Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Files encrypted after Ukash virus


  • This topic is locked This topic is locked
13 replies to this topic

#1 RichieP

RichieP

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 21 January 2013 - 07:34 AM

Hi there

I've been instructed to start a new topic here and add the DDS files. I have followed the link to the instructions but I can't see an option to attach the file in this post area so I'll paste the contents.

DDS Contents:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Steve at 12:24:48 on 2013-01-21
#Option MBR scan is disabled.
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.341 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Enabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.itv.com/
uProxyOverride = <local>
uWinlogon: Shell = explorer.exe,c:\docume~1\steve\locals~1\temp\zrzilhrxsjo.exe
mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\windows\system32\oenoxsjo.exe,
BHO: Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - c:\program files\appgraffiti\AppGraffiti.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\12.2.5.34\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWis2.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: WiseConvert Toolbar: {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - c:\program files\wiseconvert\prxtbWis2.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\12.2.5.34\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [SetDefPrt] c:\program files\brother\brmfl06a\BrStDvPt.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - <orphaned>
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - <orphaned>
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143620637671
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{19A6A3CA-C7BD-42D4-9FE4-A5A57B2703DB} : DHCPNameServer = 192.168.1.1
Handler: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - c:\program files\common files\intuit\intu-res.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.6\ViProtocol.dll
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - <orphaned>
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - LocalServer32 - <no file>
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - LocalServer32 - <no file>
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - LocalServer32 - <no file>
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - LocalServer32 - <no file>
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - LocalServer32 - <no file>
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - LocalServer32 - <no file>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: taskmgr.exe - P9KDMF.EXE
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-10-16 27496]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-6-15 1174152]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\ToolbarUpdater.exe [2012-10-16 722528]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2010-12-14 245760]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-17 40776]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2013-01-17 08:07:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-16 11:23:04 -------- d-sh--w- C:\$RECYCLE.BIN
.
==================== Find3M ====================
.
2013-01-15 07:02:00 77348 ----a-r- C:\install.res.1028.dll
2013-01-15 07:01:57 96292 ----a-r- C:\install.res.1040.dll
2013-01-15 07:01:57 80932 ----a-r- C:\install.res.1042.dll
2013-01-15 07:01:56 97316 ----a-r- C:\install.res.1031.dll
2013-01-15 07:01:56 82468 ----a-r- C:\install.res.1041.dll
2013-01-15 07:01:55 98340 ----a-r- C:\install.res.1036.dll
2013-01-15 07:01:55 92196 ----a-r- C:\install.res.1033.dll
2013-01-15 07:01:55 76836 ----a-r- C:\install.res.2052.dll
2013-01-15 07:01:54 97316 ----a-r- C:\install.res.3082.dll
2013-01-09 15:20:13 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 15:20:13 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 16:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01:39 1371648 ------w- c:\windows\system32\msxml6.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 12:25:45.51 ===============

Contents of Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 25/03/2006 18:25:21
System Uptime: 21/01/2013 12:14:48 (0 hours ago)
.
Motherboard: Dell Computer Corp. | | 0J0592
Processor: Intel® Pentium® 4 CPU 2.66GHz | Microprocessor | 2657/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 79.31 GiB free.
D: is FIXED (NTFS) - 56 GiB total, 55.596 GiB free.
E: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D891043&REV_01\4&3B1CAF2B&0&08F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D891043&REV_01\4&3B1CAF2B&0&08F0
Service:
.
==== System Restore Points ===================
.
RP1: 21/01/2013 12:21:47 - System Checkpoint
.
==== Installed Programs ======================
.
AC3Filter (remove only)
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.01)
Adobe® Photoshop® Album Starter Edition 3.2
AppGraffiti
Ask Toolbar
AVG 2013
AVS Audio CD Grabber version 4.1
AVS4YOU Software Navigator 1.2
Basic PAYE Tools
Brother MFL-Pro Suite
Brother MFL-Pro Suite MFC-J410
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Dell ResourceCD
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HMRC Employer CD-ROM 2010 - Updated Edition 2.1.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IncrediMail
IncrediMail 2.0
Intel® PRO Ethernet Adapter and Software
iPod for Windows 2005-06-26
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 7
LG PC Suite II
LimeWire 4.16.6
Malwarebytes Anti-Malware version 1.70.0.1100
MapsGalaxy Toolbar
Microsoft ActiveSync 3.7
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Project Professional 2003
Microsoft Office XP Professional with FrontPage
Microsoft Office XP Small Business
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVC80_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB927977)
NETGEAR WG111 Software
Nokia Connectivity Cable Driver
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
PaperPort Image Printer
PC Connectivity Solution
Produtools Manuals 2.1 Toolbar
QuickBooks Regular Edition 2005
QuickTime
SAGEM F@st 800-840
ScanSoft PaperPort 11
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SoundMAX
SpeedTouch USB Software
Symantec KB-DocID:2003093015493306
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
vShare Plugin
WebFldrs XP
Windows Driver Package - Nokia Modem (10/12/2007 3.6)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WiseConvert Toolbar
Yahoo! Install Manager
Yahoo! Toolbar
Yahoo! Toolbar for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
18/01/2013 05:32:17, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0007E986E53A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
15/01/2013 15:01:03, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
15/01/2013 15:01:01, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec Core LC service to connect.
15/01/2013 15:01:01, error: Service Control Manager [7000] - The Symantec Core LC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/01/2013 07:04:35, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Machine Debug Manager service to connect.
15/01/2013 07:04:35, error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/01/2013 07:02:47, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
15/01/2013 07:02:47, error: Service Control Manager [7000] - The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
15/01/2013 07:00:44, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0007E986E53A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

Also, further to my first post, there is a text file on the desktop called WARNING_ATTENTION. Here are the contents of that:


Warning! Files on your hard drives were encrypted.
In a case you want get your data unencrypted, you will need to purchase 100 pounds Ukash voucher and send to our e-mail the unique 19 digit number of voucher.
An e-mail must be sent as wtitten below. All letters that did not fit the form will be ignored.
You will recieve an e-mail with an instruction how to decrypt data after we check the Ukash code you have sent.

------mail_form-----------------

to: crimeunit@yandex.com
Subject: decoding of files D4ED65FD4E524F482D45

ID of your computer: D4ED65FD4E524F482D45
Ukash code:

--------------------------------

What's Ukash: www.ukash.com/en-GB/whats-ukash/
Get Ukash: www.ukash.com/en-GB/where-to-get/

Basically, if I open a Word doc, or a spreadsheet it is just nonesnse, randon characters. Images also won't open.

As I said in my first post, I have tried some decryption tools with no joy.

