:08:29 | 2145,869,824 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/27 16:35:30 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Jackie\Desktop\MBR.dat
[2012/05/27 14:45:47 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/27 13:38:47 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/05/27 13:38:47 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Jackie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/05/27 13:33:49 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/05/27 13:33:37 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/05/27 13:27:46 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System32\drivers\SMR250.dat
[2012/05/27 13:27:28 | 000,083,064 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR250.SYS
[2012/05/27 13:24:48 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/05/27 12:33:00 | 000,002,336 | ---- | M] () -- C:\Documents and Settings\Jackie\Desktop\HiJackThis.lnk
[2012/05/27 12:30:14 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Jackie\Desktop\HijackThis.msi
[2012/05/27 10:45:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/27 10:05:00 | 004,529,532 | R--- | M] (Swearware) -- C:\Documents and Settings\Jackie\Desktop\ComboFix.exe
[2012/05/27 09:54:04 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Jackie\Desktop\MBRCheck.exe
[2012/05/27 08:52:10 | 000,000,364 | ---- | M] () -- C:\Documents and Settings\Jackie\My Documents\cc_20120527_085201.reg
[2012/05/27 08:51:42 | 000,049,840 | ---- | M] () -- C:\Documents and Settings\Jackie\My Documents\cc_20120527_085131.reg
[2012/05/27 08:02:28 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Jackie\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/05/27 08:02:28 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Jackie\Desktop\Spybot - Search & Destroy.lnk
[2012/05/27 07:35:22 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/05/26 15:29:13 | 000,000,040 | ---- | M] () -- C:\Documents and Settings\Jackie\jagex_cl_runescape_LIVE.dat
[2012/05/25 18:40:10 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Jackie\Desktop\SwiftKit.lnk
[2012/05/23 08:16:44 | 002,126,936 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jackie\Desktop\TDSSKiller.exe
[2012/05/12 15:20:30 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/05/07 18:57:26 | 000,087,800 | ---- | M] () -- C:\Documents and Settings\Jackie\Desktop\viewbookingdetails.aspx.htm
[2012/05/06 10:54:11 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/05/06 10:54:11 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/05/06 10:54:11 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/05/06 10:54:11 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/05/06 10:54:11 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/05/06 10:54:11 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/05/06 10:42:36 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/06 10:42:36 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/06 10:27:27 | 000,001,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Virgin Media Digital Home Support.lnk
[2012/05/05 09:17:05 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/05 09:17:05 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/27 16:35:30 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Jackie\Desktop\MBR.dat
[2012/05/27 14:45:47 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/27 13:38:47 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/05/27 13:38:47 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Jackie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/05/27 13:33:49 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/05/27 13:27:41 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\drivers\SMR250.dat
[2012/05/27 12:32:49 | 000,002,336 | ---- | C] () -- C:\Documents and Settings\Jackie\Desktop\HiJackThis.lnk
[2012/05/27 12:31:34 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Jackie\Desktop\HijackThis.msi
[2012/05/27 10:13:25 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/27 10:13:25 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/27 10:13:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/27 10:13:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/27 10:13:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/27 10:06:12 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Jackie\Desktop\MBRCheck.exe
[2012/05/27 08:52:04 | 000,000,364 | ---- | C] () -- C:\Documents and Settings\Jackie\My Documents\cc_20120527_085201.reg
[2012/05/27 08:51:35 | 000,049,840 | ---- | C] () -- C:\Documents and Settings\Jackie\My Documents\cc_20120527_085131.reg
[2012/05/27 08:02:28 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Jackie\Desktop\Spybot - Search & Destroy.lnk
[2012/05/25 18:40:10 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Jackie\Desktop\SwiftKit.lnk
[2012/05/12 15:20:30 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/05/07 18:57:22 | 000,087,800 | ---- | C] () -- C:\Documents and Settings\Jackie\Desktop\viewbookingdetails.aspx.htm
[2012/05/06 10:42:41 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/06 10:27:27 | 000,001,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Virgin Media Digital Home Support.lnk
[2011/03/14 21:01:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/24 17:08:21 | 000,075,576 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

< End of report >

OTL Extras:

OTL Extras logfile created on: 27/05/2012 17:50:47 - Run 1
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Documents and Settings\Jackie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.36% Memory free
3.85 Gb Paging File | 3.31 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.95 Gb Total Space | 90.07 Gb Free Space | 62.57% Space Free | Partition Type: NTFS

Computer Name: D9F4B33J | User Name: Jackie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\WINDOWS\system32\lxcrcoms.exe" = C:\WINDOWS\system32\lxcrcoms.exe:*:Disabled:Lexmark Communications System -- ( )
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe" = C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{38496EC2-78B7-412A-9398-FC6B7DB8E182}" = Orange Preload
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar)
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F12E64D-2F6F-4F85-A8FE-4ED29350BD6C}" = calibre
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C91D53E-0C23-4A79-A480-68A443D80100}" = PC Connectivity Solution
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4B9033B-D183-4A6C-9BCB-6BC8F80B939D}" = RPS CRT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FC9D0B7B-5D95-411B-B14D-CD074E5CCA4A}" = Accounts
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Amazon Kindle For PC" = Amazon Kindle For PC
"avast" = avast! Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{FC9D0B7B-5D95-411B-B14D-CD074E5CCA4A}" = Sage 50 Accounts 2009
"Lexmark 2400 Series" = Lexmark 2400 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"ProInst" = Intel® PROSet/Wireless Software
"PROR" = Microsoft Office Professional 2007
"RadialpointClientGateway_is1" = Virgin Media Service Manager 3.7.47
"RadialpointHomeSecurityDashboard_is1" = Virgin Media Digital Home Support 2.1.27
"RadialpointSecurityAdvisorService_is1" = Radialpoint Security Advisor 2.5.19
"SwiftSwitch" = SwiftSwitch
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TescoDownloader" = Tesco Download Manager
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = The GIMP 2.2.17
"WinGTK-2_is1" = GTK+ 2.10.13 runtime environment
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SwiftKit" = SwiftKit

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27/05/2012 02:43:45 | Computer Name = D9F4B33J | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.5.0.124, faulting module
skype.exe, version 5.5.0.124, fault address 0x001a31a0.

Error - 27/05/2012 03:01:27 | Computer Name = D9F4B33J | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 27/05/2012 03:01:27 | Computer Name = D9F4B33J | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 27/05/2012 03:05:52 | Computer Name = D9F4B33J | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.5.0.124, faulting module
skype.exe, version 5.5.0.124, fault address 0x001a31a0.

Error - 27/05/2012 03:29:32 | Computer Name = D9F4B33J | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.5.0.124, faulting module
skype.exe, version 5.5.0.124, fault address 0x001a31a0.

Error - 27/05/2012 04:54:34 | Computer Name = D9F4B33J | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.5.0.124, faulting module
skype.exe, version 5.5.0.124, fault address 0x001a31a0.

Error - 27/05/2012 05:04:40 | Computer Name = D9F4B33J | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.5.0.124, faulting module
skype.exe, version 5.5.0.124, fault address 0x001a31a0.

Error - 27/05/2012 05:58:47 | Computer Name = D9F4B33J | Source = Application Error | ID = 1000
Description = Faulting application drgtodsc.exe, version 9.0.0.53, faulting module
drgtodsc.exe, version 9.0.0.53, fault address 0x00015cbb.

Error - 27/05/2012 06:32:07 | Computer Name = D9F4B33J | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.5.0.124, faulting module
skype.exe, version 5.5.0.124, fault address 0x001a31a0.

Error - 27/05/2012 08:12:35 | Computer Name = D9F4B33J | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.5.0.124, faulting module
skype.exe, version 5.5.0.124, fault address 0x001a31a0.

