Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help infected with Bloodhound.MalPE


  • This topic is locked This topic is locked
2 replies to this topic

#1 rysktkr

rysktkr

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 25 June 2012 - 01:19 PM

My SEP detected Bloodhound.MalPE but was unable to remove it. I ran Malwarebytes it detected several viruses and trojans. Unfortunately the removal was not successful. I tried running DDS to get a log but it freezes everytime in the progress location. I read another post someone had the DDS issue and the mod recommended OTL. I ran per mod instructions and successful have a log below:

OTL logfile created on: 6/25/2012 10:46:13 AM - Run 5
OTL by OldTimer - Version 3.2.53.0 Folder = I:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 72.60% Memory free
5.30 Gb Paging File | 4.34 Gb Available in Paging File | 81.99% Paging File free
Paging file location(s): C:\pagefile.sys 2000 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 1863.01 Gb Total Space | 208.96 Gb Free Space | 11.22% Space Free | Partition Type: NTFS
Drive F: | 465.75 Gb Total Space | 370.61 Gb Free Space | 79.57% Space Free | Partition Type: NTFS
Drive G: | 298.09 Gb Total Space | 50.00 Gb Free Space | 16.77% Space Free | Partition Type: NTFS
Drive I: | 698.64 Gb Total Space | 44.40 Gb Free Space | 6.36% Space Free | Partition Type: NTFS

Computer Name: MYPC | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - I:\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\All Users\Application Data\l0gdw4nUSn3xA4.exe ()
PRC - C:\Documents and Settings\All Users\Application Data\GiBbQUEPdGQQTat.exe ()
PRC - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (Verizon)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\VERIZONDM\bin\tgsrvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\VERIZONDM\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Cyberlink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files\Cyberlink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe (Sling Media Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\DoScan.exe (Symantec Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG)
PRC - C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe (StorageCraft Technology Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\attrib.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\vsnapvss.exe (StorageCraft Technology Corporation)
PRC - C:\Program Files\RemotelyAnywhere\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\RemotelyAnywhere\x86\RemotelyAnywhere.exe (LogMeIn, Inc.)
PRC - C:\WINDOWS\system32\V0230Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\All Users\Application Data\l0gdw4nUSn3xA4.exe ()
MOD - C:\Documents and Settings\All Users\Application Data\GiBbQUEPdGQQTat.exe ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\371591225ee369c94784e24dc22f2e45\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0f9d7198d2c0a3953fb59b1aca0d35f7\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e3290e9cf0eced36ca662cf67df4a939\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\c821be068070b07a9a339ab7152bc95e\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\log4net\b148ea1e60af87aae04848909f5b19f2\log4net.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll ()
MOD - C:\Program Files\Yahoo!\Messenger\yui.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll ()
MOD - C:\util\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\system32\btwicons.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\WINDOWS\system32\WgaLogon.dll ()
MOD - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU ()
MOD - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA ()
MOD - C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll ()
MOD - C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Creative\Creative Live! Cam\VideoFX\EyeCatcherEx.dll ()


========== Win32 Services (SafeList) ==========

SRV - (StorageCraft Image Manager32) -- C:\WINDOWS\system32\ntsdexts32.exe File not found
SRV - (IHA_MessageCenter) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (Verizon)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (tgsrvc_verizondm) SupportSoft Repair Service (verizondm) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (SlingAgentService) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe (Sling Media Inc.)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (NeroMediaHomeService.4) -- C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG)
SRV - (ShadowProtectSvc) -- C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe (StorageCraft Technology Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (StorageCraft Image Manager) -- C:\Program Files\StorageCraft\ImageManager\ImageManager.exe (StorageCraft Technology Corporation)
SRV - (VSNAPVSS) -- C:\WINDOWS\system32\vsnapvss.exe (StorageCraft Technology Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (RAMaint) -- C:\Program Files\RemotelyAnywhere\x86\ramaint.exe (LogMeIn, Inc.)
SRV - (RemotelyAnywhere) -- C:\Program Files\RemotelyAnywhere\x86\RemotelyAnywhere.exe (LogMeIn, Inc.)


