Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cannot access many (anti-malware) websites and hsbc bank homepage requesting personal information - windows xp


  • This topic is locked This topic is locked
21 replies to this topic

#1 krooney

krooney

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 26 December 2012 - 05:15 PM

Hi,

This morning I tried to access my bank account online using the HSBC website - using firefox as my browser. On the homepage a new box appeared which requested some personal information for security purposes. I was suspicious and so I tried opening the HSBC site with google chrome, and the dialog box did not appear. I became suspicious and I tried to do some google searching in order to download anti-malware products..However almost all my attempts failed because for some reason the browsers could not connect to these potentiall helpful websites. Currently I am writing from another laptop because also I could not access this website on my computer.
I have managed to carry out scans using Spybot and Malwarebytes - which found some things, and fixed them but this does not seem to have changed anything.
p.s. I am using my work laptop not a personal one, in case this makes any difference in terms of reading the logs.

DDS is as follows:





DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by 04890 at 22:49:30 on 2012-12-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2819 [GMT 1:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\VAI ID-Suite\LogonProcessor\LPAgent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\ManageSoft\Launcher\mgsdl.exe
C:\Program Files\ManageSoft\Security Agent\mgssecsvc.exe
C:\Program Files\ManageSoft\Launcher\ndserv.exe
C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\Program Files\Teamviewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Teamviewer\Version7\TeamViewer.exe
C:\Program Files\Teamviewer\Version7\tv_w32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\OA001Mon.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Documents and Settings\04890\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://intouch.kema.intra/
uWindow Title = Microsoft Internet Explorer provided by DNVKEMA
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ManageSoft Web Application Tracker: {30A22EC9-42D0-4D46-A2F7-7516419F943D} - c:\program files\managesoft\usage agent\mgsiebho.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20121107093904.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Google Update] "c:\documents and settings\04890\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Spotify Web Helper] "c:\documents and settings\04890\application data\spotify\data\SpotifyWebHelper.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Facebook Update] "c:\documents and settings\04890\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Oxihi] "c:\documents and settings\04890\application data\uxukq\fior.exe"
uRunOnce: [SpybotDeletingF9094] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\SchedLgU.Txt"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [AESTFltr] c:\windows\system32\AESTFltr.exe /NoDlg
mRun: [OA001Mon] c:\windows\OA001Mon.exe
mRun: [SchedulingAgent_nDG] "c:\program files\managesoft\schedule agent\ndschedag.exe" -o RunNDStartup=True -o Startup=True
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRunOnce: [SpybotDeletingE9610] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\SchedLgU.Txt"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\04890\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\04890\startm~1\programs\startup\yammer.lnk - c:\program files\yammer\Yammer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoSimpleStartMenu = dword:1
uPolicies-Explorer: DisallowCpl = dword:1
mPolicies-System: disablecad = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - hxxps://portal.kema.com/vdesk/terminal/f5opswati.cab#Version=7001,2010,1027,1125
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://portal.kema.com/vdesk/terminal/urxvpn.cab#version=7000,2010,1020,1444
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - hxxps://portal.kema.com/vdesk/terminal/f5opswati.cab#Version=7001,2010,1027,1125
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://portal.kema.com/vdesk/terminal/f5tunsrv.cab#version=7000,2010,1020,1433
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://portal.kema.com/vdesk/terminal/InstallerControl.cab
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - hxxps://portal.kema.com/vdesk/terminal/f5opswati.cab#Version=7001,2010,1027,1125
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - hxxps://portal.kema.com/vdesk/terminal/f5InspectionHost.cab#version=7000,2010,1020,1407
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277099725765
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://portal.kema.com/vdesk/terminal/urxshost.cab#version=7000,2010,1020,1428
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://portal.kema.com/vdesk/terminal/urxhost.cab#version=7000,2010,1020,1502
DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - hxxps://portal.kema.com/policy/download_binary.php/win32/f5syschk.cab#Version=7000,2010,1020,1432
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - hxxps://portal.kema.com/vdesk/terminal/f5opswati.cab#Version=7001,2010,1027,1125
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\04890\application data\mozilla\firefox\profiles\5vat8qy4.default\
FF - plugin: c:\documents and settings\04890\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-4-13 477584]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-4-13 90368]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2008-11-11 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2008-11-11 20840]
R2 LPAgent;LPAgent;c:\program files\vai id-suite\logonprocessor\LPAgent.exe [2004-7-16 53248]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-26 399432]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2011-10-24 165440]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-11-15 132672]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-4-13 167344]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2011-9-14 209760]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-4-13 159640]
R2 mgsdl;ManageSoft Peer-to-Peer Download Service;c:\program files\managesoft\launcher\mgsdl.exe [2009-10-14 1400320]
R2 mgssecsvc;ManageSoft Security Service;c:\program files\managesoft\security agent\mgssecsvc.exe [2009-10-14 1070080]
R2 ndGlobalLauncher;ManageSoft installation agent;c:\program files\managesoft\launcher\ndserv.exe [2009-10-14 2735936]
R2 ndinit;ManageSoft managed device;c:\program files\managesoft\schedule agent\ndinit.exe [2009-10-14 707392]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-12-26 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-12-26 1369624]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-3-19 2667392]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-7-13 112512]
R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [2009-1-13 12840]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-1-13 32808]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-1-13 244368]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-4-13 215024]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-4-13 59616]
R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [2009-7-13 148056]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-7-13 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-7-13 280096]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [2010-10-20 35448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-12-26 676936]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2012-12-26 168384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-5-3 158856]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2012-6-5 10744]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-26 22856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-4-13 87816]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-3-27 137600]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
ShellExec: matlab.exe: Open="c:\program files\matlab\r2012a\bin\win32\matlab.exe"
.
=============== Created Last 30 ================
.
2012-12-26 21:04:32 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-12-26 21:04:19 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-12-26 21:04:13 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-12-26 13:02:01 -------- d-----w- c:\documents and settings\04890\application data\Malwarebytes
2012-12-26 13:00:57 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-12-26 13:00:55 335872 ----a-r- c:\documents and settings\04890\application data\microsoft\installer\{7993d673-0a79-41dc-ae58-cda631f5b816}\NewIcon.exe
2012-12-26 12:59:56 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-26 12:59:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-26 12:39:35 -------- d-----w- c:\documents and settings\04890\application data\DriverCure
2012-12-26 12:39:34 -------- d-----w- c:\documents and settings\04890\application data\ParetoLogic
2012-12-26 11:25:55 -------- d-----w- c:\program files\ParetoLogic
2012-12-26 11:25:54 -------- d-----w- c:\program files\common files\ParetoLogic
2012-12-26 11:25:54 -------- d-----w- c:\documents and settings\all users\application data\ParetoLogic
2012-12-24 11:18:31 -------- d-----w- c:\documents and settings\04890\application data\Uwmyy
2012-12-24 11:18:31 -------- d-----w- c:\documents and settings\04890\application data\Hapays
2012-12-24 11:18:31 -------- d-----w- c:\documents and settings\04890\application data\Feunog
2012-12-23 22:31:57 -------- d-----w- c:\documents and settings\04890\application data\Yhmyb
2012-12-23 22:31:57 -------- d-----w- c:\documents and settings\04890\application data\Wasi
2012-12-23 22:31:57 -------- d-----w- c:\documents and settings\04890\application data\Fimo
2012-12-22 18:37:33 -------- d-----w- c:\documents and settings\04890\application data\Qifaf
2012-12-22 18:37:33 -------- d-----w- c:\documents and settings\04890\application data\Lyuhy
2012-12-22 18:37:33 -------- d-----w- c:\documents and settings\04890\application data\Egwy
2012-12-22 10:37:40 -------- d-----w- c:\documents and settings\04890\application data\Xyywdo
2012-12-22 10:37:40 -------- d-----w- c:\documents and settings\04890\application data\Tyidv
2012-12-22 10:37:40 -------- d-----w- c:\documents and settings\04890\application data\Dadeo
2012-12-21 18:14:15 -------- d-----w- c:\documents and settings\04890\application data\Urapb
2012-12-21 18:14:15 -------- d-----w- c:\documents and settings\04890\application data\Eqimu
2012-12-21 18:14:15 -------- d-----w- c:\documents and settings\04890\application data\Afsuu
2012-12-21 10:13:24 -------- d-----w- c:\documents and settings\04890\application data\Noepr
2012-12-21 10:13:24 -------- d-----w- c:\documents and settings\04890\application data\Neryto
2012-12-21 10:13:24 -------- d-----w- c:\documents and settings\04890\application data\Avel
2012-12-21 00:48:12 -------- d-----w- c:\documents and settings\04890\application data\Uxukq
2012-12-21 00:48:12 -------- d-----w- c:\documents and settings\04890\application data\Uxma
2012-12-21 00:48:12 -------- d-----w- c:\documents and settings\04890\application data\Aroso
2012-12-16 19:15:17 -------- d-----w- c:\program files\NCH Software
2012-12-16 19:15:15 -------- d-----w- c:\documents and settings\04890\application data\NCH Software
2012-12-16 18:00:41 -------- d-----w- c:\documents and settings\04890\application data\avidemux
2012-12-16 18:00:15 -------- d-----w- c:\program files\Avidemux 2.6
2012-12-14 14:13:13 -------- d-----w- c:\documents and settings\04890\local settings\application data\DNV_KEMA
2012-12-14 14:08:29 -------- d-----w- c:\documents and settings\04890\application data\DNV KEMA
2012-12-11 19:07:46 -------- d-----w- c:\program files\Citrix
2012-12-11 19:07:29 60304 ----a-w- c:\documents and settings\04890\g2mdlhlpx.exe
2012-12-10 10:13:11 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
.
==================== Find3M ====================
.
2012-12-12 20:17:54 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 20:17:54 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-07 08:38:18 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-11-07 08:38:18 90368 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-11-07 08:38:18 87816 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-07 08:38:18 75656 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
2012-11-07 08:38:18 59616 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-11-07 08:38:18 477584 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-07 08:38:18 23112 ----a-w- c:\windows\system32\MFEOtlk.dll
2012-11-07 08:38:18 215024 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-07 08:38:18 159640 ----a-w- c:\windows\system32\mfevtps.exe
2012-11-07 08:38:18 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-11-01 20:15:07 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-01 20:15:04 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-01 20:15:03 746984 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 22:50:39.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:10 PM