[ System Events ]
Error - 22/05/2012 16:14:49 | Computer Name = D9F4B33J | Source = DCOM | ID = 10010
Description = The server {7379F0FF-EA46-4536-BEF5-68B6B5E54F9B} did not register
with DCOM within the required timeout.

Error - 26/05/2012 13:25:50 | Computer Name = D9F4B33J | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 27/05/2012 02:30:00 | Computer Name = D9F4B33J | Source = SideBySide | ID = 16842810
Description = Syntax error in manifest or policy file "C:\Program Files\Spybot -
Search & Destroy\TeaTimer.exe" on line 0.

Error - 27/05/2012 02:30:01 | Computer Name = D9F4B33J | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Spybot - Search
& Destroy\TeaTimer.exe. Reference error message: The operation completed successfully.
.

Error - 27/05/2012 06:15:17 | Computer Name = D9F4B33J | Source = DCOM | ID = 10010
Description = The server {7379F0FF-EA46-4536-BEF5-68B6B5E54F9B} did not register
with DCOM within the required timeout.

Error - 27/05/2012 06:18:26 | Computer Name = D9F4B33J | Source = SideBySide | ID = 16842810
Description = Syntax error in manifest or policy file "C:\Program Files\Spybot -
Search & Destroy\TeaTimer.exe" on line 0.

Error - 27/05/2012 06:18:27 | Computer Name = D9F4B33J | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Spybot - Search
& Destroy\TeaTimer.exe. Reference error message: The operation completed successfully.
.

Error - 27/05/2012 06:45:56 | Computer Name = D9F4B33J | Source = Service Control Manager | ID = 7034
Description = The Smart Card service terminated unexpectedly. It has done this
1 time(s).

Error - 27/05/2012 06:46:03 | Computer Name = D9F4B33J | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s).

Error - 27/05/2012 08:11:51 | Computer Name = D9F4B33J | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding


< End of report >

aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-27 18:29:05
-----------------------------
18:29:05.437 OS Version: Windows 5.1.2600 Service Pack 3
18:29:05.437 Number of processors: 2 586 0xF06
18:29:05.437 ComputerName: D9F4B33J UserName: Jackie
18:29:06.500 Initialize success
18:29:06.609 AVAST engine defs: 12052700
18:29:14.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:29:14.906 Disk 0 Vendor: TOSHIBA_MK1637GSX DL040D Size: 152627MB BusType: 3
18:29:15.015 Disk 0 MBR read successfully
18:29:15.031 Disk 0 MBR scan
18:29:15.718 Disk 0 unknown MBR code
18:29:15.734 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 94 MB offset 63
18:29:16.437 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147401 MB offset 192780
18:29:16.984 Disk 0 Partition - 00 0F Extended LBA 2047 MB offset 302086260
18:29:17.015 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 306279225
18:29:17.187 Disk 0 Partition 4 00 DD MSDOS5.0 2047 MB offset 302086323
18:29:17.437 Disk 0 scanning sectors +312576705
18:29:17.921 Disk 0 scanning C:\WINDOWS\system32\drivers
18:29:40.515 Service scanning
18:30:04.640 Modules scanning
18:30:14.734 Disk 0 trace - called modules:
18:30:14.781 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:30:14.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ab7aab8]
18:30:14.812 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\00000074[0x8abe2f18]
18:30:14.828 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8abf4d98]
18:30:15.828 AVAST engine scan C:\WINDOWS
18:30:20.859 AVAST engine scan C:\WINDOWS\system32
18:32:25.640 AVAST engine scan C:\WINDOWS\system32\drivers
18:32:40.218 AVAST engine scan C:\Documents and Settings\Jackie
18:50:02.109 AVAST engine scan C:\Documents and Settings\All Users
18:55:30.750 Scan finished successfully
18:56:58.265 Disk 0 MBR has been saved successfully to "E:\malware removal scans\MBR.dat"
18:56:58.296 The log file has been saved successfully to "E:\malware removal scans\aswMBR.txt"


Just to note, the aswMBR didn't ask if I wanted to use avast to scan (is that because I have avast installed on the machine?)

Look forward to hearing from you soon.

Thank you again.

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 27 May 2012 - 03:47 PM

Hi,

I see you ran ComboFix on your own - just for future reference, that can be very dangerous in some cases. I'd like to see the log it produced; this will open it:

Posted Image Click Start > Run or press Windows Key + R copy/paste the following into the run box that opens and press OK:
c:\ComboFix.txt

Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 Mythi

Mythi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 27 May 2012 - 04:04 PM

Hello again

This is the log from combofix:

ComboFix 12-05-27.01 - Jackie 27/05/2012 10:21:55.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1394 [GMT 1:00]
Running from: c:\documents and settings\Jackie\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jackie\Application Data\Owca
c:\documents and settings\Jackie\Application Data\Owca\igic.ycl
c:\documents and settings\Jackie\Local Settings\Application Data\bowlrcko.log
c:\documents and settings\Jackie\Local Settings\Application Data\cfeynyrl.log
c:\documents and settings\Jackie\Local Settings\Application Data\dctrlguf.log
c:\documents and settings\Jackie\Local Settings\Application Data\gurgtubj.log
c:\documents and settings\Jackie\Local Settings\Application Data\nexplrvc.log
c:\documents and settings\Jackie\Local Settings\Application Data\pwojxqaf.log
c:\documents and settings\Jackie\Local Settings\Application Data\rhfhgavy\akwtqdfp.exe
c:\documents and settings\Jackie\Local Settings\Application Data\tlhydawd.log
c:\documents and settings\Jackie\Local Settings\Application Data\ydjhgyie.log
c:\documents and settings\Jackie\ms.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\36d7e2c107f8c9c9.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_USNJSVC
-------\Service_Micorsoft Windows Service
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-04-27 to 2012-05-27 )))))))))))))))))))))))))))))))
.
.
2012-05-23 17:50 . 2012-05-27 09:48 -------- d-----w- c:\documents and settings\Jackie\Local Settings\Application Data\rhfhgavy
2012-05-06 09:54 . 2012-05-06 09:54 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-06 09:42 . 2012-05-06 09:42 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 09:28 . 2012-05-06 09:28 -------- d-----w- c:\documents and settings\Jackie\Application Data\Radialpoint
2012-05-06 09:25 . 2012-05-06 09:27 -------- d-----w- c:\program files\Virgin Media
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 09:54 . 2010-05-05 09:04 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-06 09:54 . 2007-08-29 16:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-06 09:42 . 2011-05-28 05:12 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-24 16:14 . 2011-10-10 18:54 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-10-14 22:38 . 2008-10-14 22:38 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[7] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[7] 2004-08-03 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[7] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[7] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys
.
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[7] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[7] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[7] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
.
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[7] 2004-08-04 04:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[7] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[7] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[7] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[7] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[7] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[7] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[7] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[7] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[7] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[7] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[7] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[7] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[7] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[7] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[7] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[7] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[7] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[7] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[7] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[7] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[7] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[7] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[7] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[7] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[7] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[7] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[7] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[7] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[7] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[7] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[7] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[7] 2004-08-03 21:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[7] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[7] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[7] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-01-28 12:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-01-28 12:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[7] 2004-08-04 04:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[7] 2004-08-04 04:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[7] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[7] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[7] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[7] 2004-08-04 04:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[7] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[7] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[7] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[7] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[7] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-05-06 08:14 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-05-06 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-31 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-14 29744]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"NvMediaCenter"="NvMCTray.dll" [2008-02-22 86016]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2007-01-11 291760]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 82864]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2006-12-11 295856]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 106496]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-05-06 982880]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
"DHSClient.exe"="c:\program files\Virgin Media\Digital Home Support\DHSClient.exe" [2011-03-23 2032952]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2006-09-08 1036288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-17 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-24 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\documents and settings\Jackie\Local Settings\Application Data\rhfhgavy\akwtqdfp.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\lxcrcoms.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Virgin Media\\Service Manager\\ServicepointService.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 17:27 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 04:48 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 04:48 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 04:49 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 07:25 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 07:09 192776]
R2 HsdService;HsdService;c:\program files\Virgin Media\Digital Home Support\HsdService.exe [06/05/2012 10:27 1406264]
R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [06/05/2012 10:25 689464]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [06/05/2012 09:14 918880]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 22:42 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 22:42 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 22:42 16720]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/10/2009 12:02 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [06/05/2012 10:42 257696]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [12/05/2011 19:31 167264]
S3 cpuz131;cpuz131;\??\c:\docume~1\Jackie\LOCALS~1\Temp\cpuz131\cpuz_x32.sys --> c:\docume~1\Jackie\LOCALS~1\Temp\cpuz131\cpuz_x32.sys [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [24/08/2007 20:20 29744]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/10/2009 12:02 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [24/04/2012 17:15 129976]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 09:42]
.
2011-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-05-27 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 11:02]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 11:02]
.
2012-05-27 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6070825
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6070825
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?f885498c0fe347cb886445d06745b3dc
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?f885498c0fe347cb886445d06745b3dc
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kfk1uquo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B7456cb6f-059d-48a6-bacf-51ed36a2fec1%7D&mid=39eaf3ecdf9b47d6bca6d15565e79c15-9c178247fd72b167329b112d929510db39f7d8ce&ds=AVG&v=9.0.0.18.1&lang=us&pr=fr&d=2011-12-14%2018%3A13%3A07&sap=ku&q=
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
user_pref(network.http.accept.default,text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5,application/x-tsmxml);
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-AkwTqdfp - c:\documents and settings\Jackie\Local Settings\Application Data\rhfhgavy\akwtqdfp.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-27 10:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(4084)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
c:\program files\Dell\QuickSet\dadkeyb.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxcrcoms.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\system32\rundll32.exe
c:\windows\stsystra.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2012-05-27 11:04:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-27 10:04
.
Pre-Run: 96,923,852,800 bytes free
Post-Run: 97,164,247,040 bytes free
.
- - End Of File - - 2CD64C35B5C37488EE45E49132E0B75B