========== Driver Services (SafeList) ==========

DRV - (ulqieexonuftkbpc) -- C:\WINDOWS\system32\drivers\ulqieexonuftkbpc.sys File not found
DRV - (rxyciorjinidwpsp) -- C:\WINDOWS\system32\drivers\rxyciorjinidwpsp.sys File not found
DRV - (PCIDump) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Mark\LOCALS~1\Temp\catchme.sys File not found
DRV - (afup9m3a) -- File not found
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Program Files\PowerDVD8\PowerDVD8\000.fcl File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120619.009\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120619.009\NAVENG.SYS (Symantec Corporation)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (Power Software Ltd)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Program Files\Cyberlink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.)
DRV - (ArcSec) -- C:\WINDOWS\system32\drivers\ArcSec.sys ()
DRV - (cpuz134) -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys (Windows ® Win 7 DDK provider)
DRV - (btkrnl) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\ambfilt.sys (Creative)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files\Cyberlink\PowerDVD9\000.fcl (CyberLink Corp.)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (JRAID) -- C:\WINDOWS\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (archlp) -- C:\WINDOWS\system32\drivers\archlp.sys ()
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (Changer) -- C:\WINDOWS\System32\drivers\changer.sys (Microsoft Corporation)
DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (sbmount) -- C:\WINDOWS\System32\drivers\sbmount.sys (StorageCraft Technology Corporation)
DRV - (stcvsm) -- C:\WINDOWS\System32\drivers\stcvsm.sys (StorageCraft Technology Corporation)
DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (RARfsClientNP) -- C:\WINDOWS\System32\RARfsClientNP.dll (LogMeIn, Inc.)
DRV - (RAInfo) -- C:\Program Files\RemotelyAnywhere\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (ramirr) -- C:\WINDOWS\system32\drivers\ramirr.sys (LogMeIn, Inc.)
DRV - (RARfsDriver) -- C:\WINDOWS\system32\drivers\RARfsDriver.sys (LogMeIn, Inc.)
DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (thdudf) -- C:\WINDOWS\system32\drivers\thdudf.sys (TOSHIBA Corporation)
DRV - (V0230VID) -- C:\WINDOWS\system32\drivers\V0230VID.sys (Creative Technology Ltd.)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\hap17v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\hap16v2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (V0230Vfx) -- C:\WINDOWS\system32\drivers\V0230Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (JGOGO) -- C:\WINDOWS\system32\drivers\JGOGO.sys (JMicron )
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKLM\..\SearchScopes,DefaultScope = {CAD1FE9C-2087-4E81-9478-7118837FE1AB}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{CAD1FE9C-2087-4E81-9478-7118837FE1AB}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 93 54 D9 01 0B 8F 93 41 80 B5 4F B4 D5 7D D6 41 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 93 54 D9 01 0B 8F 93 41 80 B5 4F B4 D5 7D D6 41 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 93 54 D9 01 0B 8F 93 41 80 B5 4F B4 D5 7D D6 41 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 93 54 D9 01 0B 8F 93 41 80 B5 4F B4 D5 7D D6 41 [binary data]

IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask.com/redirect?client=ie&tb=PF&o=15176&src=crm&q={searchTerms}&locale=en_US
IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..\SearchScopes\{1C0D0694-1180-4AA3-936F-B1D37BA255BB}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..\SearchScopes\{49D60479-E907-4C2D-A3BB-76BA23E9C673}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBF_enUS323
IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..\SearchScopes\{A57EADD3-0DCF-4BE1-B740-FE830E3DBC88}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..\SearchScopes\{CAD1FE9C-2087-4E81-9478-7118837FE1AB}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..\SearchScopes\{CB30F4C5-1E61-4556-82D2-168822A44962}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html
IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com
IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: firefox1@myibay.com:1.1.8
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Mark\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/02/08 18:04:38 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/02/08 18:04:41 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/08 21:36:42 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/07 11:14:50 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/24 14:15:41 | 000,000,000 | -H-D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/08 21:36:42 | 000,000,000 | -H-D | M]