Posted 26 December 2012 - 06:27 PM

Hi!

I see you mention this being a work related computer, does your work have any policies on how you must deal with an infected computer?

I ask because:

  • There may be restrictions and modifications installed on such machines that could be damaged or altered by the actions we take to remove Malware.
  • Any infection could jump terminals in a computer network.
  • There may also be legal issues regarding any loss of business data that I do not wish to deal with.
  • Some people who come here use their computers for work, and the computers may contain the patient records of a physician or the financial records of an accountant's clients or credit card and bank account information of their employer's customers.
  • There may be tremendous risks and legal liability for such users for not fully securing the computer. We will not know this unless we ask. We do not want to be accidentally putting those we help in vulnerable positions for lawsuits.
  • Business factors outweigh technical factors in making the reformat and reinstall decision. Sometimes friends give missing CDs or lack of expertise as a reason for not doing a reformat and reinstall.
  • The cost of replacing missing Windows XP and MS Office CDs and getting an Microsoft Certified Systems Engineer to come in for 3 hours to do the reinstall and apply all the critical updates, is trivial compared with the potential cost of a multi-million dollar lawsuit for breach of trust if confidential client or patient information is disclosed.
  • In specific situations where highly confidential information about others is on the computer, and a backdoor virus or trojan is found, we are helping people more by identifying that they have a backdoor trojan which puts them in a particularly vulnerable situation and sending them to seek local professional help from a Microsoft Certified Systems Engineer or Certified Information Systems Security Professional or Global Information Assurance Certification Certified Security Expert or Certified Computing Professional or Internet Service Provider than we would be trying to fully resolve their problems long distance.

If despite the above you wish to continue with this topic, please let me know.

Edited by SweetTech, 26 December 2012 - 06:31 PM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 krooney

krooney
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 27 December 2012 - 06:49 AM

Hi sweettech. Thanks for your reply. The above issues should not be a problem so please continue with the topic. Thanks

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:10 PM

Posted 29 December 2012 - 02:58 PM

Perfect. I will have instructions for you to complete in a little while.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:10 PM

Posted 29 December 2012 - 03:10 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

SPYBOT TEATIMER
  • Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
  • On the left hand side, click on Tools, then click on the Resident Icon in the list.
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • Click on the "System Startup" icon in the List
  • Uncheck the "TeaTimer" box and "OK" any prompts.
  • If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
  • Exit Spybot S&D when done.
  • (When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    %systemroot%\*. /rp /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



Running aswMBR.exe

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image



NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL.txt & Extras.txt log files.
3. aswMBR.txt log file.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 krooney

krooney
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 30 December 2012 - 05:43 PM

Hi sweettech. Thanks for your post. A quick question...
I have spybot s&d version 2.0.12.0 . I cannot follow the instructions you mention for spybot because i think it may correspond to a different version. I cannot find the tea timer option after a quick look...can you please advise on whether i should have a different version.

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:10 PM

Posted 30 December 2012 - 06:06 PM

Hi!

So sorry about that.

I'm not sure if version 2 of Spybot S&D comes with the TeaTimer option. Please ignore that instruction for the time being and continue on with the rest of the instructions in my previous post.

-St.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 krooney

krooney
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 31 December 2012 - 09:26 AM

1. Some notes - I downloaded the latest Avast anti-virus definitions when the aswMBR program asked me if I wanted to. I hope this is okay.
McAfee and Malware AntiBytes are running in the background during all of the scans you asked me to perform.

2.