Thanks for looking.

*Moderator Edit: Moved topic from AII to the more appropriate forum. DDS logs are not allowed in other forums. They are to be posted ONLY in Malware Removal Logs. ~ Queen-Evie*

Edited by Queen-Evie, 21 January 2013 - 12:04 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:06 PM

Posted 26 January 2013 - 07:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/482515 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 RichieP

RichieP
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 27 January 2013 - 02:32 AM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Steve at 22:12:05 on 2013-01-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.147 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Enabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IncrediMail\Bin\IncMail.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.itv.com/
uProxyOverride = <local>
uWinlogon: Shell = explorer.exe,c:\docume~1\steve\locals~1\temp\zrzilhrxsjo.exe
mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\windows\system32\oenoxsjo.exe,
BHO: Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - c:\program files\appgraffiti\AppGraffiti.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\12.2.5.34\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWis2.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: WiseConvert Toolbar: {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - c:\program files\wiseconvert\prxtbWis2.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\12.2.5.34\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [SetDefPrt] c:\program files\brother\brmfl06a\BrStDvPt.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
dRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - <orphaned>
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - <orphaned>
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143620637671
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{19A6A3CA-C7BD-42D4-9FE4-A5A57B2703DB} : DHCPNameServer = 192.168.1.1
Handler: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - c:\program files\common files\intuit\intu-res.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.6\ViProtocol.dll
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - <orphaned>
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - LocalServer32 - <no file>
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - LocalServer32 - <no file>
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - LocalServer32 - <no file>
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - LocalServer32 - <no file>
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - LocalServer32 - <no file>
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - LocalServer32 - <no file>
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.56\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: taskmgr.exe - P9KDMF.EXE
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-10-16 27496]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-12-18 375296]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-11-29 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2013-1-21 47640]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-6-15 1174152]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\ToolbarUpdater.exe [2012-10-16 722528]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2010-12-14 245760]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-17 40776]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2013-01-22 11:20:17 -------- d---a-w- c:\program files\RadioRage_4jEI
2013-01-21 12:38:31 -------- d-----w- c:\documents and settings\steve\local settings\application data\LogMeIn
2013-01-21 12:38:23 53240 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2013-01-21 12:38:23 31736 ----a-w- c:\windows\system32\LMIport.dll
2013-01-21 12:38:22 84504 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-01-21 12:38:22 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2013-01-21 12:38:16 10144 ----a-w- c:\windows\system32\drivers\lmimirr.sys
2013-01-21 12:38:05 92664 ----a-w- c:\windows\system32\LMIinit.dll
2013-01-21 12:37:59 -------- d-----w- c:\documents and settings\all users\application data\LogMeIn
2013-01-21 12:37:33 -------- d-----w- c:\program files\LogMeIn
2013-01-17 08:07:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-16 11:23:04 -------- d-sh--w- C:\$RECYCLE.BIN
.
==================== Find3M ====================
.
2013-01-15 07:02:00 77348 ----a-r- C:\install.res.1028.dll
2013-01-15 07:01:57 96292 ----a-r- C:\install.res.1040.dll
2013-01-15 07:01:57 80932 ----a-r- C:\install.res.1042.dll
2013-01-15 07:01:56 97316 ----a-r- C:\install.res.1031.dll
2013-01-15 07:01:56 82468 ----a-r- C:\install.res.1041.dll
2013-01-15 07:01:55 98340 ----a-r- C:\install.res.1036.dll
2013-01-15 07:01:55 92196 ----a-r- C:\install.res.1033.dll
2013-01-15 07:01:55 76836 ----a-r- C:\install.res.2052.dll
2013-01-15 07:01:54 97316 ----a-r- C:\install.res.3082.dll
2013-01-09 15:20:13 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 15:20:13 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 16:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-29 11:56:30 25248 ----a-w- c:\windows\system32\lmimirr.dll
2012-11-29 11:56:30 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01:39 1371648 ------w- c:\windows\system32\msxml6.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 22:13:15.20 ===============

Attached Files



#4 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:06 PM

Posted 30 January 2013 - 07:37 PM

Hello and welcome to BleepingComputer! :welcome:

My name is Thisisu and I will be helping you with your malware related computer problems.

I do have some basic rules while we are working together so please read and follow them:


  • Be specific!
    • If you come across a problem while performing any of the steps listed here, do not simply state "It did not work." Tell me the exact error you encountered if one was given to you. For example, this is a much better response: "When I ran the ____ tool, an error box appeared on my screen and said 'Illegal operation attempted on a registry key that has been marked for deletion.'. There is only an 'OK' button in the box."
  • Do not run any scans/fixes on your own!
    • If at any time you feel that you can handle the rest of your computer problems on your own without my help, just let me know! I will not be offended as there are others that need help with their computers. However, do not perform scans and/or fixes that I have not asked you to do on your own and then expect me to continue helping you because I will not!
  • I will close the topic if I have not heard a response from you within 72 hours.
    • If you are going to be away, just let me know and I will leave the topic open until you can return.

First, can you send me 2-3 non-confidential files that are encrypted to http://www.bleepingcomputer.com/submit-malware.php?channel=137'>here?

Next we'll start removing the remaining traces of malware from your system.

Posted Image From Add/Remove Programs (via Control Panel), please uninstall the below:
  • AppGraffiti
  • Ask Toolbar
  • Java™ 6 Update 22
  • Java™ 6 Update 7
  • vShare Plugin
  • WiseConvert Toolbar

__

Posted Image Please download and install Malwarebytes Anti-Malware.
  • Open Malwarebytes Anti-Malware and click the Update tab.
    • Then press the Check for Updates button.
  • Once you have the latest database version, click the Settings tab.
    • Now click the Scanner Settings sub-tab.
    • In the sections that say:
      • Action for potentially unwanted programs (PUP)
      • Action for potentially unwanted modifications (PUM)
      • Action for peer-to-peer software (P2P)
    • .. click the down arrow next to each field and choose: Show in results list and check for removal.
  • Now go back to the main Scanner tab and perform a Quick Scan.
  • Wait for the scan to complete and follow the prompts provided.
  • A log file will appear when finished.
  • Post the contents of this log file into your next message.
    • You can also retrieve the log from the Logs tab incase you accidentally closed the report that popped up when the scan completed.

__

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

__

Posted Image Please download OTL.