Apologies if I did something wrong.

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 27 May 2012 - 10:37 PM

Hi,

Please do this next:

Posted Image Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above FCopy::

FCopy::
c:\windows\$NtServicePackUninstall$\atapi.sys | c:\windows\system32\drivers\atapi.sys
c:\windows\$NtServicePackUninstall$\asyncmac.sys | c:\windows\system32\drivers\asyncmac.sys
c:\windows\$NtServicePackUninstall$\kbdclass.sys | c:\windows\system32\drivers\kbdclass.sys
c:\windows\$NtServicePackUninstall$\ndis.sys | c:\windows\system32\drivers\ndis.sys
c:\windows\$NtUninstallKB930916$\ntfs.sys | c:\windows\system32\drivers\ntfs.sys
c:\windows\$NtServicePackUninstall$\browser.dll | c:\windows\system32\browser.dll
c:\windows\$NtServicePackUninstall$\lsass.exe | c:\windows\system32\lsass.exe
c:\windows\$NtUninstallKB905414$\netman.dll | c:\windows\system32\netman.dll
c:\windows\$NtServicePackUninstall$\comres.dll | c:\windows\system32\comres.dll
c:\windows\$NtServicePackUninstall$\qmgr.dll | c:\windows\system32\qmgr.dll
c:\windows\$NtServicePackUninstall$\winlogon.exe | c:\windows\system32\winlogon.exe
c:\windows\$NtServicePackUninstall$\ipsec.sys | c:\windows\system32\drivers\ipsec.sys
c:\windows\$NtServicePackUninstall$\cryptsvc.dll | c:\windows\system32\cryptsvc.dll
c:\windows\$NtServicePackUninstall$\imm32.dll | c:\windows\system32\imm32.dll
c:\windows\$NtUninstallKB900725$\linkinfo.dll | c:\windows\system32\linkinfo.dll
c:\windows\$NtServicePackUninstall$\lpk.dll | c:\windows\system32\lpk.dll
c:\windows\$NtServicePackUninstall$\msvcrt.dll | c:\windows\system32\msvcrt.dll
c:\windows\$NtServicePackUninstall$\netlogon.dll | c:\windows\system32\netlogon.dll
c:\windows\$NtServicePackUninstall$\powrprof.dll | c:\windows\system32\powrprof.dll
c:\windows\$NtServicePackUninstall$\scecli.dll | c:\windows\system32\scecli.dll
c:\windows\$NtServicePackUninstall$\sfc.dll | c:\windows\system32\sfc.dll
c:\windows\$NtServicePackUninstall$\svchost.exe | c:\windows\system32\svchost.exe
c:\windows\$NtUninstallKB893756$\tapisrv.dll | c:\windows\system32\tapisrv.dll
c:\windows\$NtServicePackUninstall$\userinit.exe | c:\windows\system32\userinit.exe
c:\windows\$NtServicePackUninstall$\ws2_32.dll | c:\windows\system32\ws2_32.dll
c:\windows\$NtServicePackUninstall$\ws2help.dll | c:\windows\system32\ws2help.dll
c:\windows\$NtUninstallKB938828$\explorer.exe | c:\windows\explorer.exe
c:\windows\$NtServicePackUninstall$\regedit.exe | c:\windows\regedit.exe
c:\windows\$NtServicePackUninstall$\ksuser.dll | c:\windows\system32\ksuser.dll
c:\windows\$NtServicePackUninstall$\srsvc.dll | c:\windows\system32\srsvc.dll
c:\windows\$NtServicePackUninstall$\wscntfy.exe | c:\windows\system32\wscntfy.exe
c:\windows\$NtServicePackUninstall$\xmlprov.dll | c:\windows\system32\xmlprov.dll
c:\windows\$NtServicePackUninstall$\eventlog.dll | c:\windows\system32\eventlog.dll
c:\windows\$NtServicePackUninstall$\ipsec.sys | c:\windows\system32\drivers\ipsec.sys
c:\windows\$NtServicePackUninstall$\regsvc.dll | c:\windows\system32\regsvc.dll
c:\windows\$NtServicePackUninstall$\schedsvc.dll | c:\windows\system32\schedsvc.dll
c:\windows\$NtServicePackUninstall$\ssdpsrv.dll | c:\windows\system32\ssdpsrv.dll
c:\windows\$NtServicePackUninstall$\termsrv.dll | c:\windows\system32\termsrv.dll
c:\windows\$NtServicePackUninstall$\hnetcfg.dll | c:\windows\system32\hnetcfg.dll
c:\windows\$NtServicePackUninstall$\appmgmts.dll | c:\windows\system32\appmgmts.dll
c:\windows\$NtUninstallKB900485$\aec.sys | c:\windows\system32\drivers\aec.sys
c:\windows\$NtServicePackUninstall$\agp440.sys | c:\windows\system32\drivers\agp440.sys
c:\windows\$NtServicePackUninstall$\ip6fw.sys | c:\windows\system32\drivers\ip6fw.sys
c:\windows\$NtServicePackUninstall$\msgsvc.dll | c:\windows\system32\msgsvc.dll
c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll | c:\windows\system32\mspmsnsv.dll
c:\windows\$NtServicePackUninstall$\ntmssvc.dll | c:\windows\system32\ntmssvc.dll
c:\windows\$NtServicePackUninstall$\dsound.dll | c:\windows\system32\dsound.dll
c:\windows\$NtServicePackUninstall$\d3d9.dll | c:\windows\system32\d3d9.dll
c:\windows\$NtServicePackUninstall$\ddraw.dll | c:\windows\system32\ddraw.dll
c:\windows\$NtServicePackUninstall$\olepro32.dll | c:\windows\system32\olepro32.dll
c:\windows\$NtServicePackUninstall$\perfctrs.dll | c:\windows\system32\perfctrs.dll
c:\windows\$NtServicePackUninstall$\version.dll | c:\windows\system32\version.dll
c:\windows\$NtServicePackUninstall$\srsvc.dll | c:\windows\system32\srsvc.dll
c:\windows\$NtServicePackUninstall$\w32time.dll | c:\windows\system32\w32time.dll
c:\windows\$NtServicePackUninstall$\midimap.dll | c:\windows\system32\midimap.dll
Folder::
c:\documents and settings\Jackie\Local Settings\Application Data\rhfhgavy
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,"