OTL logfile created on: 31/12/2012 13:44:20 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\04890\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.49 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 72.57% Memory free
5.33 Gb Paging File | 4.43 Gb Available in Paging File | 83.20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 9.30 Gb Free Space | 11.90% Space Free | Partition Type: NTFS
Drive D: | 154.76 Gb Total Space | 154.62 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
Drive E: | 7.43 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ARN-303014-L | User Name: 04890 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/30 23:05:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\04890\Desktop\OTL.exe
PRC - [2012/12/06 13:29:56 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/11/13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/11/07 09:38:18 | 000,159,640 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2012/11/07 09:38:17 | 000,167,344 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2012/11/01 21:15:05 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/10/29 09:59:15 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\04890\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/14 20:08:00 | 000,033,944 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2012/03/19 12:47:02 | 006,766,976 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\Teamviewer\Version7\TeamViewer.exe
PRC - [2012/03/19 12:47:02 | 002,667,392 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\Teamviewer\Version7\TeamViewer_Service.exe
PRC - [2012/03/19 12:29:38 | 000,106,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\Teamviewer\Version7\tv_w32.exe
PRC - [2011/11/15 15:06:00 | 000,345,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2011/11/15 15:06:00 | 000,333,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2011/11/15 15:06:00 | 000,132,672 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2011/11/15 15:06:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2011/10/24 07:59:46 | 000,095,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor Enterprise\saHookMain.exe
PRC - [2011/10/24 07:59:30 | 000,165,440 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
PRC - [2011/09/14 19:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2010/12/21 10:53:40 | 001,483,264 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2010/12/08 13:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/11/16 13:48:32 | 000,152,576 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/10/27 08:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/10/14 01:44:02 | 000,396,096 | ---- | M] (ManageSoft Corp) -- C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
PRC - [2009/10/14 01:43:56 | 002,735,936 | ---- | M] (ManageSoft Corp) -- C:\Program Files\ManageSoft\Launcher\ndserv.exe
PRC - [2009/10/14 01:43:02 | 000,707,392 | ---- | M] (ManageSoft Corp) -- C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
PRC - [2009/10/14 00:45:56 | 001,070,080 | ---- | M] (ManageSoft Corp) -- C:\Program Files\ManageSoft\Security Agent\mgssecsvc.exe
PRC - [2009/10/14 00:25:04 | 001,400,320 | ---- | M] (ManageSoft Corp) -- C:\Program Files\ManageSoft\Launcher\mgsdl.exe
PRC - [2009/02/25 00:00:00 | 000,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OA001Mon.exe
PRC - [2009/02/23 18:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2009/02/23 10:08:10 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/02/23 10:08:10 | 000,254,034 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\DellXPM09B_6159v043\WDM\stacsv.exe
PRC - [2008/12/16 14:41:44 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/11/11 16:35:22 | 000,020,840 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
PRC - [2008/11/11 16:35:20 | 000,808,296 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
PRC - [2008/10/02 13:04:14 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/09/16 20:03:50 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/08/28 15:20:22 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/08/15 08:51:34 | 001,448,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/08/15 08:51:34 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/25 17:23:36 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2006/10/20 16:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2004/07/16 14:59:48 | 000,053,248 | ---- | M] (VAI bv) -- C:\Program Files\VAI ID-Suite\LogonProcessor\LPAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/12 21:17:53 | 014,586,296 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2012/12/06 13:29:55 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/08/23 09:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2011/11/03 16:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/10/14 01:36:44 | 000,667,968 | ---- | M] () -- C:\Program Files\ManageSoft\Usage Agent\mgsiebho.dll
MOD - [2008/08/15 08:46:30 | 002,854,912 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2008/08/15 08:43:46 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2008/08/12 09:16:16 | 002,023,424 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2008/07/29 12:47:56 | 000,016,384 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2008/07/29 12:47:38 | 000,135,168 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2008/07/29 12:11:18 | 000,253,952 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2008/07/29 12:01:12 | 007,331,840 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll
MOD - [2008/07/29 11:50:26 | 000,364,544 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/04/18 18:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\ccme_base.dll
MOD - [2007/04/18 18:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2012/12/12 21:17:55 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/06 13:29:55 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/07 09:38:18 | 000,159,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2012/11/07 09:38:17 | 000,167,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/11/01 21:15:05 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/05/30 19:00:10 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/05/03 07:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/19 12:47:02 | 002,667,392 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\Teamviewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/11/15 15:06:00 | 000,132,672 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2011/10/24 07:59:30 | 000,165,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)
SRV - [2011/09/14 19:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2010/12/08 13:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/10/14 01:43:56 | 002,735,936 | ---- | M] (ManageSoft Corp) [Auto | Running] -- C:\Program Files\ManageSoft\Launcher\ndserv.exe -- (ndGlobalLauncher)
SRV - [2009/10/14 01:43:02 | 000,707,392 | ---- | M] (ManageSoft Corp) [Auto | Running] -- C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe -- (ndinit)
SRV - [2009/10/14 00:45:56 | 001,070,080 | ---- | M] (ManageSoft Corp) [Auto | Running] -- C:\Program Files\ManageSoft\Security Agent\mgssecsvc.exe -- (mgssecsvc)
SRV - [2009/10/14 00:25:04 | 001,400,320 | ---- | M] (ManageSoft Corp) [Auto | Running] -- C:\Program Files\ManageSoft\Launcher\mgsdl.exe -- (mgsdl)
SRV - [2009/02/23 10:08:10 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\DellXPM09B_6159v043\WDM\stacsv.exe -- (STacSV)
SRV - [2008/11/11 16:35:22 | 000,020,840 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2008/11/11 16:35:20 | 000,808,296 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2004/07/16 14:59:48 | 000,053,248 | ---- | M] (VAI bv) [Auto | Running] -- C:\Program Files\VAI ID-Suite\LogonProcessor\LPAgent.exe -- (LPAgent)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/11/07 09:38:18 | 000,477,584 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/11/07 09:38:18 | 000,215,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/11/07 09:38:18 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/11/07 09:38:18 | 000,090,368 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2012/11/07 09:38:18 | 000,087,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/11/07 09:38:18 | 000,059,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/10/20 06:46:26 | 000,035,448 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\covpndrv.sys -- (urvpndrv)
DRV - [2010/10/20 06:46:18 | 000,010,744 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\urfltw2k.sys -- (f5ipfw)
DRV - [2010/07/30 13:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/07/26 11:24:46 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009/03/09 00:06:00 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009/03/06 14:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/23 10:08:10 | 001,545,795 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/12/16 14:41:44 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/11/24 17:32:52 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/11/24 17:32:48 | 000,991,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/11/19 07:18:20 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress)
DRV - [2008/11/11 16:32:10 | 000,032,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2008/11/11 16:32:08 | 000,035,880 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/11/11 16:32:08 | 000,012,840 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ccidflt.sys -- (CCIDFILTER)
DRV - [2008/08/26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/24 18:42:48 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/06/26 06:15:34 | 003,630,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2007/06/08 00:00:02 | 000,148,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA001Afx.sys -- (OA001Afx)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2004/03/24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4074535442-1515935186-3691330799-108844\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://intouch.kema.intra/
IE - HKU\S-1-5-21-4074535442-1515935186-3691330799-108844\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4074535442-1515935186-3691330799-108844\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4074535442-1515935186-3691330799-108844\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\04890\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\04890\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\04890\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\mgsusageagent@managesoft.com: C:\Program Files\ManageSoft\Usage Agent\mgsusageagent\ [2012/03/27 12:28:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/12/31 13:04:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/06 13:29:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/04/26 09:23:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\04890\Application Data\Mozilla\Extensions
[2012/10/23 19:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\04890\Application Data\Mozilla\Firefox\Profiles\5vat8qy4.default\extensions
[2012/04/26 09:23:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/06 13:29:56 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/29 15:38:08 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/12/06 13:29:53 | 000,002,616 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
[2012/12/06 13:29:53 | 000,004,771 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
[2012/12/06 13:29:53 | 000,001,262 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml

========== Chrome ==========

CHR - homepage: http://www.google.co.uk/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\04890\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\04890\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\04890\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\04890\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: SiteAdvisor Enterprise (Enabled) = C:\Documents and Settings\04890\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\feobgjncdknhelkhjpiejdbpliekmfaj\3.5.0.0_0\McChPlg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\04890\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\04890\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\04890\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\04890\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: McAfee SiteAdvisor Enterprise = C:\Documents and Settings\04890\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\feobgjncdknhelkhjpiejdbpliekmfaj\3.5.0.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\04890\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/12/29 17:56:09 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ManageSoft Web Application Tracker) - {30A22EC9-42D0-4D46-A2F7-7516419F943D} - C:\Program Files\ManageSoft\Usage Agent\mgsiebho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121107093904.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OA001Mon] C:\WINDOWS\OA001Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SchedulingAgent_nDG] C:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe (ManageSoft Corp)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-4074535442-1515935186-3691330799-108844..\Run: [Facebook Update] "C:\Documents and Settings\04890\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKU\S-1-5-21-4074535442-1515935186-3691330799-108844..\Run: [Oxihi] C:\Documents and Settings\04890\Application Data\Uxukq\fior.exe ()
O4 - HKU\S-1-5-21-4074535442-1515935186-3691330799-108844..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-4074535442-1515935186-3691330799-108844..\Run: [Spotify Web Helper] C:\Documents and Settings\04890\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Documents and Settings\04890\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Documents and Settings\04890\Start Menu\Programs\Startup\Yammer.lnk = C:\Program Files\Yammer\Yammer.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4074535442-1515935186-3691330799-108844\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4074535442-1515935186-3691330799-108844\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
O7 - HKU\S-1-5-21-4074535442-1515935186-3691330799-108844\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O15 - HKU\S-1-5-21-4074535442-1515935186-3691330799-108844\..Trusted Domains: dekra.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-4074535442-1515935186-3691330799-108844\..Trusted Domains: dnv.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-4074535442-1515935186-3691330799-108844\..Trusted Domains: dnv.com ([inside] https in Local intranet)
O15 - HKU\S-1-5-21-4074535442-1515935186-3691330799-108844\..Trusted Domains: dnv.com ([itgsc] https in Local intranet)
O15 - HKU\S-1-5-21-4074535442-1515935186-3691330799-108844\..Trusted Domains: kema.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-4074535442-1515935186-3691330799-108844\..Trusted Domains: kema.com ([portal] https in Trusted sites)
O15 - HKU\S-1-5-21-4074535442-1515935186-3691330799-108844\..Trusted Domains: kema.intra ([]* in Local intranet)
O15 - HKU\S-1-5-21-4074535442-1515935186-3691330799-108844\..Trusted Domains: kema.nl ([]* in Local intranet)
O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} https://portal.kema.com/vdesk/terminal/f5opswati.cab#Version=7001,2010,1027,1125 (OPSWAT AntiViruses Class)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://portal.kema.com/vdesk/terminal/urxvpn.cab#version=7000,2010,1020,1444 (F5 Networks VPN Manager)
O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} https://portal.kema.com/vdesk/terminal/f5opswati.cab#Version=7001,2010,1027,1125 (OPSWAT FireWalls Class)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://portal.kema.com/vdesk/terminal/f5tunsrv.cab#version=7000,2010,1020,1433 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://portal.kema.com/vdesk/terminal/InstallerControl.cab (F5 Networks Auto Update)
O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9} https://portal.kema.com/vdesk/terminal/f5opswati.cab#Version=7001,2010,1027,1125 (OPSWAT ProcessesScanner Class)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} https://portal.kema.com/vdesk/terminal/f5InspectionHost.cab#version=7000,2010,1020,1407 (F5 Networks Policy Agent Host Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277099725765 (WUWebControl Class)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://portal.kema.com/vdesk/terminal/urxshost.cab#version=7000,2010,1020,1428 (F5 Networks SuperHost Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://portal.kema.com/vdesk/terminal/urxhost.cab#version=7000,2010,1020,1502 (F5 Networks Host Control)
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} https://portal.kema.com/policy/download_binary.php/win32/f5syschk.cab#Version=7000,2010,1020,1432 (F5 Networks OS Policy Agent)
O16 - DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} https://portal.kema.com/vdesk/terminal/f5opswati.cab#Version=7001,2010,1027,1125 (F5 Networks OPSWAT Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kema.intra
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2940929C-4071-4069-9536-F0D40E04D144}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\04890\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\04890\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/13 13:49:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/31 00:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Desktop\ps3
[2012/12/30 23:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\My Documents\ProcAlyzer Dumps
[2012/12/30 23:27:31 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\04890\Desktop\aswMBR.exe
[2012/12/30 23:27:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\04890\Desktop\OTL.exe
[2012/12/30 22:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Tuiza
[2012/12/30 22:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Ivhie
[2012/12/30 22:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Cyize
[2012/12/29 15:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Idxyi
[2012/12/29 15:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Exubq
[2012/12/29 15:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Ciev
[2012/12/26 22:45:53 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\04890\Desktop\dds.com
[2012/12/26 22:04:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/12/26 22:04:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/12/26 22:04:19 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2012/12/26 22:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2012/12/26 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Malwarebytes
[2012/12/26 14:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/26 14:00:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/12/26 13:59:56 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/12/26 13:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/12/26 13:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\DriverCure
[2012/12/26 13:39:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\ParetoLogic
[2012/12/26 12:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Start Menu\Programs\ParetoLogic
[2012/12/26 12:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2012/12/26 12:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2012/12/26 12:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/12/24 12:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Uwmyy
[2012/12/24 12:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Hapays
[2012/12/24 12:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Feunog
[2012/12/23 23:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Yhmyb
[2012/12/23 23:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Wasi
[2012/12/23 23:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Fimo
[2012/12/22 19:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Qifaf
[2012/12/22 19:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Lyuhy
[2012/12/22 19:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Egwy
[2012/12/22 11:37:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Xyywdo
[2012/12/22 11:37:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Tyidv
[2012/12/22 11:37:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Dadeo
[2012/12/21 19:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Urapb
[2012/12/21 19:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Eqimu
[2012/12/21 19:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Afsuu
[2012/12/21 11:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Noepr
[2012/12/21 11:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Neryto
[2012/12/21 11:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Avel
[2012/12/21 01:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Uxukq
[2012/12/21 01:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Uxma
[2012/12/21 01:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Aroso
[2012/12/18 10:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\My Documents\targets
[2012/12/17 23:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\My Documents\VideoPad Projects
[2012/12/16 20:16:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2012/12/16 20:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Video Related Programs
[2012/12/16 20:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite
[2012/12/16 20:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2012/12/16 20:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\NCH Software
[2012/12/16 19:00:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\avidemux
[2012/12/16 19:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avidemux
[2012/12/16 19:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\Avidemux 2.6
[2012/12/14 15:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Local Settings\Application Data\DNV_KEMA
[2012/12/14 15:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\DNV KEMA
[2012/12/11 20:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2012/12/10 09:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Start Menu\Programs\DNV Kema OTL Client
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/31 13:51:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B34D7B44-61EE-474E-8919-1D59D8810932}.job
[2012/12/31 13:17:15 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/31 13:13:38 | 000,000,546 | ---- | M] () -- C:\WINDOWS\tasks\MATLAB R2012a Startup Accelerator.job
[2012/12/31 13:06:44 | 000,248,841 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012/12/31 13:06:43 | 000,195,312 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/12/31 13:06:28 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3 Startup Task.job
[2012/12/31 13:06:27 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/12/31 13:06:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/31 13:06:00 | 000,001,136 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4074535442-1515935186-3691330799-108844UA.job
[2012/12/31 13:03:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/31 01:11:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2012/12/31 01:02:00 | 000,001,154 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-4074535442-1515935186-3691330799-108844UA.job
[2012/12/31 00:41:56 | 027,744,186 | ---- | M] () -- C:\Documents and Settings\04890\Desktop\thing.avi
[2012/12/31 00:34:50 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\04890\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/31 00:26:49 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\04890\Start Menu\Programs\Startup\Yammer.lnk
[2012/12/30 23:29:39 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2012/12/30 23:06:10 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\04890\Desktop\aswMBR.exe
[2012/12/30 23:05:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\04890\Desktop\OTL.exe
[2012/12/29 17:56:09 | 000,000,732 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/12/29 15:55:32 | 000,002,535 | ---- | M] () -- C:\Documents and Settings\04890\Desktop\DNV Kema OTL Client.lnk
[2012/12/26 23:00:50 | 000,000,732 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2012/12/26 22:45:52 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\04890\Desktop\dds.com
[2012/12/26 22:23:12 | 000,000,082 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/12/26 22:04:36 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/12/26 22:04:36 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/12/26 22:04:26 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012/12/26 20:06:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4074535442-1515935186-3691330799-108844Core.job
[2012/12/26 18:00:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2012/12/26 14:01:01 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/26 12:25:59 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\04890\Desktop\ParetoLogic PC Health Advisor.lnk
[2012/12/26 12:25:59 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2012/12/26 12:25:58 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2012/12/23 13:51:58 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
[2012/12/21 16:04:07 | 000,000,732 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
[2012/12/21 13:09:02 | 000,000,210 | ---- | M] () -- C:\Documents and Settings\04890\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to 04890 on 'arn-srv-fil-002home' (H).lnk
[2012/12/20 10:02:00 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-4074535442-1515935186-3691330799-108844Core.job
[2012/12/19 17:16:31 | 000,222,425 | ---- | M] () -- C:\Documents and Settings\04890\Desktop\BoardingPass-1.pdf
[2012/12/19 14:11:30 | 000,001,868 | RHS- | M] () -- C:\Documents and Settings\04890\ntuser.pol
[2012/12/18 14:58:07 | 000,248,841 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2012/12/16 20:15:41 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VideoPad Video Editor.lnk
[2012/12/13 10:08:03 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\04890\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/11 20:07:32 | 000,060,304 | ---- | M] () -- C:\Documents and Settings\04890\g2mdlhlpx.exe
[2012/12/10 11:13:18 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012/12/10 11:13:17 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/12/05 21:04:33 | 003,891,294 | ---- | M] () -- C:\Documents and Settings\04890\Desktop\Quantitative_and_Empirical_Analysis_of_Energy_Markets.rar
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/31 00:38:57 | 027,744,186 | ---- | C] () -- C:\Documents and Settings\04890\Desktop\thing.avi
[2012/12/26 22:23:12 | 000,000,082 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/12/26 22:04:36 | 000,000,620 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/12/26 22:04:36 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/12/26 22:04:36 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/12/26 22:04:26 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/12/26 22:04:26 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012/12/26 14:01:01 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/26 13:39:37 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2012/12/26 12:25:59 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\04890\Desktop\ParetoLogic PC Health Advisor.lnk
[2012/12/26 12:25:59 | 000,000,470 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3 Startup Task.job
[2012/12/26 12:25:59 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2012/12/26 12:25:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2012/12/26 12:25:58 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2012/12/23 13:51:58 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
[2012/12/19 17:16:31 | 000,222,425 | ---- | C] () -- C:\Documents and Settings\04890\Desktop\BoardingPass-1.pdf
[2012/12/16 20:15:41 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoPad Video Editor.lnk
[2012/12/16 20:15:41 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VideoPad Video Editor.lnk
[2012/12/11 20:07:29 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\04890\g2mdlhlpx.exe
[2012/12/10 11:13:18 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012/12/10 11:13:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/12/10 09:37:29 | 000,002,535 | ---- | C] () -- C:\Documents and Settings\04890\Desktop\DNV Kema OTL Client.lnk
[2012/12/05 21:04:10 | 003,891,294 | ---- | C] () -- C:\Documents and Settings\04890\Desktop\Quantitative_and_Empirical_Analysis_of_Energy_Markets.rar
[2012/08/14 22:41:38 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\04890\.recently-used.xbel
[2012/07/09 20:10:57 | 000,000,063 | ---- | C] () -- C:\Documents and Settings\04890\Application Data\sced.config.json
[2012/06/18 15:03:40 | 000,056,136 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/06/05 20:20:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\f5unistall.INI
[2012/05/26 21:31:10 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\04890\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/04 17:11:24 | 000,504,575 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-4074535442-1515935186-3691330799-108844-0.dat
[2012/04/04 17:11:23 | 000,269,198 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/04/02 13:19:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/27 12:26:04 | 000,005,126 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/03/27 12:24:15 | 000,001,868 | RHS- | C] () -- C:\Documents and Settings\04890\ntuser.pol
[2012/03/27 06:30:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