  • Save it to your desktop.
  • Open OTL.exe by double-clicking it.
  • Check the "Scan All Users" checkbox.
  • Check the "Standard Output".
  • Change the setting of "Drivers" and "Services" to "All"
  • Copy the text in the code box below and paste it into the Posted Image text-field.

    drives
    
  • Now click the Posted Image button.
  • Two reports will be created:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Paste the contents of OTL.txt here for me to review but attach Extras.txt


#5 RichieP

RichieP
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 01 February 2013 - 12:55 PM

When I tried to uninstall Ask Toolbar it said "error loading module ........\asksbar.dll" The specified module could not be found"

Malwarebytes log:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.01.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Steve :: HORNE-02D4A2A1C [administrator]

01/02/2013 16:58:04
mbam-log-2013-02-01 (16-58-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 235176
Time elapsed: 12 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.5.8 (01.31.2013:1)
OS: Microsoft Windows XP x86
Ran by Steve on 01/02/2013 at 17:13:18.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d7e97865-918f-41e4-9cd0-25ab1c574ce8}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1177238915-789336058-725345543-1003\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\babylon
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\ctoolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\ctoolbar
Successfully deleted: [Registry Key] hkey_current_user\software\igearsettings
Successfully deleted: [Registry Key] hkey_current_user\software\im
Successfully deleted: [Registry Key] hkey_current_user\software\iminstaller
Successfully deleted: [Registry Key] hkey_local_machine\software\iminstaller
Successfully deleted: [Registry Key] hkey_current_user\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\smartbar
Successfully deleted: [Registry Key] hkey_current_user\software\zugo
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\scripthelper.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\s
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2642704
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2769726
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3196716
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3209604
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{c04b7d22-5aec-4561-8f49-27f6269208f6}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Steve\Application Data\pricegong"
Successfully deleted: [Folder] "C:\Documents and Settings\Steve\Application Data\searchquband"
Successfully deleted: [Folder] "C:\Documents and Settings\Steve\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Documents and Settings\Steve\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Program Files\bringmesports_1cei"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\mapsgalaxy_39"
Successfully deleted: [Folder] "C:\Program Files\radiorage_4jei"
Successfully deleted: [Folder] "C:\Program Files\asksbar"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/02/2013 at 17:26:30.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL logfile created on: 01/02/2013 17:35:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Steve\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

767.00 Mb Total Physical Memory | 250.42 Mb Available Physical Memory | 32.65% Memory free
1.83 Gb Paging File | 0.96 Gb Available in Paging File | 52.35% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 78.81 Gb Free Space | 70.50% Space Free | Partition Type: NTFS
Drive D: | 55.87 Gb Total Space | 55.60 Gb Free Space | 99.51% Space Free | Partition Type: NTFS

Computer Name: HORNE-02D4A2A1C | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/01 17:33:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
PRC - [2012/12/18 09:32:56 | 000,137,728 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/12/18 09:32:50 | 000,375,296 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/29 11:56:52 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2012/11/29 11:56:52 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/10/16 04:29:01 | 000,722,528 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012/03/17 08:57:45 | 000,366,024 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
PRC - [2012/03/17 08:57:45 | 000,263,624 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImApp.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/14 08:42:16 | 001,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/03/09 10:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/16 04:29:01 | 000,722,528 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
MOD - [2012/03/17 08:57:47 | 000,071,112 | ---- | M] () -- C:\Program Files\IncrediMail\bin\wlessfp1.dll
MOD - [2012/03/17 08:57:46 | 000,267,720 | ---- | M] () -- C:\Program Files\IncrediMail\bin\ImLookExU.dll
MOD - [2012/03/17 08:57:45 | 000,132,552 | ---- | M] () -- C:\Program Files\IncrediMail\bin\ImComUtlU.dll
MOD - [2012/03/17 08:57:45 | 000,079,304 | ---- | M] () -- C:\Program Files\IncrediMail\bin\ImAppRU.dll
MOD - [2012/03/17 08:57:45 | 000,032,136 | ---- | M] () -- C:\Program Files\IncrediMail\bin\IMHttpComm.dll
MOD - [2012/03/17 08:56:18 | 001,000,784 | ---- | M] () -- C:\Program Files\IncrediMail\bin\AE\ActionEngine.dll
MOD - [2012/03/11 18:18:54 | 000,107,896 | ---- | M] () -- C:\Program Files\IncrediMail\bin\PMC.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll


========== Services (All) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/01/09 15:20:36 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 09:32:56 | 000,137,728 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/12/18 09:32:50 | 000,375,296 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/11/29 11:56:52 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/16 04:29:01 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012/08/12 12:55:33 | 000,194,032 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2012/07/06 13:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2012/01/03 15:26:55 | 000,136,176 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdatem)
SRV - [2012/01/03 15:26:55 | 000,136,176 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate)
SRV - [2010/08/27 05:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2010/08/17 13:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/07/27 23:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2009/07/27 23:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/27 23:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2009/06/10 06:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
SRV - [2009/04/20 17:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/09 12:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2009/02/09 12:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2009/02/09 12:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (DcomLaunch)
SRV - [2009/02/06 11:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2009/02/06 11:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/07/07 20:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\es.dll -- (EventSystem)
SRV - [2008/06/20 16:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2008/04/14 00:12:40 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2008/04/14 00:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 00:12:38 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2008/04/14 00:12:38 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ups.exe -- (UPS)
SRV - [2008/04/14 00:12:35 | 000,089,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2008/04/14 00:12:34 | 000,141,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2008/04/14 00:12:33 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr)
SRV - [2008/04/14 00:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/14 00:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/14 00:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 00:12:27 | 000,006,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC)
SRV - [2008/04/14 00:12:25 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2008/04/14 00:12:24 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator)
SRV - [2008/04/14 00:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 00:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 00:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 00:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp)
SRV - [2008/04/14 00:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 00:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 00:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 00:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 00:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp)
SRV - [2008/04/14 00:12:14 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/14 00:12:14 | 000,005,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2008/04/14 00:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 00:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2008/04/14 00:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\xmlprov.dll -- (xmlprov)
SRV - [2008/04/14 00:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 00:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/14 00:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2008/04/14 00:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 00:12:08 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2008/04/14 00:12:08 | 000,175,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\w32time.dll -- (W32Time)
SRV - [2008/04/14 00:12:08 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\webclnt.dll -- (WebClient)
SRV - [2008/04/14 00:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 00:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008/04/14 00:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 00:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 00:12:07 | 000,090,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\trkwks.dll -- (TrkWks)
SRV - [2008/04/14 00:12:07 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2008/04/14 00:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 00:12:05 | 000,039,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\sens.dll -- (SENS)
SRV - [2008/04/14 00:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 00:12:04 | 000,059,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\regsvc.dll -- (RemoteRegistry)
SRV - [2008/04/14 00:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008/04/14 00:12:03 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qagentrt.dll -- (napagent)
SRV - [2008/04/14 00:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2008/04/14 00:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 00:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 00:12:02 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/14 00:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/04/14 00:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/14 00:11:57 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/14 00:11:56 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\kmsvc.dll -- (hkmsvc)
SRV - [2008/04/14 00:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 00:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 00:11:53 | 000,023,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ersvc.dll -- (ERSvc)
SRV - [2008/04/14 00:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 00:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2008/04/14 00:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 00:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/04/14 00:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 00:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 00:11:49 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\appmgmts.dll -- (AppMgmt)
SRV - [2008/04/14 00:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2007/12/10 13:59:04 | 000,353,280 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/07/14 08:42:16 | 001,174,152 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/10/18 21:47:16 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mspmsnsv.dll -- (WmdmPmSN)
SRV - [2006/10/18 20:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2005/06/24 14:16:26 | 000,331,776 | ---- | M] (Apple Computer, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2003/07/28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/20 07:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
SRV - [2003/03/09 05:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2001/08/23 15:00:00 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsvp.exe -- (RSVP)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ViaIde)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Steve\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled | Unknown] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Catchme\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2012/12/18 09:33:16 | 000,084,504 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/11/29 11:56:52 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/11/29 11:56:52 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2012/11/29 11:56:30 | 000,010,144 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lmimirr.sys -- (lmimirr)
DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/16 04:29:03 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 02:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 02:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 02:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 02:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 02:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/07/04 14:05:18 | 000,139,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2011/08/17 13:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\afd.sys -- (AFD)
DRV - [2011/07/15 13:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2011/07/08 14:02:00 | 000,010,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2011/04/21 13:37:43 | 000,105,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2011/02/17 13:18:03 | 000,357,888 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2010/11/02 15:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2009/10/20 16:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/24 11:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2008/06/20 11:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/05/02 09:58:28 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/05/02 09:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/02 09:58:14 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/02 09:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/04/14 00:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/14 00:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/14 00:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 19:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 19:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 19:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 19:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 19:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport)
DRV - [2008/04/13 19:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp)
DRV - [2008/04/13 19:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 19:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 19:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 19:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 19:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 19:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 19:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 19:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 19:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 18:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 18:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 18:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 18:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 18:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 18:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 18:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 18:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 18:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 18:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 18:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/13 18:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 18:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/04/13 18:45:39 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 18:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR)
DRV - [2008/04/13 18:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 18:45:36 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)
DRV - [2008/04/13 18:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 18:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/13 18:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/13 18:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (hidusb)
DRV - [2008/04/13 18:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 18:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 18:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 18:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 18:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 18:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 18:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 18:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 18:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 18:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 18:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 18:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 18:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/13 18:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 18:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde)
DRV - [2008/04/13 18:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 18:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 18:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 18:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2008/04/13 18:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 18:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 18:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 18:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 18:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 18:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 18:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 18:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 18:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 18:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2008/04/13 18:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 18:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2008/04/13 18:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 18:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\agp440.sys -- (agp440)
DRV - [2008/04/13 18:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008/04/13 18:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 18:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 18:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/13 18:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 18:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 18:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 18:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 18:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/13 16:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2008/01/18 09:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\eectrl.sys -- (eeCtrl)
DRV - [2007/11/13 10:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/11/02 06:22:54 | 000,492,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000)
DRV - [2006/06/15 19:03:01 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/01/19 03:17:38 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/01/18 22:44:46 | 000,053,248 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2004/10/15 03:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/10/04 16:57:12 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X)
DRV - [2004/08/03 22:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/07/17 15:48:44 | 000,046,167 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER)
DRV - [2003/03/27 12:38:44 | 000,127,145 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw)
DRV - [2003/03/09 05:31:02 | 000,021,456 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2003/03/09 05:31:02 | 000,016,080 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2003/03/09 05:31:00 | 000,051,024 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2002/12/19 16:48:48 | 000,539,008 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2002/09/19 14:59:50 | 000,139,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B)
DRV - [2002/04/01 12:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2001/08/23 15:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2001/08/23 15:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2001/08/23 15:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2001/08/23 15:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2001/08/23 15:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/23 15:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2001/08/23 15:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2001/08/23 15:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2001/08/23 15:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/23 15:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL)
DRV - [2001/08/23 15:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2001/08/23 15:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2001/08/23 15:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2001/08/23 15:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2001/08/23 15:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2001/08/23 15:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2001/08/23 15:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2001/08/23 15:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2001/08/23 15:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2001/08/23 15:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\pciide.sys -- (PCIIde)
DRV - [2001/08/23 15:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2001/08/23 15:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\WINDOWS\System32\winsock.dll -- (Winsock)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
DRV - [2001/08/17 13:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 12:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}


IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012

IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012

IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1177238915-789336058-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.itv.com/
IE - HKU\S-1-5-21-1177238915-789336058-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1177238915-789336058-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-1177238915-789336058-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enGB465
IE - HKU\S-1-5-21-1177238915-789336058-725345543-1003\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-21-1177238915-789336058-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1177238915-789336058-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-1177238915-789336058-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
IE - HKU\S-1-5-21-1177238915-789336058-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
IE - HKU\S-1-5-21-1177238915-789336058-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin: C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\39ffxtbr@MapsGalaxy_39.com: C:\Program Files\MapsGalaxy_39\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\12.2.5.34\ [2012/10/16 04:29:22 | 000,000,000 | ---D | M]

[2008/09/06 12:59:50 | 000,024,683 | ---- | M] (Ask.com) -- C:\Program Files\mozilla firefox\plugins\NPAskSBr.dll

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\

O1 HOSTS File: ([2012/08/22 13:25:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1177238915-789336058-725345543-1003\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-1177238915-789336058-725345543-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1177238915-789336058-725345543-1003\..\Toolbar\WebBrowser: (no name) - {B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} - No CLSID value found.
O3 - HKU\S-1-5-21-1177238915-789336058-725345543-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\.DEFAULT..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-18..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-1177238915-789336058-725345543-1003..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1177238915-789336058-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1177238915-789336058-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1177238915-789336058-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1177238915-789336058-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1177238915-789336058-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1177238915-789336058-725345543-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1177238915-789336058-725345543-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1177238915-789336058-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - Reg Error: Key error. File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143620637671 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19A6A3CA-C7BD-42D4-9FE4-A5A57B2703DB}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-res {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\oenoxsjo.exe) - File not found
O20 - HKU\S-1-5-21-1177238915-789336058-725345543-1003 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1177238915-789336058-725345543-1003 Winlogon: Shell - (C:\DOCUME~1\Steve\LOCALS~1\Temp\zrzilhrxsjo.exe) - File not found
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/25 18:22:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/01 17:33:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
[2013/02/01 17:13:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/02/01 17:13:08 | 000,000,000 | ---D | C] -- C:\JRT
[2013/02/01 17:12:54 | 000,538,188 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Steve\Desktop\JRT.exe
[2013/02/01 09:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/01/21 12:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Local Settings\Application Data\LogMeIn
[2013/01/21 12:38:23 | 000,031,736 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2013/01/21 12:38:22 | 000,084,504 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2013/01/21 12:38:22 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2013/01/21 12:38:05 | 000,092,664 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2013/01/21 12:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2013/01/21 12:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2013/01/16 14:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\Invoices
[2013/01/16 11:23:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