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Please include the following in your next post:
  • ComboFix log
  • MBAM log

Edited by RPMcMurphy, 27 May 2012 - 10:38 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 Mythi

Mythi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 28 May 2012 - 12:48 PM

Hello again

Log files as requested.

ComboFix 12-05-27.01 - Jackie 28/05/2012 17:05:33.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1260 [GMT 1:00]
Running from: c:\documents and settings\Jackie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jackie\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jackie\Local Settings\Application Data\bowlrcko.log
c:\documents and settings\Jackie\Local Settings\Application Data\cfeynyrl.log
c:\documents and settings\Jackie\Local Settings\Application Data\dctrlguf.log
c:\documents and settings\Jackie\Local Settings\Application Data\gurgtubj.log
c:\documents and settings\Jackie\Local Settings\Application Data\nexplrvc.log
c:\documents and settings\Jackie\Local Settings\Application Data\pwojxqaf.log
c:\documents and settings\Jackie\Local Settings\Application Data\tlhydawd.log
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\dumphive.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VCCLSID.exe
.
.
--------------- FCopy ---------------
.
c:\windows\$NtServicePackUninstall$\atapi.sys --> c:\windows\system32\drivers\atapi.sys
c:\windows\$NtServicePackUninstall$\asyncmac.sys --> c:\windows\system32\drivers\asyncmac.sys
c:\windows\$NtServicePackUninstall$\kbdclass.sys --> c:\windows\system32\drivers\kbdclass.sys
c:\windows\$NtServicePackUninstall$\ndis.sys --> c:\windows\system32\drivers\ndis.sys
c:\windows\$NtUninstallKB930916$\ntfs.sys --> c:\windows\system32\drivers\ntfs.sys
c:\windows\$NtServicePackUninstall$\browser.dll --> c:\windows\system32\browser.dll
c:\windows\$NtServicePackUninstall$\lsass.exe --> c:\windows\system32\lsass.exe
c:\windows\$NtUninstallKB905414$\netman.dll --> c:\windows\system32\netman.dll
c:\windows\$NtServicePackUninstall$\comres.dll --> c:\windows\system32\comres.dll
c:\windows\$NtServicePackUninstall$\qmgr.dll --> c:\windows\system32\qmgr.dll
c:\windows\$NtServicePackUninstall$\winlogon.exe --> c:\windows\system32\winlogon.exe
c:\windows\$NtServicePackUninstall$\ipsec.sys --> c:\windows\system32\drivers\ipsec.sys
c:\windows\$NtServicePackUninstall$\cryptsvc.dll --> c:\windows\system32\cryptsvc.dll
c:\windows\$NtServicePackUninstall$\imm32.dll --> c:\windows\system32\imm32.dll
c:\windows\$NtUninstallKB900725$\linkinfo.dll --> c:\windows\system32\linkinfo.dll
c:\windows\$NtServicePackUninstall$\lpk.dll --> c:\windows\system32\lpk.dll
c:\windows\$NtServicePackUninstall$\msvcrt.dll --> c:\windows\system32\msvcrt.dll
c:\windows\$NtServicePackUninstall$\netlogon.dll --> c:\windows\system32\netlogon.dll
c:\windows\$NtServicePackUninstall$\powrprof.dll --> c:\windows\system32\powrprof.dll
c:\windows\$NtServicePackUninstall$\scecli.dll --> c:\windows\system32\scecli.dll
c:\windows\$NtServicePackUninstall$\sfc.dll --> c:\windows\system32\sfc.dll
c:\windows\$NtServicePackUninstall$\svchost.exe --> c:\windows\system32\svchost.exe
c:\windows\$NtUninstallKB893756$\tapisrv.dll --> c:\windows\system32\tapisrv.dll
c:\windows\$NtServicePackUninstall$\userinit.exe --> c:\windows\system32\userinit.exe
c:\windows\$NtServicePackUninstall$\ws2_32.dll --> c:\windows\system32\ws2_32.dll
c:\windows\$NtServicePackUninstall$\ws2help.dll --> c:\windows\system32\ws2help.dll
c:\windows\$NtUninstallKB938828$\explorer.exe --> c:\windows\explorer.exe
c:\windows\$NtServicePackUninstall$\regedit.exe --> c:\windows\regedit.exe
c:\windows\$NtServicePackUninstall$\ksuser.dll --> c:\windows\system32\ksuser.dll
c:\windows\$NtServicePackUninstall$\srsvc.dll --> c:\windows\system32\srsvc.dll
c:\windows\$NtServicePackUninstall$\wscntfy.exe --> c:\windows\system32\wscntfy.exe
c:\windows\$NtServicePackUninstall$\xmlprov.dll --> c:\windows\system32\xmlprov.dll
c:\windows\$NtServicePackUninstall$\eventlog.dll --> c:\windows\system32\eventlog.dll
c:\windows\$NtServicePackUninstall$\ipsec.sys --> c:\windows\system32\drivers\ipsec.sys
c:\windows\$NtServicePackUninstall$\regsvc.dll --> c:\windows\system32\regsvc.dll
c:\windows\$NtServicePackUninstall$\schedsvc.dll --> c:\windows\system32\schedsvc.dll
c:\windows\$NtServicePackUninstall$\ssdpsrv.dll --> c:\windows\system32\ssdpsrv.dll
c:\windows\$NtServicePackUninstall$\termsrv.dll --> c:\windows\system32\termsrv.dll
c:\windows\$NtServicePackUninstall$\hnetcfg.dll --> c:\windows\system32\hnetcfg.dll
c:\windows\$NtServicePackUninstall$\appmgmts.dll --> c:\windows\system32\appmgmts.dll
c:\windows\$NtUninstallKB900485$\aec.sys --> c:\windows\system32\drivers\aec.sys
c:\windows\$NtServicePackUninstall$\agp440.sys --> c:\windows\system32\drivers\agp440.sys
c:\windows\$NtServicePackUninstall$\ip6fw.sys --> c:\windows\system32\drivers\ip6fw.sys
c:\windows\$NtServicePackUninstall$\msgsvc.dll --> c:\windows\system32\msgsvc.dll
c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll --> c:\windows\system32\mspmsnsv.dll
c:\windows\$NtServicePackUninstall$\ntmssvc.dll --> c:\windows\system32\ntmssvc.dll
c:\windows\$NtServicePackUninstall$\dsound.dll --> c:\windows\system32\dsound.dll
c:\windows\$NtServicePackUninstall$\d3d9.dll --> c:\windows\system32\d3d9.dll
c:\windows\$NtServicePackUninstall$\ddraw.dll --> c:\windows\system32\ddraw.dll
c:\windows\$NtServicePackUninstall$\olepro32.dll --> c:\windows\system32\olepro32.dll
c:\windows\$NtServicePackUninstall$\perfctrs.dll --> c:\windows\system32\perfctrs.dll
c:\windows\$NtServicePackUninstall$\version.dll --> c:\windows\system32\version.dll
c:\windows\$NtServicePackUninstall$\srsvc.dll --> c:\windows\system32\srsvc.dll
c:\windows\$NtServicePackUninstall$\w32time.dll --> c:\windows\system32\w32time.dll
c:\windows\$NtServicePackUninstall$\midimap.dll --> c:\windows\system32\midimap.dll
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-28 )))))))))))))))))))))))))))))))
.
.
2012-05-27 13:45 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-27 12:32 . 2012-05-28 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-05-27 12:32 . 2012-05-27 12:32 -------- d-----w- c:\program files\AVAST Software
2012-05-27 12:27 . 2012-05-27 12:27 20 ----a-w- c:\windows\system32\drivers\SMR250.dat
2012-05-27 12:27 . 2012-05-27 12:27 83064 ----a-w- c:\windows\system32\drivers\SMR250.SYS
2012-05-27 12:07 . 2012-05-27 12:28 -------- d-----w- c:\documents and settings\Jackie\Local Settings\Application Data\NPE
2012-05-27 12:07 . 2012-05-27 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2012-05-27 11:32 . 2012-05-27 11:32 388096 ----a-r- c:\documents and settings\Jackie\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-06 09:54 . 2012-05-06 09:54 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-06 09:42 . 2012-05-06 09:42 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 09:28 . 2012-05-06 09:28 -------- d-----w- c:\documents and settings\Jackie\Application Data\Radialpoint
2012-05-06 09:25 . 2012-05-06 09:27 -------- d-----w- c:\program files\Virgin Media
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 09:54 . 2010-05-05 09:04 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-06 09:54 . 2007-08-29 16:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-06 09:42 . 2011-05-28 05:12 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-24 16:14 . 2011-10-10 18:54 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-10-14 22:38 . 2008-10-14 22:38 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[7] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-05-27_09.47.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-12 00:02 . 2009-07-12 00:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
- 2009-07-12 00:02 . 2009-07-12 00:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
- 2009-07-12 00:02 . 2009-07-12 00:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
- 2009-07-12 00:02 . 2009-07-12 00:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
- 2009-07-12 00:02 . 2009-07-12 00:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
- 2009-07-12 00:02 . 2009-07-12 00:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
- 2009-07-12 00:02 . 2009-07-12 00:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
- 2009-07-12 00:02 . 2009-07-12 00:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
- 2009-07-12 00:02 . 2009-07-12 00:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
- 2009-07-12 00:02 . 2009-07-12 00:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
- 2009-07-12 00:02 . 2009-07-12 00:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
- 2009-07-12 00:02 . 2009-07-12 00:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
- 2009-07-12 00:05 . 2009-07-12 00:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
- 2009-07-12 00:05 . 2009-07-12 00:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2012-05-28 16:12 . 2012-05-28 16:12 16384 c:\windows\Temp\Perflib_Perfdata_1e8.dat