========== ZeroAccess Check ==========

[2009/01/13 15:32:24 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/21 19:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Afsuu
[2012/12/21 01:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Aroso
[2012/12/21 11:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Avel
[2012/12/31 00:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\avidemux
[2012/06/09 15:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\calibre
[2012/12/29 15:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Ciev
[2012/12/30 22:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Cyize
[2012/12/22 11:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Dadeo
[2012/12/14 15:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\DNV KEMA
[2012/12/26 13:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\DriverCure
[2012/12/22 19:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Egwy
[2012/12/21 19:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Eqimu
[2012/12/29 15:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Exubq
[2012/12/24 12:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Feunog
[2012/12/23 23:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Fimo
[2012/08/14 22:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\gedit
[2012/12/24 12:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Hapays
[2012/12/29 15:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Idxyi
[2012/12/30 22:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Ivhie
[2012/04/17 08:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\KEMA
[2012/12/22 19:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Lyuhy
[2012/03/27 12:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\ManageSoft Corp
[2012/12/21 11:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Neryto
[2012/12/21 11:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Noepr
[2012/03/27 14:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Nokia
[2012/11/23 16:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\NREL
[2012/05/18 07:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Oracle
[2012/12/26 13:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\ParetoLogic
[2012/03/27 14:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\PC Suite
[2012/04/04 10:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\PLEXOS
[2012/12/22 19:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Qifaf
[2012/11/01 21:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\RETScreen
[2012/12/25 02:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Spotify
[2012/12/30 22:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Tuiza
[2012/12/22 11:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Tyidv
[2012/12/21 19:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Urapb
[2012/12/31 01:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\uTorrent
[2012/12/24 12:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Uwmyy
[2012/12/31 13:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Uxma
[2012/12/21 01:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Uxukq
[2012/12/23 23:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Wasi
[2012/03/27 14:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Windows Desktop Search
[2012/04/20 14:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Windows Search
[2012/12/22 11:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Xyywdo
[2012/06/18 14:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Yammer
[2012/12/23 23:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\04890\Application Data\Yhmyb
[2012/10/09 14:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2012/08/15 20:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/06/05 20:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F5 Networks
[2012/03/27 14:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2012/03/27 12:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ManageSoft Corp
[2012/12/26 12:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/03/27 14:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012/05/30 19:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2012/03/27 14:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall

========== Purity Check ==========



========== Custom Scans ==========

< %systemroot%\*. /rp /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >
[2009/01/13 13:48:19 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/01/13 13:52:42 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2012/03/27 06:57:51 | 000,000,438 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B34D7B44-61EE-474E-8919-1D59D8810932}.job
[2012/04/06 09:31:09 | 000,000,940 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2012/05/14 18:51:12 | 000,001,084 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4074535442-1515935186-3691330799-108844Core.job
[2012/05/14 18:51:12 | 000,001,136 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4074535442-1515935186-3691330799-108844UA.job
[2012/05/15 20:52:45 | 000,001,132 | ---- | C] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4074535442-1515935186-3691330799-108844Core.job
[2012/05/15 20:52:45 | 000,001,154 | ---- | C] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4074535442-1515935186-3691330799-108844UA.job
[2012/06/17 14:12:53 | 000,000,546 | ---- | C] () -- C:\WINDOWS\Tasks\MATLAB R2012a Startup Accelerator.job
[2012/12/23 13:51:58 | 000,000,280 | ---- | C] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job
[2012/12/26 12:25:58 | 000,000,358 | ---- | C] () -- C:\WINDOWS\Tasks\PC Health Advisor.job
[2012/12/26 12:25:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\Tasks\PC Health Advisor Defrag.job
[2012/12/26 12:25:59 | 000,000,418 | ---- | C] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
[2012/12/26 12:25:59 | 000,000,470 | ---- | C] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job
[2012/12/26 13:39:37 | 000,000,444 | ---- | C] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2012/12/26 22:04:36 | 000,000,446 | ---- | C] () -- C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
[2012/12/26 22:04:36 | 000,000,616 | ---- | C] () -- C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/12/26 22:04:36 | 000,000,620 | ---- | C] () -- C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/12/06 13:29:53 | 000,891,752 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/12/06 13:29:53 | 000,891,752 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/12/06 13:29:53 | 000,891,752 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/12/06 13:29:56 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/12/06 13:29:56 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/12/06 13:29:56 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\04890\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/12/05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\04890\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/12/05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\04890\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/12/05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\04890\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/12/05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/28 13:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/28 13:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/28 13:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/12/06 13:29:53 | 000,891,752 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/12/06 13:29:53 | 000,891,752 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/12/06 13:29:53 | 000,891,752 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/12/06 13:29:56 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/12/06 13:29:56 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/12/06 13:29:56 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\04890\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/12/05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\04890\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/12/05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\04890\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/12/05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\04890\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/12/05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/28 13:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/28 13:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/28 13:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoUpdate" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35] -> C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 -> Junction

< End of report >

3.

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-31 13:56:51
-----------------------------
13:56:51.265 OS Version: Windows 5.1.2600 Service Pack 3
13:56:51.265 Number of processors: 2 586 0x170A
13:56:51.265 ComputerName: ARN-303014-L UserName: 04890
13:56:52.515 Initialize success
14:21:30.515 AVAST engine defs: 12123100
14:23:54.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:23:54.953 Disk 0 Vendor: ST925041 0003 Size: 238475MB BusType: 3
14:23:54.984 Disk 0 MBR read successfully
14:23:54.984 Disk 0 MBR scan
14:23:55.015 Disk 0 Windows XP default MBR code
14:23:55.015 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 80003 MB offset 63
14:23:55.046 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 158469 MB offset 163846935
14:23:55.078 Disk 0 scanning sectors +488392065
14:23:55.171 Disk 0 scanning C:\WINDOWS\system32\drivers
14:24:07.734 Service scanning
14:24:32.031 Modules scanning
14:24:36.734 Disk 0 trace - called modules:
14:24:36.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:24:36.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b0648a0]
14:24:36.750 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8b065030]
14:24:40.640 AVAST engine scan C:\WINDOWS
14:24:50.687 AVAST engine scan C:\WINDOWS\system32
14:27:43.375 AVAST engine scan C:\WINDOWS\system32\drivers
14:27:58.015 AVAST engine scan C:\Documents and Settings\04890
14:28:00.281 File: C:\Documents and Settings\04890\Application Data\Afsuu\odci.exe **INFECTED** Win32:Malware-gen
14:28:01.609 File: C:\Documents and Settings\04890\Application Data\Dadeo\arpa.exe **INFECTED** Win32:Malware-gen
14:28:02.140 File: C:\Documents and Settings\04890\Application Data\Egwy\edwat.exe **INFECTED** Win32:Malware-gen
14:28:02.578 File: C:\Documents and Settings\04890\Application Data\Feunog\ilosa.exe **INFECTED** Win32:Malware-gen
14:28:03.109 File: C:\Documents and Settings\04890\Application Data\Idxyi\usibi.exe **INFECTED** Win32:Malware-gen
14:28:37.921 File: C:\Documents and Settings\04890\Application Data\Noepr\pyuf.exe **INFECTED** Win32:Malware-gen
14:29:05.671 File: C:\Documents and Settings\04890\Application Data\Uxukq\fior.exe **INFECTED** Win32:Malware-gen
14:29:06.218 File: C:\Documents and Settings\04890\Application Data\Wasi\ocoko.exe **INFECTED** Win32:Malware-gen
15:08:29.125 AVAST engine scan C:\Documents and Settings\All Users
15:13:59.546 Scan finished successfully
15:18:22.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\04890\Desktop\MBR.dat"
15:18:22.718 The log file has been saved successfully to "C:\Documents and Settings\04890\Desktop\aswMBR.txt"




4. In terms of how my computer is running, the problems I mentioned in my first post still persist. For example I cannot access the bleepingcomputer website on this laptop. Additionally, the startup of the computer is quite slow when windows first loads the desktop page...slower than usual at least. Perhaps this is due to the Malware antibytes program also loading up now when starting the computer, but I am not sure. The computer overall seems a bit slower, but not too much.