[2009/11/26 13:50:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Extensions
[2012/05/30 09:49:29 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions
[2010/07/15 07:23:52 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/29 08:10:57 | 000,000,000 | -H-D | M] (WebSlingPlayer) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2012/05/30 09:49:29 | 000,000,000 | -H-D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/06/01 08:42:10 | 000,000,000 | -H-D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\DTToolbar@toolbarnet.com
[2010/09/21 11:24:44 | 000,000,000 | -H-D | M] (Search Toolbar) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\searchtoolbar@zugo.com
[2009/12/26 11:08:58 | 000,002,254 | -H-- | M] () -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\searchplugins\askcom.xml
[2011/08/07 16:56:33 | 000,002,055 | -H-- | M] () -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\searchplugins\daemon-search.xml
[2011/12/22 15:07:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/30 09:13:21 | 000,019,920 | -H-- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\P5OO56MT.DEFAULT\EXTENSIONS\FIREFOX1@MYIBAY.COM.XPI
[2012/06/07 11:14:46 | 000,085,472 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/11 16:56:18 | 000,611,224 | -H-- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/14 08:38:18 | 000,001,525 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/05/14 08:38:18 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/14 08:38:18 | 000,000,935 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/14 08:38:18 | 000,001,166 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/05/14 08:38:18 | 000,002,040 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/05/14 08:38:18 | 000,001,121 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [GiBbQUEPdGQQTat.exe] C:\Documents and Settings\All Users\Application Data\GiBbQUEPdGQQTat.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [Nero MediaHome 4] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector10\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003..\Run: [DAEMON Tools Lite] C:\util\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\Mark\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Program Files\Jts\WiseUpdt.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1007\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1008\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install-ie/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} http://dishconnectivity.sling.com/dpit/downloads/pc/SlingHealth.cab (SlingHealth Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} http://plugin.slingbox.com/downloads/pc/1.4.0.115/WebSlingPlayer.cab (WebSlingPlayer)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} http://mypc:2000/activex/RACtrl.cab (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E1FF7CE-12D4-48A4-B40B-360FD23B51A6}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32 acaptuser32.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1960408961-1303643608-839522115-1007 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1960408961-1303643608-839522115-1008 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll ()
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/25 11:03:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mark\Recent
[2012/06/25 08:04:52 | 000,607,260 | RH-- | C] (Swearware) -- C:\dds.scr
[2012/06/25 07:37:49 | 000,040,776 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/06/25 07:30:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mark\Start Menu\Programs\Data Recovery
[2012/06/20 11:59:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/04 21:49:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mark\Application Data\FreeArc
[2012/06/04 21:48:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Mark\Start Menu\Programs\FreeArc
[2012/06/04 21:46:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\3081
[2009/05/26 21:59:38 | 000,047,360 | -H-- | C] (VSO Software) -- C:\Documents and Settings\Mark\Application Data\pcouffin.sys
[8 C:\Documents and Settings\Mark\My Documents\*.tmp files -> C:\Documents and Settings\Mark\My Documents\*.tmp -> ]
[1 C:\WINDOWS\$NtUninstallKB44723$\1760806464\*.tmp files -> C:\WINDOWS\$NtUninstallKB44723$\1760806464\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/25 11:12:03 | 000,000,974 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1303643608-839522115-1003UA.job
[2012/06/25 11:10:16 | 000,000,830 | -H-- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/25 11:10:02 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/25 10:38:14 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/25 10:37:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/25 08:12:02 | 000,000,922 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1303643608-839522115-1003Core.job
[2012/06/25 08:07:08 | 000,302,592 | -H-- | M] () -- C:\Documents and Settings\Mark\Desktop\4hb646j5.exe
[2012/06/25 08:04:53 | 000,607,260 | RH-- | M] (Swearware) -- C:\dds.scr
[2012/06/25 07:37:49 | 000,040,776 | -H-- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/06/25 07:32:15 | 000,000,256 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\l0gdw4nUSn3xA4
[2012/06/25 07:30:29 | 000,000,858 | -H-- | M] () -- C:\Documents and Settings\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/06/25 07:30:29 | 000,000,840 | -H-- | M] () -- C:\Documents and Settings\Mark\Desktop\Data_Recovery.lnk
[2012/06/25 07:30:29 | 000,000,152 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-l0gdw4nUSn3xA4r
[2012/06/25 07:30:29 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-l0gdw4nUSn3xA4
[2012/06/25 07:29:50 | 000,257,672 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\l0gdw4nUSn3xA4.exe