========== Files - Modified Within 30 Days ==========

[2013/02/01 17:33:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
[2013/02/01 17:18:05 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/01 17:12:54 | 000,538,188 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Steve\Desktop\JRT.exe
[2013/02/01 16:59:10 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/01 10:59:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/01 09:03:55 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/01/30 18:19:51 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/30 17:44:53 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/29 10:54:22 | 000,023,955 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Sheilas materials
[2013/01/29 10:46:56 | 000,001,913 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\ Materials Re Sheila's.htm
[2013/01/21 13:55:19 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2013/01/21 13:55:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/21 13:55:10 | 804,331,520 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/21 12:38:03 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013/01/19 18:38:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/01/16 17:48:15 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Shortcut to Dropbox 1.6.0.lnk
[2013/01/16 17:47:32 | 000,000,440 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Shortcut to Quotes.lnk
[2013/01/16 14:15:06 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Internet Explorer.lnk
[2013/01/16 14:10:13 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/15 07:02:00 | 000,077,348 | R--- | M] () -- C:\install.res.1028.dll
[2013/01/15 07:01:57 | 000,096,292 | R--- | M] () -- C:\install.res.1040.dll
[2013/01/15 07:01:57 | 000,080,932 | R--- | M] () -- C:\install.res.1042.dll
[2013/01/15 07:01:57 | 000,000,788 | R--- | M] () -- C:\hpfr5550.xml
[2013/01/15 07:01:56 | 000,097,316 | R--- | M] () -- C:\install.res.1031.dll
[2013/01/15 07:01:56 | 000,082,468 | R--- | M] () -- C:\install.res.1041.dll
[2013/01/15 07:01:55 | 000,098,340 | R--- | M] () -- C:\install.res.1036.dll
[2013/01/15 07:01:55 | 000,092,196 | R--- | M] () -- C:\install.res.1033.dll
[2013/01/15 07:01:55 | 000,076,836 | R--- | M] () -- C:\install.res.2052.dll
[2013/01/15 07:01:54 | 000,097,316 | R--- | M] () -- C:\install.res.3082.dll
[2013/01/15 06:58:34 | 000,085,012 | R--- | M] () -- C:\Documents and Settings\Steve\My Documents\snack bar front and back1 revised.pub
[2013/01/15 06:58:26 | 016,884,100 | R--- | M] () -- C:\Documents and Settings\Steve\My Documents\IE8-WindowsXP-x86-ENU.exe
[2013/01/15 06:58:26 | 000,042,516 | R--- | M] () -- C:\Documents and Settings\Steve\My Documents\letter header.pub
[2013/01/15 06:58:25 | 000,113,428 | R--- | M] () -- C:\Documents and Settings\Steve\My Documents\ECD20110503_1201.zip
[2013/01/15 06:58:24 | 000,250,831 | R--- | M] () -- C:\Documents and Settings\Steve\My Documents\David Beardsmore
[2013/01/15 06:58:23 | 000,447,160 | R--- | M] () -- C:\Documents and Settings\Steve\My Documents\CCE29012012_00000.jpg
[2013/01/15 06:55:58 | 000,000,276 | R--- | M] () -- C:\Documents and Settings\All Users\Desktop\HMRC employer email alert service.url
[2013/01/15 06:53:33 | 001,229,898 | R--- | M] () -- C:\20441331591801233000000000000000000000000000000000000000000000000.000000sqwr.bmp
[2013/01/15 06:53:33 | 001,229,898 | R--- | M] () -- C:\-12334320751525217000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000.000000sqwr.bmp
[2013/01/15 06:53:33 | 001,229,898 | R--- | M] () -- C:\0.000000sqwr.bmp
[2013/01/10 03:01:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/09 15:20:13 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/01/09 15:20:13 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/01/06 05:34:35 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

========== Files Created - No Company Name ==========

[2013/01/30 09:30:28 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\IncrediMail 2.0.lnk
[2013/01/29 10:54:22 | 000,023,955 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Sheilas materials
[2013/01/29 10:46:56 | 000,001,913 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\ Materials Re Sheila's.htm
[2013/01/21 12:38:02 | 000,001,024 | ---- | C] () -- C:\.rnd
[2013/01/21 12:37:48 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk
[2013/01/16 17:48:15 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Shortcut to Dropbox 1.6.0.lnk
[2013/01/16 17:47:32 | 000,000,440 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Shortcut to Quotes.lnk
[2012/09/28 06:37:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/08/20 18:11:21 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2012/07/14 06:34:13 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\dt.dat
[2011/06/17 05:45:31 | 000,001,152 | -HS- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\1sp03g8ouwu6fqn87v1412qy85442uk7u5xb23d5
[2008/08/06 05:40:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Steve\NULL
[2006/03/27 12:24:22 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/27 12:22:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Steve\hpothb07.tif
[2006/03/27 12:22:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Steve\hpothb07.dat

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: WDC WD1200BB-00GUA0
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: WDC WD600BB-75CAA0
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - Removable media other than\tfloppy
Interface type: USB
Media Type: Removable media other than\tfloppy
Model: USB Flash Drive USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 112.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 56.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #2, Partition #0
PartitionType: 16-bit FAT
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0.00MB
Starting Offset: 0
Hidden sectors: 0