Malware Antibyes occasionally blocks some outgoing connection attempts.

Also when I startup, the windows firewall (which wasn't activated before this stuff happened) blocks some activties of windows explorer. I dont know if this would have happened anyway or not, because I didnt use to have the firewall on.

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:10 PM

Posted 31 December 2012 - 02:49 PM

Hi!

1. Some notes - I downloaded the latest Avast anti-virus definitions when the aswMBR program asked me if I wanted to. I hope this is okay.

Yes that is perfectly fine.

Thanks for the update. This malware is what is causing all of these issues.

Please run these instructions below, and let me know if things change.

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    O4 - HKU\S-1-5-21-4074535442-1515935186-3691330799-108844..\Run: [Facebook Update] "C:\Documents and Settings\04890\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
    O4 - HKU\S-1-5-21-4074535442-1515935186-3691330799-108844..\Run: [Oxihi] C:\Documents and Settings\04890\Application Data\Uxukq\fior.exe ()
    [2012/12/30 22:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Tuiza
    [2012/12/30 22:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Ivhie
    [2012/12/30 22:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Cyize
    [2012/12/29 15:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Idxyi
    [2012/12/29 15:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Exubq
    [2012/12/29 15:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Ciev
    [2012/12/24 12:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Uwmyy
    [2012/12/24 12:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Hapays
    [2012/12/24 12:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Feunog
    [2012/12/23 23:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Yhmyb
    [2012/12/23 23:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Wasi
    [2012/12/23 23:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Fimo
    [2012/12/22 19:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Qifaf
    [2012/12/22 19:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Lyuhy
    [2012/12/22 19:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Egwy
    [2012/12/22 11:37:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Xyywdo
    [2012/12/22 11:37:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Tyidv
    [2012/12/22 11:37:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Dadeo
    [2012/12/21 19:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Urapb
    [2012/12/21 19:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Eqimu
    [2012/12/21 19:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Afsuu
    [2012/12/21 11:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Noepr
    [2012/12/21 11:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Neryto
    [2012/12/21 11:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Avel
    [2012/12/21 01:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Uxukq
    [2012/12/21 01:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Uxma
    [2012/12/21 01:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\04890\Application Data\Aroso
    
    :Reg
    
    :Files
    C:\Documents and Settings\04890\Application Data\Afsuu\
    C:\Documents and Settings\04890\Application Data\Dadeo\
    C:\Documents and Settings\04890\Application Data\Egwy\
    C:\Documents and Settings\04890\Application Data\Feunog\
    C:\Documents and Settings\04890\Application Data\Idxyi\
    C:\Documents and Settings\04890\Application Data\Noepr\
    C:\Documents and Settings\04890\Application Data\Uxukq\
    C:\Documents and Settings\04890\Application Data\Wasi\
    C:\Documents and Settings\04890\Application Data\Uxukq\
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 krooney

krooney
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 01 January 2013 - 08:37 AM

Hi sweettech, happy new year! thanks for your help so far.
I ran the otl script with no problems.
However the part where I need to disable any antivirius programs for combifix, I am having a little trouble with.
Because this is a laptop from work, there is some mcafee programs that came preinstalled as part of what seems to be some enterprise software package. These are:

McAfee Agent,
McAfee Site Advisor Enterprise
McAfee VirusScan enterprise + antispyware enterprise

When I right click on the icon in the bottom right of the desktop screen, there is no option to close or disable the software (I have attached screenshot of what I see in case it helps). When I open up the mcafee virus scan console and click on Tools, and then I choose the option to unlock the user interface, I need a password which I do not know.

Do you think it is okay to still run combifix with this mcafee stuff open in the background?

Attached Files



#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:10 PM

Posted 01 January 2013 - 01:10 PM

Hi!

Is there anyway you could get the password for it?? If not, yes, please proceed with running ComboFix.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 krooney

krooney
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 01 January 2013 - 03:02 PM

Hi ST,
I ran combifix without disabling mcafee. In terms of how my computer is running now, the good news is that the HSBC homepage is no longer showing the fake personal details input screen like it used to. Additionally some pages I tried to access before when I wanted to download spybot and malware antibytes are now accessible, and there is no error in connecting to such pages. However when I try to access pages such as the bleepingcomputer website, or support.microsoft.com, there is still a connection error.
So it seems some part of the problem has gone but maybe not completely. I have attached the 2 logs below:


1. OTL log

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry value HKEY_USERS\S-1-5-21-4074535442-1515935186-3691330799-108844\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4074535442-1515935186-3691330799-108844\Software\Microsoft\Windows\CurrentVersion\Run\\Oxihi deleted successfully.
C:\Documents and Settings\04890\Application Data\Uxukq\fior.exe moved successfully.
C:\Documents and Settings\04890\Application Data\Tuiza folder moved successfully.
C:\Documents and Settings\04890\Application Data\Ivhie folder moved successfully.
C:\Documents and Settings\04890\Application Data\Cyize folder moved successfully.
C:\Documents and Settings\04890\Application Data\Idxyi folder moved successfully.
C:\Documents and Settings\04890\Application Data\Exubq folder moved successfully.
C:\Documents and Settings\04890\Application Data\Ciev folder moved successfully.
C:\Documents and Settings\04890\Application Data\Uwmyy folder moved successfully.
C:\Documents and Settings\04890\Application Data\Hapays folder moved successfully.
C:\Documents and Settings\04890\Application Data\Feunog folder moved successfully.
C:\Documents and Settings\04890\Application Data\Yhmyb folder moved successfully.
C:\Documents and Settings\04890\Application Data\Wasi folder moved successfully.
C:\Documents and Settings\04890\Application Data\Fimo folder moved successfully.
C:\Documents and Settings\04890\Application Data\Qifaf folder moved successfully.
C:\Documents and Settings\04890\Application Data\Lyuhy folder moved successfully.
C:\Documents and Settings\04890\Application Data\Egwy folder moved successfully.
C:\Documents and Settings\04890\Application Data\Xyywdo folder moved successfully.
C:\Documents and Settings\04890\Application Data\Tyidv folder moved successfully.
C:\Documents and Settings\04890\Application Data\Dadeo folder moved successfully.
C:\Documents and Settings\04890\Application Data\Urapb folder moved successfully.
C:\Documents and Settings\04890\Application Data\Eqimu folder moved successfully.
C:\Documents and Settings\04890\Application Data\Afsuu folder moved successfully.
C:\Documents and Settings\04890\Application Data\Noepr folder moved successfully.
C:\Documents and Settings\04890\Application Data\Neryto folder moved successfully.
C:\Documents and Settings\04890\Application Data\Avel folder moved successfully.
C:\Documents and Settings\04890\Application Data\Uxukq folder moved successfully.
C:\Documents and Settings\04890\Application Data\Uxma folder moved successfully.
C:\Documents and Settings\04890\Application Data\Aroso folder moved successfully.
========== REGISTRY ==========
========== FILES ==========
Folder C:\Documents and Settings\04890\Application Data\Afsuu not found.
Folder C:\Documents and Settings\04890\Application Data\Dadeo not found.
Folder C:\Documents and Settings\04890\Application Data\Egwy not found.
Folder C:\Documents and Settings\04890\Application Data\Feunog not found.
Folder C:\Documents and Settings\04890\Application Data\Idxyi not found.
Folder C:\Documents and Settings\04890\Application Data\Noepr not found.
Folder C:\Documents and Settings\04890\Application Data\Uxukq not found.
Folder C:\Documents and Settings\04890\Application Data\Wasi not found.
Folder C:\Documents and Settings\04890\Application Data\Uxukq not found.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\WINDOWS\system32\drivers\etc\hosts
C:\Documents and Settings\04890\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\04890\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\04890\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\04890\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: 04890
->Temp folder emptied: 81442264 bytes
->Temporary Internet Files folder emptied: 394656182 bytes
->FireFox cache emptied: 537568637 bytes
->Google Chrome cache emptied: 238791542 bytes
->Flash cache emptied: 15256929 bytes

User: Administrator
->Temp folder emptied: 71417901 bytes
->Temporary Internet Files folder emptied: 8050413 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 69626 bytes

User: NetworkService
->Temp folder emptied: 295392 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4917329 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 86484264 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3722507271 bytes

Total Files Cleaned = 4,925.00 mb


[EMPTYFLASH]

User: 04890
->Flash cache emptied: 0 bytes

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: 04890

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01012013_135159

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\ManageSoft\securityservice.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\ManageSoft\usageagent.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...