[2012/06/25 07:25:56 | 000,002,228 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/25 02:55:04 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A7972C66-43AF-4964-A40E-32D2946479FE}.job
[2012/06/25 02:45:04 | 000,000,655 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/21 13:09:01 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/20 17:05:10 | 000,000,256 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\kpI0dn6tFIoruY
[2012/06/20 17:04:08 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-kpI0dn6tFIoruYr
[2012/06/20 17:04:08 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-kpI0dn6tFIoruY
[2012/06/20 11:49:28 | 008,405,015 | -H-- | M] () -- C:\WINDOWS\TempFile
[2012/06/20 11:47:24 | 000,030,120 | -H-- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000004-00531102}.rfx
[2012/06/20 11:47:24 | 000,030,120 | -H-- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000000-00001102-00000004-00531102}.rfx
[2012/06/20 11:47:24 | 000,027,408 | -H-- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000000-00001102-00000004-00531102}.rfx
[2012/06/20 11:47:24 | 000,027,408 | -H-- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000000-00001102-00000004-00531102}.rfx
[2012/06/20 11:47:24 | 000,011,564 | -H-- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000000-00001102-00000004-00531102}.rfx
[2012/06/20 11:47:24 | 000,001,076 | -H-- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/06/20 11:47:24 | 000,001,076 | -H-- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/06/20 09:29:22 | 000,351,368 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\GiBbQUEPdGQQTat.exe
[2012/06/18 20:12:01 | 000,000,352 | -H-- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/06/17 21:38:32 | 000,002,471 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Hallmark Card Studio 2009.lnk
[2012/06/11 21:12:05 | 000,001,816 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/06/06 08:18:17 | 000,010,972 | -H-- | M] () -- C:\Documents and Settings\Mark\Desktop\Mark BP Report 060612.csv
[2012/06/06 08:13:43 | 000,007,645 | -H-- | M] () -- C:\Documents and Settings\Mark\Desktop\BP Report 060612.csv
[2012/06/04 21:48:01 | 000,000,646 | -H-- | M] () -- C:\Documents and Settings\Mark\Desktop\FreeArc.lnk
[8 C:\Documents and Settings\Mark\My Documents\*.tmp files -> C:\Documents and Settings\Mark\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/25 08:07:07 | 000,302,592 | -H-- | C] () -- C:\Documents and Settings\Mark\Desktop\4hb646j5.exe
[2012/06/25 07:30:29 | 000,000,858 | -H-- | C] () -- C:\Documents and Settings\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/06/25 07:30:29 | 000,000,840 | -H-- | C] () -- C:\Documents and Settings\Mark\Desktop\Data_Recovery.lnk
[2012/06/25 07:30:29 | 000,000,152 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-l0gdw4nUSn3xA4r
[2012/06/25 07:30:29 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-l0gdw4nUSn3xA4
[2012/06/25 07:30:10 | 000,000,256 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\l0gdw4nUSn3xA4
[2012/06/25 07:29:50 | 000,257,672 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\l0gdw4nUSn3xA4.exe
[2012/06/20 17:04:08 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-kpI0dn6tFIoruYr
[2012/06/20 17:04:08 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-kpI0dn6tFIoruY
[2012/06/20 17:04:01 | 000,000,256 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\kpI0dn6tFIoruY
[2012/06/20 09:32:26 | 000,351,368 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\GiBbQUEPdGQQTat.exe
[2012/06/06 08:18:17 | 000,010,972 | -H-- | C] () -- C:\Documents and Settings\Mark\Desktop\Mark BP Report 060612.csv
[2012/06/06 08:13:43 | 000,007,645 | -H-- | C] () -- C:\Documents and Settings\Mark\Desktop\BP Report 060612.csv
[2012/06/04 21:48:01 | 000,000,646 | -H-- | C] () -- C:\Documents and Settings\Mark\Desktop\FreeArc.lnk
[2012/06/04 21:46:44 | 000,000,352 | -H-- | C] () -- C:\WINDOWS\tasks\At1.job
[2012/05/30 09:30:38 | 000,205,296 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/12 16:34:23 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2012/03/30 18:24:04 | 000,406,754 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1960408961-1303643608-839522115-1003-0.dat
[2012/03/30 18:23:31 | 000,290,510 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/03/19 13:42:05 | 000,000,590 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/15 21:03:02 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/30 19:00:39 | 000,216,064 | -H-- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2012/01/30 19:00:38 | 000,715,038 | -H-- | C] () -- C:\WINDOWS\unins000.exe
[2012/01/30 19:00:38 | 000,001,782 | -H-- | C] () -- C:\WINDOWS\unins000.dat
[2012/01/24 14:45:24 | 000,055,055 | -H-- | C] () -- C:\Documents and Settings\Mark\Start Menu.rar
[2012/01/19 21:09:07 | 000,000,164 | -H-- | C] () -- C:\WINDOWS\huffyuv_mt.ini
[2011/12/30 12:21:02 | 000,131,072 | -H-- | C] () -- C:\WINDOWS\System32\imgproc.dll
[2011/12/28 18:47:14 | 000,363,520 | -H-- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2011/12/28 18:41:52 | 000,000,040 | -H-- | C] () -- C:\WINDOWS\EditPack.INI
[2011/12/27 14:46:07 | 000,000,013 | RHS- | C] () -- C:\WINDOWS\System32\IEcacher.dll
[2011/12/19 01:06:41 | 000,002,048 | -H-- | C] () -- C:\WINDOWS\$NtUninstallKB44723$\1760806464\U\00000001.@
[2011/12/16 03:17:20 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\$NtUninstallKB44723$\1760806464\U\80000032.@
[2011/12/08 07:55:12 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\kG5MuXD4.com.b
[2011/12/08 07:12:30 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Qx8JA8PBv.dat
[2011/12/07 18:29:10 | 000,002,048 | -H-- | C] () -- C:\WINDOWS\$NtUninstallKB44723$\1760806464\@
[2011/12/07 18:28:50 | 000,012,708 | -HS- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\f7n6beithc3553o8ae7ie4l1neo
[2011/12/07 18:28:50 | 000,012,708 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\f7n6beithc3553o8ae7ie4l1neo