< End of report >

Attached Files



#6 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:06 PM

Posted 01 February 2013 - 04:23 PM

Posted Image Fix items using OTL by OldTimer

Double-click OTL.exe to run the program.
Shutdown your antivirus to avoid any conflicts.
Copy the text in the code box below and paste it into the Posted Image text-field.
:otl
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Catchme\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Steve\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
FF - HKLM\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin: C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\39ffxtbr@MapsGalaxy_39.com: C:\Program Files\MapsGalaxy_39\bar\1.bin
[2008/09/06 12:59:50 | 000,024,683 | ---- | M] (Ask.com) -- C:\Program Files\mozilla firefox\plugins\NPAskSBr.dll
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1177238915-789336058-725345543-1003\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-1177238915-789336058-725345543-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1177238915-789336058-725345543-1003\..\Toolbar\WebBrowser: (no name) - {B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} - No CLSID value found.
O3 - HKU\S-1-5-21-1177238915-789336058-725345543-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\oenoxsjo.exe) - File not found
O20 - HKU\S-1-5-21-1177238915-789336058-725345543-1003 Winlogon: Shell - (C:\DOCUME~1\Steve\LOCALS~1\Temp\zrzilhrxsjo.exe) - File not found
:files
C:\install.res.????.dll /d
C:\Documents and Settings\Steve\Local Settings\Application Data\1sp03g8ouwu6fqn87v1412qy85442uk7u5xb23d5 /d
type "C:\Documents and Settings\Steve\Local Settings\Application Data\dt.dat" /c
C:\Documents and Settings\Steve\Local Settings\Application Data\dt.dat /d
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AskSBar Uninstall"=-
"MapsGalaxy_39bar Uninstall"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"="0"
"ProxyOverride"=-
"ProxyServer"=-
[HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"="0"
"ProxyOverride"=-
"ProxyServer"=-
:commands
[emptyjava]
[emptyflash]
Now click the Posted Image button.
If the fix needed a reboot please do it.
Click the OK button (upon reboot).
When OTL is finished, Notepad will open with a log report.
Post the contents of this report into your next message.

#7 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:06 PM

Posted 01 February 2013 - 04:36 PM

I received your encrypted file. A brief analysis shows that this is encrypted by the newest variant of Rannoh / Matsnu / Trustezeb.A.

I'm afraid I have bad news that there is no way of decrypting these files without physical access to the servers where the master keys are stored. :( More information here.

Edited by thisisu, 01 February 2013 - 04:37 PM.


#8 RichieP

RichieP
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 02 February 2013 - 04:08 PM

Thanks for the quick reply

here's the latest OTL report:

========== OTL ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\Catchme\catchme.sys not found.
Error: No service named mbr was found to stop!
Service\Driver key mbr not found.
File C:\DOCUME~1\Steve\LOCALS~1\Temp\mbr.sys not found.
Service USBModem stopped successfully!
Service USBModem deleted successfully!
File system32\DRIVERS\lgusbmodem.sys not found.
Service UsbDiag stopped successfully!
Service UsbDiag deleted successfully!
File system32\DRIVERS\lgusbdiag.sys not found.
Service usbbus stopped successfully!
Service usbbus deleted successfully!
File system32\DRIVERS\lgusbbus.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\39ffxtbr@MapsGalaxy_39.com deleted successfully.
File C:\Program Files\MapsGalaxy_39\bar\1.bin not found.
C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1177238915-789336058-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-0000-0000-0000-000000000000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000000}\ not found.
Registry value HKEY_USERS\S-1-5-21-1177238915-789336058-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-1177238915-789336058-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1}\ not found.
Registry value HKEY_USERS\S-1-5-21-1177238915-789336058-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\oenoxsjo.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1177238915-789336058-725345543-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\DOCUME~1\Steve\LOCALS~1\Temp\zrzilhrxsjo.exe deleted successfully.
========== FILES ==========
C:\install.res.1028.dll deleted successfully.
C:\install.res.1031.dll deleted successfully.
C:\install.res.1033.dll deleted successfully.
C:\install.res.1036.dll deleted successfully.
C:\install.res.1040.dll deleted successfully.
C:\install.res.1041.dll deleted successfully.
C:\install.res.1042.dll deleted successfully.
C:\install.res.2052.dll deleted successfully.
C:\install.res.3082.dll deleted successfully.
C:\Documents and Settings\Steve\Local Settings\Application Data\1sp03g8ouwu6fqn87v1412qy85442uk7u5xb23d5 deleted successfully.
< type "C:\Documents and Settings\Steve\Local Settings\Application Data\dt.dat" /c >
2178393b2e3f3d3528333f29786001781b3e7a143f2e2d35283129787678093539333b367a182f2e2e3534297876780d3f387a1b343b36232e33392978077678332e3f37297860012178333e7860786b787678343b373f7860780122716b077876783b333e7860786b7876782a3b2e2e3f283478607872060674222a6b060674282f6e060674393537263935342e3f342e060674282f6e06067439353706067533373b3d3f290606752a33223f3673787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783836353931787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786a7876783e3b2e3b05283f2e7860786b787678352a2e05352f2e786078322e2e2a607575222a362f2935343f7439353775352a2e352f2e74322e37367876782a282c052a3536333923786078322e2e2a607575222a362f2935343f74393537752a28332c3b3923742a322a7827762178333e78607868787678343b373f786078686e756d7a083f3b367a173f3e333b7876783b333e786078687876782a3b2e2e3f2834786078686e6d283f3b36373f3e333b060674393537060675283f3b36373f3e333b0606753b3e2906067539283f3b2e332c3f29787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783836353931787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786b787678352a2e05352f2e786078322e2e2a6075752d2d2d74686e6d283f3b36373f3e333b74393537751f14770f0975352a2e77352f2e74322e37367876782a282c052a3536333923786078322e2e2a607575686e6d283f3b36373f3e333b74393537751f14770f09752a28332c3b3923772a353633392374322e3736797827762178333e78607869787678343b373f78607869691b39283529297876783b333e786078697876782a3b2e2e3f28347860782a33223f3606067469693b39283529290606743935370606752a29060675787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783836353931787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786a7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e7860787876782a282c052a3536333923786078322e2e2a60757569693b392835292974393537752a28332c3b3923772a353633392374322e37367827762178333e7860786e787678343b373f7860781b39393f363f283b2e35287a173f3e333b7876783b333e7860786e7876782a3b2e2e3f28347860783b3e0606743b39393f363f283b2e352877373f3e333b0606743935370606752a33223f36787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783b3636352d787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e7860787876782a282c052a3536333923786078322e2e2a6075752d2d2d743b39393f363f283b2e352877373f3e333b74393537752a28332c3b392374322e37367827762178333e7860786f787678343b373f7860781b3e3e2e351b34237876783b333e7860786f7876782a3b2e2e3f2834786078292e3b2e33390606743b3e3e2e353b3423060674393537060675373f342f0606752a3b3d3f0606743029787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783b3636352d787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e7860787876782a282c052a3536333923786078322e2e2a6075752d2d2d743b3e3e2e353b342374393537752a28332c3b39237827762178333e7860786c787678343b373f7860781b3e332e3335347876783b333e7860786c7876782a3b2e2e3f28347860783b3e332e3335340606743935370606753029060675787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783836353931787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786a7876783e3b2e3b052932287860786a7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e786078322e2e2a607575352a2e352f2e743b3e3c3b28376b743b3e332e3335347439353775652f283667322e2e2a6075753f34743b3e332e33353474393537752a28332c3b392375352a2e352f2e757876782a282c052a3536333923786078322e2e2a6075753f34743b3e332e33353474393537752a28332c3b3923757827762178333e7860786d787678343b373f7860781b3e083f3b3e237876783b333e7860786d7876782a3b2e2e3f28347860782d2d2d0606743b3e283f3b3e232e283b392e33353429060674393537060675282e060675787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783836353931787678293935283f7860786a7876782a293436053e397860786b7876783b343534053e397860786b7876783e3b2e3b052932287860786a7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e786078322e2e2a6075752d2d2d743b3e283f3b3e237439353775393534292f373f2805352a2e05352f2e7876782a282c052a3536333923786078322e2e2a6075752d2d2d743b3e283f3b3e23743935377529332e3f752a28332c3b3923772a3536333923757827762178333e78607862787678343b373f7860781b3d3d283f3d3b2e3f7a1134352d363f3e3d3f7876783b333e786078627876782a3b2e2e3f28347860783e3b2e3b0606743b3d3d283f3d3b2e3f3134352d363f3e3d3f0606743935370606752a33223f36787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783836353931787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786b787678352a2e05352f2e786078322e2e2a6075753b2a33743b3d3d283f3d3b2e3f3134352d363f3e3d3f7439353775352a2e352f2e687876782a282c052a3536333923786078322e2e2a6075753b3d3d283f3d3b2e3f3134352d363f3e3d3f74393537752a28332c3b3923052a363b2e3c35283774322e37367827762178333e78607863787678343b373f786078183b2334352e3f7a1538293f282c3f287876783b333e786078637876782a3b2e2e3f2834786078383b2334352e3f0606743029787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783b3636352d787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786b787678352a2e05352f2e7860787876782a282c052a3536333923786078322e2e2a6075752d2d2d74383b2334352e3f7439353775363f3d3b36752a28332c3b3923757827762178333e7860786b6b787678343b373f786078183320357876783b333e7860786b6a7876782a3b2e2e3f28347860783b3e060674383320350606743935370606752a33223f36787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783836353931787678293935283f7860786a7876782a293436053e397860786b7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e7860787876782a282c052a3536333923786078322e2e2a607575383320357439353775382f2933343f2929053b2f3e333f34393f752a28332c3b3923052a35363339237827762178333e7860786b68787678343b373f7860781828333d322e39352c3f7876783b333e7860786b6b7876782a3b2e2e3f28347860783d35312f0606743828333d322e39352c3f0606743935370606756b2a33220606743d333c787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783836353931787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786b787678352a2e05352f2e7860782a28332c3b39231a3828333d322e39352c3f743935377876782a282c052a3536333923786078322e2e2a6075752d2d2d743828333d322e39352c3f74393537753f34752a28332c3b3923757827762178333e7860786b6e787678343b373f786078180e182f39313f2e297876783b333e7860786b697876782a3b2e2e3f2834786078292e3b2e3339060674382e382f39313f2e29060674393537060675382e0606743029787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783836353931787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e786078322e2e2a607575382e382f39313f2e29743935377529332e3f75352a2e352f2e7876782a282c052a3536333923786078322e2e2a607575382e382f39313f2e29743935377529332e3f752a28332c3b39237827762178333e7860786b6f787678343b373f786078193536363b28332e237876783b333e7860786b6e7876782a3b2e2e3f2834786078293f282c33393f060674393536363b28332e230606743935370606752f39290606752e283b39313f280606743029787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783836353931787678293935283f7860786a7876782a293436053e397860786b7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e7860787876782a282c052a3536333923786078322e2e2a6075752d2d2d74393536363b28332e2374393537752a28332c3b3923772a353633392374322e37367827762178333e7