+ 2004-08-11 16:00 . 2004-08-04 04:00 13824 c:\windows\system32\dllcache\wscntfy.exe
+ 2004-08-11 16:00 . 2004-08-04 04:00 19968 c:\windows\system32\dllcache\ws2help.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 82944 c:\windows\system32\dllcache\ws2_32.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 18944 c:\windows\system32\dllcache\version.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 24576 c:\windows\system32\dllcache\userinit.exe
+ 2004-08-11 16:00 . 2004-08-04 04:00 14336 c:\windows\system32\dllcache\svchost.exe
+ 2004-08-11 16:00 . 2004-08-04 04:00 71680 c:\windows\system32\dllcache\ssdpsrv.dll
- 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2004-08-11 16:00 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2004-08-11 16:00 . 2004-08-04 04:00 59904 c:\windows\system32\dllcache\regsvc.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 17408 c:\windows\system32\dllcache\powrprof.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 39936 c:\windows\system32\dllcache\perfctrs.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 83456 c:\windows\system32\dllcache\olepro32.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 52224 c:\windows\system32\dllcache\mspmsnsv.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 33792 c:\windows\system32\dllcache\msgsvc.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 18944 c:\windows\system32\dllcache\midimap.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 13312 c:\windows\system32\dllcache\lsass.exe
+ 2004-08-11 16:00 . 2004-08-04 04:00 22016 c:\windows\system32\dllcache\lpk.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 18944 c:\windows\system32\dllcache\linkinfo.dll
+ 2004-08-03 21:58 . 2004-08-03 21:58 24576 c:\windows\system32\dllcache\kbdclass.sys
+ 2004-08-11 16:00 . 2004-08-04 04:00 74752 c:\windows\system32\dllcache\ipsec.sys
+ 2004-08-11 16:00 . 2004-08-04 04:00 29056 c:\windows\system32\dllcache\ip6fw.sys
+ 2004-08-11 16:00 . 2004-08-04 04:00 55808 c:\windows\system32\dllcache\eventlog.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 60416 c:\windows\system32\dllcache\cryptsvc.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 77312 c:\windows\system32\dllcache\browser.dll
+ 2004-08-03 21:59 . 2004-08-03 21:59 95360 c:\windows\system32\dllcache\atapi.sys
+ 2004-08-11 16:00 . 2004-08-04 04:00 14336 c:\windows\system32\dllcache\asyncmac.sys
+ 2004-08-11 16:08 . 2004-08-03 22:07 42368 c:\windows\system32\dllcache\agp440.sys
+ 2004-08-11 16:00 . 2004-08-04 04:00 5120 c:\windows\system32\dllcache\sfc.dll
+ 2007-08-24 19:08 . 2004-08-03 23:56 4096 c:\windows\system32\dllcache\ksuser.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
- 2009-07-12 00:02 . 2009-07-12 00:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
- 2009-07-12 00:02 . 2009-07-12 00:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
- 2009-07-12 00:05 . 2009-07-12 00:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
- 2009-07-12 00:02 . 2009-07-12 00:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 129536 c:\windows\system32\dllcache\xmlprov.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 502272 c:\windows\system32\dllcache\winlogon.exe
+ 2004-08-11 16:00 . 2004-08-04 04:00 174592 c:\windows\system32\dllcache\w32time.dll
+ 2004-08-11 16:11 . 2004-08-04 04:00 295424 c:\windows\system32\dllcache\termsrv.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 246272 c:\windows\system32\dllcache\tapisrv.dll
+ 2004-08-11 16:12 . 2004-08-04 04:00 170496 c:\windows\system32\dllcache\srsvc.dll
+ 2004-08-11 16:12 . 2004-08-04 04:00 190976 c:\windows\system32\dllcache\schedsvc.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 180224 c:\windows\system32\dllcache\scecli.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 146432 c:\windows\system32\dllcache\regedit.exe
+ 2004-08-11 16:12 . 2004-08-04 04:00 382464 c:\windows\system32\dllcache\qmgr.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 435200 c:\windows\system32\dllcache\ntmssvc.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 574592 c:\windows\system32\dllcache\ntfs.sys
+ 2004-08-11 16:00 . 2004-08-04 04:00 198144 c:\windows\system32\dllcache\netman.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 407040 c:\windows\system32\dllcache\netlogon.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 182912 c:\windows\system32\dllcache\ndis.sys
+ 2004-08-11 16:00 . 2004-08-04 04:00 343040 c:\windows\system32\dllcache\msvcrt.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 110080 c:\windows\system32\dllcache\imm32.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 344064 c:\windows\system32\dllcache\hnetcfg.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 367616 c:\windows\system32\dllcache\dsound.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 266240 c:\windows\system32\dllcache\ddraw.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 792064 c:\windows\system32\dllcache\comres.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 167936 c:\windows\system32\dllcache\appmgmts.dll
+ 2007-08-24 19:09 . 2004-08-03 21:39 142464 c:\windows\system32\dllcache\aec.sys
- 2009-07-12 00:02 . 2009-07-12 00:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
- 2009-07-12 00:02 . 2009-07-12 00:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 1032192 c:\windows\system32\dllcache\explorer.exe
+ 2004-08-11 16:00 . 2004-08-04 04:00 1689088 c:\windows\system32\dllcache\d3d9.dll
+ 2012-05-27 11:32 . 2012-05-27 11:32 1094656 c:\windows\Installer\391d0b.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-31 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-14 29744]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"NvMediaCenter"="NvMCTray.dll" [2008-02-22 86016]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2007-01-11 291760]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 82864]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2006-12-11 295856]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 106496]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
"DHSClient.exe"="c:\program files\Virgin Media\Digital Home Support\DHSClient.exe" [2011-03-23 2032952]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2006-09-08 1036288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-17 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-24 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\lxcrcoms.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Virgin Media\\Service Manager\\ServicepointService.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 HsdService;HsdService;c:\program files\Virgin Media\Digital Home Support\HsdService.exe [06/05/2012 10:27 1406264]
R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [06/05/2012 10:25 689464]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/10/2009 12:02 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [06/05/2012 10:42 257696]
S3 cpuz131;cpuz131;\??\c:\docume~1\Jackie\LOCALS~1\Temp\cpuz131\cpuz_x32.sys --> c:\docume~1\Jackie\LOCALS~1\Temp\cpuz131\cpuz_x32.sys [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [24/08/2007 20:20 29744]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/10/2009 12:02 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [24/04/2012 17:15 129976]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 09:42]
.
2011-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-05-28 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 11:02]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 11:02]
.
2012-05-28 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6070825
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6070825
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?f885498c0fe347cb886445d06745b3dc
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?f885498c0fe347cb886445d06745b3dc
FF - ProfilePath - c:\documents and settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kfk1uquo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B7456cb6f-059d-48a6-bacf-51ed36a2fec1%7D&mid=39eaf3ecdf9b47d6bca6d15565e79c15-9c178247fd72b167329b112d929510db39f7d8ce&ds=AVG&v=9.0.0.18.1&lang=us&pr=fr&d=2011-12-14%2018%3A13%3A07&sap=ku&q=
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
user_pref(network.http.accept.default,text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5,application/x-tsmxml);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-28 17:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(1312)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxcrcoms.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\stsystra.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-05-28 17:21:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-28 16:21
ComboFix2.txt 2012-05-27 10:11
.
Pre-Run: 96,717,668,352 bytes free
Post-Run: 96,661,360,640 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3DAE14A4DD24BEE8195178364B919529