[2011/12/02 05:07:49 | 000,224,768 | -H-- | C] () -- C:\WINDOWS\$NtUninstallKB44723$\1760806464\U\00000002.@
[2011/11/29 06:10:08 | 000,012,800 | -H-- | C] () -- C:\WINDOWS\$NtUninstallKB44723$\1760806464\U\80000004.@
[2011/11/02 10:48:14 | 000,001,024 | -H-- | C] () -- C:\WINDOWS\$NtUninstallKB44723$\1760806464\U\00000004.@
[2011/10/10 22:31:04 | 000,000,097 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\1.12.0.lic
[2011/09/23 09:33:05 | 000,001,024 | -H-- | C] () -- C:\WINDOWS\$NtUninstallKB44723$\1760806464\U\80000000.@
[2011/09/07 12:45:33 | 000,000,052 | -H-- | C] () -- C:\WINDOWS\ib.ini
[2011/09/07 12:45:31 | 000,026,624 | -H-- | C] () -- C:\WINDOWS\GetIe.dll
[2011/07/13 09:23:25 | 000,273,344 | -H-- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/07/13 09:23:22 | 000,273,344 | -H-- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/07/13 09:23:22 | 000,000,001 | -H-- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/07/07 09:11:38 | 002,340,992 | -H-- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011/07/07 09:11:38 | 000,018,048 | -H-- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/07/07 09:11:37 | 000,086,408 | -H-- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/07/07 09:11:37 | 000,013,192 | -H-- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/07/07 09:11:37 | 000,008,456 | -H-- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2011/06/25 15:37:24 | 000,012,910 | -HS- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\22500634ug8u87c8e64k6l3sf3v
[2011/06/25 15:37:24 | 000,012,910 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\22500634ug8u87c8e64k6l3sf3v
[2011/06/19 14:42:35 | 000,003,651 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2011/06/06 20:41:27 | 000,018,021 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/06/06 20:01:21 | 000,002,985 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
[2011/06/06 19:59:21 | 000,002,886 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
[2011/06/06 14:04:37 | 000,002,852 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
[2011/06/06 14:04:20 | 000,001,195 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Dalet Codec.dat
[2011/06/06 14:04:06 | 000,003,142 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
[2011/06/06 14:02:34 | 000,002,433 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Batch Ripper.dat
[2011/05/24 11:37:25 | 000,002,854 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
[2011/05/21 07:01:00 | 002,123,582 | -H-- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/04/25 16:56:17 | 000,073,216 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/03/26 10:27:36 | 000,001,833 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
[2011/03/26 10:27:31 | 000,001,213 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Wave64 Codec.dat
[2011/03/26 10:27:25 | 000,002,217 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
[2011/03/26 10:27:21 | 000,011,462 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
[2011/03/26 10:26:56 | 000,002,997 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp WavPack Codec.dat
[2011/03/26 10:26:47 | 000,003,054 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2011/03/26 10:26:29 | 000,003,096 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
[2011/03/26 10:26:20 | 000,002,976 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2011/03/26 10:26:11 | 000,002,832 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
[2011/03/26 10:25:20 | 000,012,485 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/03/26 10:25:06 | 003,835,624 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/02/11 16:13:15 | 000,081,737 | -H-- | C] () -- C:\WINDOWS\hpqins13.dat
[2011/02/08 21:23:24 | 000,000,053 | -H-- | C] () -- C:\WINDOWS\DVDFab.INI
[2011/02/08 17:58:39 | 000,239,702 | -H-- | C] () -- C:\WINDOWS\hpwins05.dat
[2011/02/08 17:58:39 | 000,003,111 | -H-- | C] () -- C:\WINDOWS\hpwmdl05.dat
[2011/01/18 11:17:21 | 000,000,165 | -H-- | C] () -- C:\WINDOWS\QUICKEN.INI
[2011/01/13 00:22:01 | 000,000,035 | -H-- | C] () -- C:\WINDOWS\A6W.INI
[2010/09/21 09:10:32 | 000,192,504 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ArcSec.sys
[2010/05/24 20:26:52 | 000,000,600 | -H-- | C] () -- C:\Documents and Settings\Mark\Application Data\winscp.rnd
[2010/03/15 13:29:37 | 000,000,140 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/03/12 14:44:17 | 000,012,508 | -HS- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\e47O
[2010/03/09 22:26:31 | 000,002,528 | -H-- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2009/09/17 06:46:09 | 000,000,137 | -H-- | C] () -- C:\Documents and Settings\Mark\Application Data\lakerda1967.sys
[2009/09/17 06:45:50 | 000,010,584 | -H-- | C] () -- C:\Documents and Settings\Mark\Application Data\docXConverter (3).ini
[2009/08/06 16:23:06 | 000,002,528 | -H-- | C] () -- C:\Documents and Settings\Mark\Application Data\$_hpcst$.hpc
[2009/07/22 09:44:15 | 000,000,008 | RH-- | C] () -- C:\Documents and Settings\Mark\hwid
[2009/07/02 13:33:58 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\Mark\Application Data\default.rss
[2009/05/26 21:59:38 | 000,007,887 | -H-- | C] () -- C:\Documents and Settings\Mark\Application Data\pcouffin.cat
[2009/05/26 21:59:38 | 000,001,144 | -H-- | C] () -- C:\Documents and Settings\Mark\Application Data\pcouffin.inf
[2009/04/18 19:51:11 | 000,079,360 | -H-- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/13 08:34:07 | 000,541,379 | -H-- | C] () -- C:\Documents and Settings\Mark\7_4_SL.jpg
[2009/04/13 08:34:07 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Mark\netsh
[2004/08/04 05:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{f53b4e5d-be5e-dbd5-89b7-192bca81046d}\@
[2004/08/04 05:00:00 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\{f53b4e5d-be5e-dbd5-89b7-192bca81046d}\@