2. Combifix log

ComboFix 13-01-01.02 - 04890 01/01/2013 20:30:32.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2890 [GMT 1:00]
Running from: c:\documents and settings\04890\Desktop\ComboFix.exe
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\04890\g2mdlhlpx.exe
c:\windows\EventSystem.log
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-12-01 to 2013-01-01 )))))))))))))))))))))))))))))))
.
.
2013-01-01 12:51 . 2013-01-01 12:51 -------- d-----w- C:\_OTL
2012-12-26 21:04 . 2012-12-30 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-12-26 21:04 . 2009-01-25 11:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-12-26 21:04 . 2012-12-26 21:04 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-12-26 13:02 . 2012-12-26 13:02 -------- d-----w- c:\documents and settings\04890\Application Data\Malwarebytes
2012-12-26 13:00 . 2012-12-26 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-12-26 13:00 . 2012-12-26 13:00 335872 ----a-r- c:\documents and settings\04890\Application Data\Microsoft\Installer\{7993D673-0A79-41DC-AE58-CDA631F5B816}\NewIcon.exe
2012-12-26 12:59 . 2012-12-26 13:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-26 12:59 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-26 12:39 . 2012-12-26 12:39 -------- d-----w- c:\documents and settings\04890\Application Data\DriverCure
2012-12-26 12:39 . 2012-12-26 12:39 -------- d-----w- c:\documents and settings\04890\Application Data\ParetoLogic
2012-12-26 11:25 . 2012-12-26 11:25 -------- d-----w- c:\program files\ParetoLogic
2012-12-26 11:25 . 2012-12-26 11:25 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2012-12-26 11:25 . 2012-12-26 11:25 -------- d-----w- c:\program files\Common Files\ParetoLogic
2012-12-16 19:16 . 2012-12-16 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2012-12-16 19:15 . 2012-12-16 19:15 -------- d-----w- c:\program files\NCH Software
2012-12-16 19:15 . 2012-12-16 19:15 -------- d-----w- c:\documents and settings\04890\Application Data\NCH Software
2012-12-16 18:00 . 2012-12-30 23:41 -------- d-----w- c:\documents and settings\04890\Application Data\avidemux
2012-12-16 18:00 . 2012-12-16 19:52 -------- d-----w- c:\program files\Avidemux 2.6
2012-12-14 14:13 . 2012-12-14 14:13 -------- d-----w- c:\documents and settings\04890\Local Settings\Application Data\DNV_KEMA
2012-12-14 14:08 . 2012-12-14 14:08 -------- d-----w- c:\documents and settings\04890\Application Data\DNV KEMA
2012-12-11 19:07 . 2012-12-11 19:07 -------- d-----w- c:\program files\Citrix
2012-12-10 10:13 . 2008-11-07 17:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 20:17 . 2012-04-06 08:31 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 20:17 . 2012-04-06 08:31 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-07 08:38 . 2012-04-13 08:01 75656 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
2012-11-07 08:38 . 2012-04-13 08:01 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-11-07 08:38 . 2012-04-13 08:01 87816 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-07 08:38 . 2012-04-13 08:01 59616 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-11-07 08:38 . 2012-04-13 08:01 215024 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-07 08:38 . 2012-04-13 08:01 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-11-07 08:38 . 2012-04-13 08:01 477584 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-07 08:38 . 2012-04-13 08:01 90368 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-11-07 08:38 . 2012-04-13 08:01 159640 ----a-w- c:\windows\system32\mfevtps.exe
2012-11-07 08:38 . 2010-10-22 18:07 23112 ----a-w- c:\windows\system32\MFEOtlk.dll
2012-11-01 20:15 . 2012-11-01 20:15 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-01 20:15 . 2012-11-01 20:15 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-01 20:15 . 2012-05-18 06:40 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-06 12:29 . 2012-04-26 08:23 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-20 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
"Spotify Web Helper"="c:\documents and settings\04890\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-10-29 1199576]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-11 13594624]
"nwiz"="nwiz.exe" [2009-03-11 1657376]
"NVHotkey"="nvHotkey.dll" [2009-03-11 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-11 86016]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-10-02 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-02-23 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-12-16 729088]
"OA001Mon"="c:\windows\OA001Mon.exe" [2009-02-24 24576]
"SchedulingAgent_nDG"="c:\program files\ManageSoft\Schedule Agent\ndschedag.exe" [2009-10-14 1406272]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2012-08-14 215656]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-11-15 333376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\04890\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2012-5-30 576000]
Yammer.lnk - c:\program files\Yammer\Yammer.exe [2012-6-18 142336]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 1 (0x1)
"DisallowCpl"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Documents and Settings\\04890\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [13/04/2012 09:01 90368]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [11/11/2008 16:35 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [11/11/2008 16:35 20840]
R2 LPAgent;LPAgent;c:\program files\VAI ID-Suite\LogonProcessor\LPAgent.exe [16/07/2004 14:59 53248]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [26/12/2012 14:00 399432]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [24/10/2011 07:59 165440]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [13/04/2012 09:01 159640]
R2 mgsdl;ManageSoft Peer-to-Peer Download Service;c:\program files\ManageSoft\Launcher\mgsdl.exe [14/10/2009 00:25 1400320]
R2 mgssecsvc;ManageSoft Security Service;c:\program files\ManageSoft\Security Agent\mgssecsvc.exe [14/10/2009 00:45 1070080]
R2 ndGlobalLauncher;ManageSoft installation agent;c:\program files\ManageSoft\Launcher\ndserv.exe [14/10/2009 01:43 2735936]
R2 ndinit;ManageSoft managed device;c:\program files\ManageSoft\Schedule Agent\ndinit.exe [14/10/2009 01:43 707392]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [26/12/2012 22:04 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [26/12/2012 22:04 1369624]
R2 TeamViewer7;TeamViewer 7;c:\program files\Teamviewer\Version7\TeamViewer_Service.exe [19/03/2012 12:47 2667392]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [13/07/2009 10:40 112512]
R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [13/01/2009 15:35 12840]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [13/01/2009 15:35 32808]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [13/01/2009 14:20 244368]
R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [13/07/2009 10:57 148056]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [13/07/2009 10:57 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [13/07/2009 10:57 280096]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [20/10/2010 06:46 35448]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [26/12/2012 14:00 676936]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [26/12/2012 22:04 168384]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [03/05/2012 07:31 158856]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [05/06/2012 20:25 10744]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26/12/2012 13:59 22856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [13/04/2012 09:01 87816]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [27/03/2012 14:37 137600]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 20:17]
.
2013-01-01 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-12-26 13:08]
.
2012-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4074535442-1515935186-3691330799-108844Core.job
- c:\documents and settings\04890\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-14 17:51]
.
2013-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4074535442-1515935186-3691330799-108844UA.job
- c:\documents and settings\04890\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-14 17:51]
.
2013-01-01 c:\windows\Tasks\MATLAB R2012a Startup Accelerator.job
- c:\program files\MATLAB\R2012a\bin\win32\MATLABStartupAccelerator.exe [2012-06-17 02:08]
.
2012-12-26 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2012-06-27 21:07]
.
2013-01-01 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07]
.
2012-12-26 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07]
.
2012-12-26 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2012-06-25 23:02]
.
2012-12-31 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2012-06-25 23:02]
.
2012-12-26 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-12-26 13:07]
.
2012-12-26 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-12-26 13:07]
.
2013-01-01 c:\windows\Tasks\User_Feed_Synchronization-{B34D7B44-61EE-474E-8919-1D59D8810932}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
2012-12-23 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2012-12-16 19:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://intouch.kema.intra/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: kema.com\portal
TCP: DhcpNameServer = 192.168.0.1
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - hxxps://portal.kema.com/vdesk/terminal/f5opswati.cab#Version=7001,2010,1027,1125
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - hxxps://portal.kema.com/vdesk/terminal/f5opswati.cab#Version=7001,2010,1027,1125
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - hxxps://portal.kema.com/vdesk/terminal/f5opswati.cab#Version=7001,2010,1027,1125
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - hxxps://portal.kema.com/vdesk/terminal/f5opswati.cab#Version=7001,2010,1027,1125
FF - ProfilePath - c:\documents and settings\04890\Application Data\Mozilla\Firefox\Profiles\5vat8qy4.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Oxihi - c:\documents and settings\04890\Application Data\Uxukq\fior.exe
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-KB2079403 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-051 - Windows XP(6499)
AddRemove-KB2115168 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-052 - Windows XP(6484)
AddRemove-KB2229593 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-042 - Windows XP(6034)
AddRemove-KB2296011 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-081 - Windows XP(6116)
AddRemove-KB2347290 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-061 - Windows XP(6353)
AddRemove-KB2360937 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-084 - Windows XP(6051)
AddRemove-KB2393802 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS11-011 - Windows XP(6816)
AddRemove-KB2412687 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS11-029 - Windows XP(7053)
AddRemove-KB2419632 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS11-002 - Windows XP(6726)
AddRemove-KB2423089 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-096 - Windows XP(6648)
AddRemove-KB2440591 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-099 - Windows XP(6676)
AddRemove-KB2443105 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-097 - Windows XP(6654)
AddRemove-KB2476490 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS11-038 - Windows XP(7174)
AddRemove-KB2478960 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS11-014 - Windows XP(6858)
AddRemove-KB2478971 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS11-013 - Windows XP(6850)
AddRemove-KB2479943 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS11-015 - Windows XP(6869)
AddRemove-KB2481109 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS11-017 - Windows XP RDP 6.1(6883)
AddRemove-KB2483185 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS11-006 - Windows XP(6773)
AddRemove-KB2485663 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS11-033 - Windows XP(7125)
AddRemove-KB2506212 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS11-024 - Windows XP MFC(6987)
AddRemove-KB2507618 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS11-032 - Windows XP(7117)
AddRemove-KB2507938 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS11-056 - Windows XP(7554)
AddRemove-KB2508429 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS11-020 - Windows XP(6942)
AddRemove-KB2509553 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS11-030 - Windows XP(7074)
AddRemove-KB2535512 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS11-042 - Windows XP(7235)
AddRemove-KB2566454 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS11-062 - Windows XP(7481)
AddRemove-KB2584146 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS12-005 - Windows XP(7631)
AddRemove-KB2585542 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS12-006 - Windows XP(7611)
AddRemove-KB2598479 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS12-004 - Windows XP (Windows Multimedia Library)(7650)
AddRemove-KB2603381 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS12-002 - Windows XP(7686)
AddRemove-KB2618451 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS11-090 - ActiveX Killbits for Windows XP(7837)
AddRemove-KB2619339 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS11-092 - Windows XP(7826)
AddRemove-KB2620712 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS11-097 - Windows XP(7785)
AddRemove-KB2624667 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS11-093 - Windows XP(7821)
AddRemove-KB2631813 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS12-004 - Windows XP (DirectShow)(7660)
AddRemove-KB2633171 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS11-098 - Windows XP(7778)
AddRemove-KB2646524 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS12-003 - Windows XP(7680)
AddRemove-KB972270 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-001 - Windows XP(5438)
AddRemove-KB975713 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-007 - Windows XP(5556)
AddRemove-KB977816 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-026 - Windows XP(5619)
AddRemove-KB977914 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-013 - Windows XP (AVI Filter)(5605)
AddRemove-KB978542 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-030 - Windows XP(5810)
AddRemove-KB978601 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-019 - Windows XP (Authenticode)(5709)
AddRemove-KB979309 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-019 - Windows XP (Cabinet)(5721)
AddRemove-KB979482 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-033 - Windows XP (Asycfilt.dll)(5965)
AddRemove-KB979687 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-083 - Windows XP(6073)
AddRemove-KB981322 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-063 - Windows XP(6334)
AddRemove-KB982132 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-076 - Windows XP(6148)
AddRemove-KB982665 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-055 - Windows XP(6418)
AddRemove-{13CD417D-F1F1-4AC4-945D-FDDEB884756F} - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d Baseline Security Analyzer 2.0
AddRemove-{7993D673-0A79-41DC-AE58-CDA631F5B816} - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Private -d Adobe Reader 8.0 EN
AddRemove-{A1BD6CB3-19A1-4E0E-8B19-A5B617D84E29} - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Private -d TeamViewer 7 Host (MSI Wrapper)
AddRemove-{AE17F829-A910-4FF1-855E-6609267C534E} - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d Cyberlink Power DVD DX 7.0 EN
AddRemove-{C5ACBB97-0F08-4190-8C51-E3576B8502C0} - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Private -d DNV KEMA Template Updater
AddRemove-{C840159C-5AC9-44FD-BD1D-A9587983FECB} - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Private -d Oracle Offline
AddRemove-{D3A80508-CD83-4CA3-8671-914A1BC78B61} - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Private -d Microsoft Sync Framework 2.0 Provider
AddRemove-{D642E38E-0D24-486C-9A2D-E316DD696F4B} - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d XML Parser
AddRemove-{DE91C193-2611-4BD3-A9F9-DF589C572565} - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Private -d McAfee Agent
AddRemove-{E6D03E18-A20F-487B-A3F3-79D525206CA5} - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Private -d VAI LogonProcessor
AddRemove-{F4F8D5DA-1360-4F39-8D3C-ACE152C3DA43} - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Private -d DNV KEMA OTL Client
AddRemove-{FF63121D-91C6-42CC-B341-F1AA729728E7} - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Private -d Microsoft Sync Framework 2.0 Core
AddRemove-{FF868DE3-5795-4B05-AE22-5E688050C964} - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d Winzip Winzip 8.0 EN
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-01 20:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-01-01 20:36:43
ComboFix-quarantined-files.txt 2013-01-01 19:36
.
Pre-Run: 15,537,803,264 bytes free
Post-Run: 15,517,175,808 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - D7783075651F070D580207CB1658856E