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.28.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jackie :: D9F4B33J [administrator]

28/05/2012 17:27:14
mbam-log-2012-05-28 (17-27-14).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 328653
Time elapsed: 1 hour(s), 2 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Thanks again.

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 28 May 2012 - 08:08 PM

Hi,

Do you have a Windows XP SP3 installation disk available? Please do this next:

Posted Image Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

FCopy::
c:\windows\$NtServicePackUninstall$\ctfmon.exe | c:\windows\system32\ctfmon.exe
c:\windows\$NtServicePackUninstall$\sfcfiles.dll | c:\windows\system32\sfcfiles.dll

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 Mythi

Mythi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 29 May 2012 - 01:20 PM

Good evening

Unfortunately I only have a windows xp service pack 2 installation disk.

Log as requested:

ComboFix 12-05-27.01 - Jackie 29/05/2012 17:31:17.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1315 [GMT 1:00]
Running from: c:\documents and settings\Jackie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jackie\Desktop\CFScript.txt
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\$NtServicePackUninstall$\ctfmon.exe --> c:\windows\system32\ctfmon.exe
c:\windows\$NtServicePackUninstall$\sfcfiles.dll --> c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-29 )))))))))))))))))))))))))))))))
.
.
2012-05-28 18:45 . 2012-03-06 23:02 24408 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-05-28 17:58 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-05-28 17:58 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-05-28 17:58 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-05-28 17:58 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-05-28 17:58 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-28 17:58 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-05-28 17:58 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-05-28 17:58 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-05-28 17:57 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-05-28 17:57 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-27 13:45 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-27 12:32 . 2012-05-28 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-05-27 12:32 . 2012-05-28 17:57 -------- d-----w- c:\program files\AVAST Software
2012-05-27 12:27 . 2012-05-27 12:27 20 ----a-w- c:\windows\system32\drivers\SMR250.dat
2012-05-27 12:27 . 2012-05-27 12:27 83064 ----a-w- c:\windows\system32\drivers\SMR250.SYS
2012-05-27 12:07 . 2012-05-27 12:28 -------- d-----w- c:\documents and settings\Jackie\Local Settings\Application Data\NPE
2012-05-27 12:07 . 2012-05-27 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2012-05-27 11:32 . 2012-05-27 11:32 388096 ----a-r- c:\documents and settings\Jackie\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-06 09:54 . 2012-05-06 09:54 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-06 09:42 . 2012-05-06 09:42 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 09:28 . 2012-05-06 09:28 -------- d-----w- c:\documents and settings\Jackie\Application Data\Radialpoint
2012-05-06 09:25 . 2012-05-06 09:27 -------- d-----w- c:\program files\Virgin Media
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 09:54 . 2010-05-05 09:04 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-06 09:54 . 2007-08-29 16:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-06 09:42 . 2011-05-28 05:12 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-24 16:14 . 2011-10-10 18:54 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-10-14 22:38 . 2008-10-14 22:38 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-05-28_16.13.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-29 16:15 . 2012-05-29 16:15 16384 c:\windows\Temp\Perflib_Perfdata_1b0.dat
+ 2004-08-11 16:00 . 2004-08-04 04:00 15360 c:\windows\system32\dllcache\ctfmon.exe
- 2008-07-01 16:07 . 2012-05-26 14:29 20480 c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2008-07-01 16:07 . 2012-05-28 19:15 20480 c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
- 2009-05-19 17:25 . 2012-05-26 14:29 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-05-19 17:25 . 2012-05-28 19:15 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-05-19 17:25 . 2012-05-28 19:15 96256 c:\windows\.jagex_cache_32\runescape\jaggl.dll
- 2009-05-19 17:25 . 2012-05-26 14:29 96256 c:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2010-05-13 13:11 . 2012-05-28 19:15 80896 c:\windows\.jagex_cache_32\runescape\jagdx.dll
- 2010-05-13 13:11 . 2012-05-26 14:29 80896 c:\windows\.jagex_cache_32\runescape\jagdx.dll
+ 2010-05-13 13:11 . 2012-05-28 19:15 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll
- 2010-05-13 13:11 . 2012-05-26 14:29 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll
+ 2008-07-01 16:05 . 2012-05-28 19:15 19767 c:\windows\.jagex_cache_32\runescape\game_unpacker.dat
- 2008-07-01 16:05 . 2012-05-26 14:29 19767 c:\windows\.jagex_cache_32\runescape\game_unpacker.dat
+ 2008-07-01 16:07 . 2012-05-28 19:15 315392 c:\windows\.jagex_cache_32\runescape\jogl.dll
- 2008-07-01 16:07 . 2012-05-26 14:29 315392 c:\windows\.jagex_cache_32\runescape\jogl.dll
+ 2010-05-13 13:11 . 2012-05-28 19:15 147456 c:\windows\.jagex_cache_32\runescape\jaclib.dll
- 2010-05-13 13:11 . 2012-05-26 14:29 147456 c:\windows\.jagex_cache_32\runescape\jaclib.dll
+ 2008-07-01 16:07 . 2012-05-28 19:15 315392 c:\windows\.jagex_cache_32\runescape\browsercontrol.dll
- 2008-07-01 16:07 . 2012-05-26 14:29 315392 c:\windows\.jagex_cache_32\runescape\browsercontrol.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 1580544 c:\windows\system32\dllcache\sfcfiles.dll
+ 2010-02-08 16:10 . 2012-05-28 19:15 1271808 c:\windows\.jagex_cache_32\runescape\sw3d.dll
- 2010-02-08 16:10 . 2012-05-26 14:29 1271808 c:\windows\.jagex_cache_32\runescape\sw3d.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-31 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-14 29744]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"NvMediaCenter"="NvMCTray.dll" [2008-02-22 86016]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2007-01-11 291760]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 82864]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2006-12-11 295856]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 106496]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
"DHSClient.exe"="c:\program files\Virgin Media\Digital Home Support\DHSClient.exe" [2011-03-23 2032952]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2006-09-08 1036288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-17 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-24 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\lxcrcoms.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Virgin Media\\Service Manager\\ServicepointService.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [28/05/2012 19:45 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28/05/2012 18:58 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28/05/2012 18:58 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28/05/2012 18:58 20696]
R2 HsdService;HsdService;c:\program files\Virgin Media\Digital Home Support\HsdService.exe [06/05/2012 10:27 1406264]
R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [06/05/2012 10:25 689464]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/10/2009 12:02 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [06/05/2012 10:42 257696]
S3 cpuz131;cpuz131;\??\c:\docume~1\Jackie\LOCALS~1\Temp\cpuz131\cpuz_x32.sys --> c:\docume~1\Jackie\LOCALS~1\Temp\cpuz131\cpuz_x32.sys [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [24/08/2007 20:20 29744]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/10/2009 12:02 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [24/04/2012 17:15 129976]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 09:42]
.
2011-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-05-28 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
2012-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 11:02]
.
2012-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 11:02]
.
2012-05-29 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6070825
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6070825
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?f885498c0fe347cb886445d06745b3dc
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?f885498c0fe347cb886445d06745b3dc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kfk1uquo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B7456cb6f-059d-48a6-bacf-51ed36a2fec1%7D&mid=39eaf3ecdf9b47d6bca6d15565e79c15-9c178247fd72b167329b112d929510db39f7d8ce&ds=AVG&v=9.0.0.18.1&lang=us&pr=fr&d=2011-12-14%2018%3A13%3A07&sap=ku&q=
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
user_pref(network.http.accept.default,text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5,application/x-tsmxml);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-29 17:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(4092)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2012-05-29 17:47:36
ComboFix-quarantined-files.txt 2012-05-29 16:47
ComboFix2.txt 2012-05-28 16:21
ComboFix3.txt 2012-05-27 10:11
.
Pre-Run: 95,967,596,544 bytes free
Post-Run: 95,955,730,432 bytes free
.
- - End Of File - - 4DA3B9DC87067AA5E27CB5D1EB0C0863