========== Alternate Data Streams ==========

@Alternate Data Stream - 368 bytes -> C:\Documents and Settings\Mark\Local Settings\Application Data\desktop.ini:722b2b1c349a06abf0e866180e5a7e63

< End of report >

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 AM

Posted 30 June 2012 - 09:18 AM

Run OTL - Double-click OTL.exe Posted Image to start it.

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - C:\Documents and Settings\All Users\Application Data\l0gdw4nUSn3xA4.exe ()
    PRC - C:\Documents and Settings\All Users\Application Data\GiBbQUEPdGQQTat.exe ()
    MOD - C:\Documents and Settings\All Users\Application Data\l0gdw4nUSn3xA4.exe ()
    MOD - C:\Documents and Settings\All Users\Application Data\GiBbQUEPdGQQTat.exe ()
    SRV - (StorageCraft Image Manager32) -- C:\WINDOWS\system32\ntsdexts32.exe File not found
    DRV - (ulqieexonuftkbpc) -- C:\WINDOWS\system32\drivers\ulqieexonuftkbpc.sys File not found
    DRV - (rxyciorjinidwpsp) -- C:\WINDOWS\system32\drivers\rxyciorjinidwpsp.sys File not found
    DRV - (PCIDump) -- File not found
    DRV - (afup9m3a) -- File not found
    FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
    FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
    O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
    O3 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [GiBbQUEPdGQQTat.exe] C:\Documents and Settings\All Users\Application Data\GiBbQUEPdGQQTat.exe ()
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    @Alternate Data Stream - 368 bytes -> C:\Documents and Settings\Mark\Local Settings\Application Data\desktop.ini:722b2b1c349a06abf0e866180e5a7e63
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
    ===

*****

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs and let me know what problem persists.
===

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 AM

Posted 06 July 2012 - 09:45 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users