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:10 PM

Posted 02 January 2013 - 04:40 PM

Hi!

Thank you so much for that progress update! It definitely sounds like things are improving with your computer, while other areas are still experiencing some issues.

Lets take a look and see what we can do about addressing those issues.

What is the connection error that you are seeing?

Let me see what insight these scans below provide me with.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. MalwareBytes' Anti-Malware log file.
3. ESET Online Virus Scan log file.
4. SecurityCheck log file.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 krooney

krooney
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 05 January 2013 - 01:05 PM

Hi Sweettech, sorry for the slow response I was away the last couple of days.

1. I could not run the ESET Online scan because I cannot get on to the website from my computer - the same problem I have with many other sites. Usually I download the necessary software via my phone, but in this case it seems I would need to access the site directly on this computer to carry the task out. To describe the problem further after a long time waiting for a website or google link to load up, I am presented by a connection error (screenshots attached, the firefox screenshot is in dutch (not due to malware) but is basically saying no connection could be made with the server).

Also please note that Task 4 indicates the firewall is turned off. Usually it is turned on now, except that I turned it off for task 2.

2.

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.05.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
04890 :: ARN-303014-L [administrator]

Protection: Enabled

05/01/2013 17:59:31
mbam-log-2013-01-05 (17-59-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227745
Time elapsed: 4 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

3. Could not carry out.

4. Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
Please wait while WMIC compiles updated MOF files.
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
McAfee SiteAdvisor Enterprise
Malwarebytes Anti-Malware version 1.70.0.1100
JavaFX 2.1.0
Java 7 Update 9
Adobe Flash Player 11.5.502.135
Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Spybot Teatimer.exe is disabled!
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 22% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

5. The same problem persists, I cannot access many websites - in particular those that are likely to help me - such as the ESET online scan or bleeping computer for example. Overall speed of the computer etc. seems okay though.

Attached Files



#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:10 PM

Posted 06 January 2013 - 03:00 PM

Hi!

Thank you for including those screenshots and the additional information.

Have you previously been able to access BleepingComputer or other security sites from this computer before? Is this computer connected to a network at work?

Please do this scan below and let me know if anything changes after performing it:
Run System File Checker

Make sure you have your XP Disc handy

The System File Checker (Sfc.exe) utility is used for scanning protected operating system files to verify their version and integrity. If System File Checker detects any operating system file with the incorrect file version, it replaces the corrupted file with a file that has the correct version from the Windows installation source files.

To use System File Checker, follow these steps:
  • Click Start, click Run, type cmd.exe, and then click OK.
  • At the command prompt, type sfc /purgecache, and then press ENTER.
    Note You may be prompted to provide Windows installation source files when you run the sfc /purgecache command. If the command is completed successfully, you will receive the following message:
  • Windows File Protection successfully made the requested change.
  • At the command prompt, type sfc /scannow, and then press ENTER.
    Note
    This command may take several minutes to finish. You may also be
    prompted to provide Windows installation source files when you run the sfc /scannow command.
  • At the command prompt, type exit, and then press ENTER to close the command prompt.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users