Thank you again.

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 30 May 2012 - 08:20 AM

Please do this next:

Posted Image Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

Suspect::[131]
c:\windows\system32\user32.dll
c:\windows\system32\wiaservc.dll
c:\windows\system32\upnphost.dll
c:\windows\system32\rasadhlp.dll

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Posted Image Go to thisLINK to run an online scannner from ESET.
  • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If you are using Internet Explorer, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • ComboFix log
  • ESET log

Edited by RPMcMurphy, 30 May 2012 - 08:21 AM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 Mythi

Mythi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 30 May 2012 - 03:29 PM

Hiya

As requested:

ComboFix 12-05-30.04 - Jackie 30/05/2012 18:41:01.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1268 [GMT 1:00]
Running from: c:\documents and settings\Jackie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jackie\Desktop\CFScript.txt
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
file zipped: c:\windows\system32\rasadhlp.dll
file zipped: c:\windows\system32\upnphost.dll
file zipped: c:\windows\system32\user32.dll
file zipped: c:\windows\system32\wiaservc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))))))
.
.
2012-05-28 18:45 . 2012-03-06 23:02 24408 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-05-28 17:58 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-05-28 17:58 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-05-28 17:58 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-05-28 17:58 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-05-28 17:58 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-28 17:58 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-05-28 17:58 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-05-28 17:58 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-05-28 17:57 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-05-28 17:57 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-27 13:45 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-27 12:32 . 2012-05-28 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-05-27 12:32 . 2012-05-28 17:57 -------- d-----w- c:\program files\AVAST Software
2012-05-27 12:27 . 2012-05-27 12:27 20 ----a-w- c:\windows\system32\drivers\SMR250.dat
2012-05-27 12:27 . 2012-05-27 12:27 83064 ----a-w- c:\windows\system32\drivers\SMR250.SYS
2012-05-27 12:07 . 2012-05-27 12:28 -------- d-----w- c:\documents and settings\Jackie\Local Settings\Application Data\NPE
2012-05-27 12:07 . 2012-05-27 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2012-05-27 11:32 . 2012-05-27 11:32 388096 ----a-r- c:\documents and settings\Jackie\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-06 09:54 . 2012-05-06 09:54 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-06 09:42 . 2012-05-06 09:42 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 09:28 . 2012-05-06 09:28 -------- d-----w- c:\documents and settings\Jackie\Application Data\Radialpoint
2012-05-06 09:25 . 2012-05-06 09:27 -------- d-----w- c:\program files\Virgin Media
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 09:54 . 2010-05-05 09:04 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-06 09:54 . 2007-08-29 16:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-06 09:42 . 2011-05-28 05:12 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-24 16:14 . 2011-10-10 18:54 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-10-14 22:38 . 2008-10-14 22:38 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-05-28_16.13.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-30 16:20 . 2012-05-30 16:20 16384 c:\windows\Temp\Perflib_Perfdata_298.dat
+ 2004-08-11 16:00 . 2004-08-04 04:00 15360 c:\windows\system32\dllcache\ctfmon.exe
+ 2004-08-11 16:00 . 2004-08-04 04:00 15360 c:\windows\system32\ctfmon.exe
- 2004-08-11 16:00 . 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe
- 2008-07-01 16:07 . 2012-05-26 14:29 20480 c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2008-07-01 16:07 . 2012-05-29 18:52 20480 c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2009-05-19 17:25 . 2012-05-29 18:52 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
- 2009-05-19 17:25 . 2012-05-26 14:29 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
- 2009-05-19 17:25 . 2012-05-26 14:29 96256 c:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2009-05-19 17:25 . 2012-05-29 18:52 96256 c:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2010-05-13 13:11 . 2012-05-29 18:52 80896 c:\windows\.jagex_cache_32\runescape\jagdx.dll
- 2010-05-13 13:11 . 2012-05-26 14:29 80896 c:\windows\.jagex_cache_32\runescape\jagdx.dll
- 2010-05-13 13:11 . 2012-05-26 14:29 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll
+ 2010-05-13 13:11 . 2012-05-29 18:52 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll
- 2008-07-01 16:05 . 2012-05-26 14:29 19767 c:\windows\.jagex_cache_32\runescape\game_unpacker.dat
+ 2008-07-01 16:05 . 2012-05-29 18:52 19767 c:\windows\.jagex_cache_32\runescape\game_unpacker.dat
+ 2008-07-01 16:07 . 2012-05-29 18:52 315392 c:\windows\.jagex_cache_32\runescape\jogl.dll
- 2008-07-01 16:07 . 2012-05-26 14:29 315392 c:\windows\.jagex_cache_32\runescape\jogl.dll
+ 2010-05-13 13:11 . 2012-05-29 18:52 147456 c:\windows\.jagex_cache_32\runescape\jaclib.dll
- 2010-05-13 13:11 . 2012-05-26 14:29 147456 c:\windows\.jagex_cache_32\runescape\jaclib.dll
+ 2008-07-01 16:07 . 2012-05-29 18:52 315392 c:\windows\.jagex_cache_32\runescape\browsercontrol.dll
- 2008-07-01 16:07 . 2012-05-26 14:29 315392 c:\windows\.jagex_cache_32\runescape\browsercontrol.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 1580544 c:\windows\system32\sfcfiles.dll
+ 2004-08-11 16:00 . 2004-08-04 04:00 1580544 c:\windows\system32\dllcache\sfcfiles.dll
+ 2010-02-08 16:10 . 2012-05-29 18:52 1271808 c:\windows\.jagex_cache_32\runescape\sw3d.dll
- 2010-02-08 16:10 . 2012-05-26 14:29 1271808 c:\windows\.jagex_cache_32\runescape\sw3d.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-31 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-14 29744]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"NvMediaCenter"="NvMCTray.dll" [2008-02-22 86016]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2007-01-11 291760]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 82864]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2006-12-11 295856]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 106496]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
"DHSClient.exe"="c:\program files\Virgin Media\Digital Home Support\DHSClient.exe" [2011-03-23 2032952]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2006-09-08 1036288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-17 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-24 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\lxcrcoms.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Virgin Media\\Service Manager\\ServicepointService.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [28/05/2012 19:45 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28/05/2012 18:58 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28/05/2012 18:58 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28/05/2012 18:58 20696]
R2 HsdService;HsdService;c:\program files\Virgin Media\Digital Home Support\HsdService.exe [06/05/2012 10:27 1406264]
R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [06/05/2012 10:25 689464]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/10/2009 12:02 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [06/05/2012 10:42 257696]
S3 cpuz131;cpuz131;\??\c:\docume~1\Jackie\LOCALS~1\Temp\cpuz131\cpuz_x32.sys --> c:\docume~1\Jackie\LOCALS~1\Temp\cpuz131\cpuz_x32.sys [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [24/08/2007 20:20 29744]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/10/2009 12:02 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [24/04/2012 17:15 129976]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 09:42]
.
2011-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-05-30 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 11:02]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 11:02]
.
2012-05-30 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6070825
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6070825
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?f885498c0fe347cb886445d06745b3dc
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?f885498c0fe347cb886445d06745b3dc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Jackie\Application Data\Mozilla\Firefox\Profiles\kfk1uquo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B7456cb6f-059d-48a6-bacf-51ed36a2fec1%7D&mid=39eaf3ecdf9b47d6bca6d15565e79c15-9c178247fd72b167329b112d929510db39f7d8ce&ds=AVG&v=9.0.0.18.1&lang=us&pr=fr&d=2011-12-14%2018%3A13%3A07&sap=ku&q=
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
user_pref(network.http.accept.default,text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5,application/x-tsmxml);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-30 18:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(4428)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2012-05-30 18:53:00
ComboFix-quarantined-files.txt 2012-05-30 17:52
ComboFix2.txt 2012-05-29 16:47
ComboFix3.txt 2012-05-28 16:21
ComboFix4.txt 2012-05-27 10:11
.
Pre-Run: 95,621,541,888 bytes free
Post-Run: 95,620,366,336 bytes free
.
- - End Of File - - 804BED60FB937721B8F7CF8A44D86C61
Upload was successful

Eset

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a49737b0e5027543a25e271cb5f747ed
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-05-30 06:39:47
# local_time=2012-05-30 07:39:47 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=24576
# found=7
# cleaned=0
# scan_time=2031
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv1.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv2.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv3.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv4.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv5.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jackie\Application Data\AVG\Rescue\PC Tuneup 2011\110315192448468.rsc multiple threats (unable to clean) 00000000000000000000000000000000 I
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a49737b0e5027543a25e271cb5f747ed
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-05-30 08:23:02
# local_time=2012-05-30 09:23:02 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 2514 2514 0 0
# scanned=122562
# found=26
# cleaned=0
# scan_time=5951
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv1.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv2.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv3.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv4.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv5.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jackie\Application Data\AVG\Rescue\PC Tuneup 2011\110315192448468.rsc multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jackie\SmitfraudFix\restart.exe Win32/Shutdown.NAA application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\59\736271bb-42c40cb9 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Jackie\Local Settings\Application Data\rhfhgavy\_akwtqdfp_.exe.zip a variant of Win32/Kryptik.AGFD trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1033\A0219464.exe a variant of Win32/Kryptik.AGFD trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1033\A0219501.exe a variant of Win32/Kryptik.AGFD trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1033\A0219554.exe a variant of Win32/Kryptik.AGFD trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1033\A0219628.exe a variant of Win32/Kryptik.AGFD trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1034\A0219710.exe a variant of Win32/Kryptik.AGFD trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1034\A0219832.exe a variant of Win32/Kryptik.AGFD trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1034\A0219912.exe a variant of Win32/Kryptik.AGFD trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1034\A0219951.exe a variant of Win32/Kryptik.AGFD trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1034\A0219987.exe a variant of Win32/Kryptik.AGFD trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1034\A0220987.exe a variant of Win32/Kryptik.AGFD trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1034\A0221026.exe a variant of Win32/Kryptik.AGFD trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1034\A0221128.exe a variant of Win32/Kryptik.AGFD trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1036\A0221484.exe a variant of Win32/Kryptik.AGFD trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1037\A0221511.exe a variant of Win32/Kryptik.AGFD trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1038\A0221521.exe a variant of Win32/Kryptik.AGFD trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1038\A0221522.exe a variant of Win32/Kryptik.AGFD trojan (unable to clean) 00000000000000000000000000000000 I



26 infected files?! Oh my!!

Please note, ESET scan had to be restarted as my AV kicked back in (I had only disabled it for an hour) so I disabled it for longer and restarted scan - hope that was ok.

Once again, thank you for the time you are spending helping me RPMcMurphy.

Edited by Mythi, 30 May 2012 - 03:34 PM.


#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 31 May 2012 - 11:47 AM

Those detections are either already in quarantine or in your system restore cache and will be cleared when we clean up. How is your computer running now?

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 Mythi

Mythi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 31 May 2012 - 12:42 PM

Ahh ok, thank you.

It's running a lot better, I am able to connect to the Internet and start up is much quicker now. Antivirus running and updating fine.

#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 31 May 2012 - 09:09 PM

Great! All I have left for you is a software update and some very important cleanup that will remove those ESET detections:

Posted Image Your Adobe reader needs to be updated. Please visit Adobe's site and grab the newest version. Be sure to watch for and uncheck any boxes offering to install other software.

Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall
Posted Image

Posted Image Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
  • Manually delete any remaining logs or tools.
Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Please read this post for some helpful information.
Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 Mythi

Mythi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 31 May 2012 - 11:34 PM

Good morning RPMcMurphy

As requested:

  • Adobe Reader updated, no other software installed along with it.
  • Combofix uninstalled.
  • OTL clean up performed
  • All other logs etc manually deleted.
  • Antivirus and MBAM are both current and scans will be performed at least weekly.
  • Read and bookmarked the link posted 'PC Safety and Security - What Do I Need?'

I seriously cannot thank you enough for your help.

Ever grateful

Mythi.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users