860786b6c787678343b373f786078193537293935283f7a183f3b3935347876783b333e7860786b6f7876782a3b2e2e3f283478607806067472293935283f283f293f3b28393226293f392f283f292e2f3e333f2926293935283f393b283e283f293f3b28393273060674393537060675787678393b2e3f3d3528237860780d3f387a1b343b36232e3339297876783b392e3335347860783b3636352d787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786a7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e7860787876782a282c052a3536333923786078322e2e2a6075752d2d2d74293935283f393b283e283f293f3b28393274393537752a28332c3b3923743b292a227827762178333e7860786b6d787678343b373f786078193534343f222e283b7876783b333e7860786b6c7876782a3b2e2e3f28347860783c3c060674393534343f222e283b060674393537787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783836353931787678293935283f7860786a7876782a293436053e397860786b7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786b787678352a2e05352f2e786078322e2e2a6075753c3c74393534343f222e283b7439353775283f29352f28393f2975193534343f222e283b752a28332c3b3923772a353633392375797876782a282c052a3536333923786078322e2e2a6075752d2d2d74383f2e3d3f34332f2974393537752a28332c3b3923772a3536333923757827762178333e7860786b62787678343b373f7860781928332e3f357876783b333e7860786b6d7876782a3b2e2e3f2834786078393b290606743928332e3f350606743935370606753e3f36332c3f2823787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783836353931787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786a7876783e3b2e3b05283f2e7860786b787678352a2e05352f2e786078322e2e2a6075752d2d2d743928332e3f3574393537752f29752a28332c3b3923772a353633392375352a2e77352f2e7876782a282c052a3536333923786078322e2e2a6075752d2d2d743928332e3f3574393537752f29752a28332c3b3923772a35363339237827762178333e786078686a787678343b373f7860781928352d3e7a0939333f34393f7876783b333e7860786b627876782a3b2e2e3f2834786078292e3b2e33390606743928352d3e2939333f34393f060674393537060675292e3b282e77787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783836353931787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e7860787876782a282c052a3536333923786078322e2e2a6075752d2d2d743928352d3e2939333f34393f7439353775352f28053928352d3e75363f3d3b367827762178333e786078686b787678343b373f7860781e3f3e33393b2e3f3e7a173f3e333b7876783b333e7860786b637876782a3b2e2e3f28347860783b3e0606743e3f3e33393b2e3f3e373f3e333b060674393537060675293f3d787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783836353931787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786b787678352a2e05352f2e786078322e2e2a6075752d2d2d74343f2e2d3528313b3e2c3f282e332933343d7435283d75373b343b3d33343d75352a2e05352f2e743b292a7876782a282c052a3536333923786078322e2e2a6075753e3f3e33393b2e3f3e373f3e333b74393537752a28332c3b392374322e37367827762178333e7860786868787678343b373f7860781e333e332e7a18363320203b283e7876783b333e786078686a7876782a3b2e2e3f28347860782e3b3d0606743e333e332e0606743935370606753029787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783836353931787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786b787678352a2e05352f2e786078322e2e2a6075753338743b3e3422297439353775352a2e352f2e7876782a282c052a3536333923786078322e2e2a6075752d2d2d743e333e332e74393537752a28332c3b39237827762178333e786078686e787678343b373f7860781f2e3536353d237876783b333e78607868687876782a3b2e2e3f28347860782a3b3d3f290606743f2e3536353d23060674393537060675302968262a3b3d3f290606743f2e3536353d230606743935370606753d2e383029787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783836353931787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786b787678352a2e05352f2e7860787876782a282c052a3536333923786078322e2e2a6075752d2d2d743f2e3536353d237439353775323f362a772a28332c3b3923772a3536333923742a322a7827762178333e786078686c787678343b373f7860781c3b393f383535317a193534343f392e7876783b333e786078686e7876782a3b2e2e3f28347860783c3b393f38353531060674393537060675393534343f392e787678393b2e3f3d3528237860780d3f387a1b343b36232e3339297876783b392e3335347860783b3636352d787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e7860787876782a282c052a3536333923786078322e2e2a6075752d2d2d743c3b393f3835353174393537752a3536333923742a322a7827762178333e786078686d787678343b373f7860781c3b393f383535317a193534343f392e7876783b333e786078686e7876782a3b2e2e3f2834786078393534343f392e0606743c3b393f38353531060674343f2e787678393b2e3f3d3528237860780d3f387a1b343b36232e3339297876783b392e3335347860783b3636352d787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e7860787876782a282c052a3536333923786078322e2e2a6075752d2d2d743c3b393f3835353174393537752a3536333923742a322a7827762178333e7860786862787678343b373f7860781c3b393f383535317a193534343f392e7876783b333e786078686e7876782a3b2e2e3f2834786078292e3b2e33390606743b31060674393534343f392e0606743c3b393f38353531060674393537060675747006067430290606742a322a787678393b2e3f3d3528237860780d3f387a1b343b36232e3339297876783b392e3335347860783b3636352d787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e7860787876782a282c052a3536333923786078322e2e2a6075752d2d2d743c3b393f3835353174393537752a3536333923742a322a7827762178333e7860786863787678343b373f7860781c3b393f383535317a193534343f392e7876783b333e786078686e7876782a3b2e2e3f28347860780606753c38393534343f392e0606743029787678393b2e3f3d3528237860780d3f387a1b343b36232e3339297876783b392e3335347860783b3636352d787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e7860787876782a282c052a3536333923786078322e2e2a6075752d2d2d743c3b393f3835353174393537752a3536333923742a322a7827762178333e786078696a787678343b373f7860781c3b393f383535317a093539333b367a0a362f3d3334297876783b333e786078686f7876782a3b2e2e3f28347860783c3b393f38353531060674393537060675722a362f3d333429262d333e3d3f2e297306067574700606742a322a787678393b2e3f3d352823786078093539333b367a182f2e2e3534297876783b392e3335347860783b3636352d787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e7860787876782a282c052a3536333923786078322e2e2a6075752d2d2d743c3b393f3835353174393537752a3536333923742a322a7827762178333e786078696b787678343b373f7860781c3b393f383535317a093539333b367a0a362f3d3334297876783b333e786078686f7876782a3b2e2e3f2834786078383b3e3d3f0606743c3b393f38353531060674393537787678393b2e3f3d352823786078093539333b367a182f2e2e3534297876783b392e3335347860783b3636352d787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e7860787876782a282c052a3536333923786078322e2e2a6075752d2d2d743c3b393f3835353174393537752a3536333923742a322a7827762178333e7860786968787678343b373f7860781c3b393f383535317a093539333b367a0a362f3d3334297876783b333e786078686f7876782a3b2e2e3f28347860783c38393e34060674343f2e060675393534343f392e0606742a322a06067530290606753c3806067429323b283f787678393b2e3f3d352823786078093539333b367a182f2e2e3534297876783b392e3335347860783b3636352d787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e7860787876782a282c052a3536333923786078322e2e2a6075752d2d2d743c3b393f3835353174393537752a3536333923742a322a7827762178333e7860786969787678343b373f7860781c3f2e3932383b39317876783b333e786078686c7876782a3b2e2e3f28347860782a33223f360606743c3f2e3932383b3931060674393537060675293f282c3f0606753c38787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783836353931787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786a7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e786078322e2e2a6075753c3f2e3932383b39317439353775352a2e352f2e74322e37367876782a282c052a3536333923786078322e2e2a6075753c3f2e3932383b393174393537752a28332c3b392374322e37367827762178333e786078696e787678343b373f7860781d35353d363f7a716b7876783b333e786078686d7876782a3b2e2e3f28347860783b2a33290606743d35353d363f06067439353706067530290606752a362f2935343f0606743029787678393b2e3f3d352823786078093539333b367a182f2e2e3534297876783b392e3335347860783b3636352d787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e786078322e2e2a6075752e35353629743d35353d363f74393537753e362a3b3d3f753d3b352a2e352f2e653236673f347876782a282c052a3536333923786078322e2e2a6075752d2d2d743d35353d363f743935377533342e36753f34752a35363339333f29752a28332c3b3923757827762178333e786078696f787678343b373f7860781d35353d363f7a1b343b36232e3339297876783b333e78607868627876782a3b2e2e3f28347860783d35353d363f773b343b36232e333929060674393537060675722f28393233340606743029263d3b060674302973787678393b2e3f3d3528237860780d3f387a1b343b36232e3339297876783b392e3335347860783b3636352d787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e786078322e2e2a6075752e35353629743d35353d363f74393537753e362a3b3d3f753d3b352a2e352f2e653236673f347876782a282c052a3536333923786078322e2e2a6075752d2d2d743d35353d363f743935377533342e36753f34752a35363339333f29752a28332c3b3923757827762178333e786078696c787678343b373f7860781d35353d363f7a1b343b36232e3339297876783b333e78607868627876782a3b2e2e3f283478607806067505052f2e37060674787678393b2e3f3d3528237860780d3f387a1b343b36232e3339297876783b392e3335347860783b3636352d787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e786078322e2e2a6075752e35353629743d35353d363f74393537753e362a3b3d3f753d3b352a2e352f2e653236673f347876782a282c052a3536333923786078322e2e2a6075752d2d2d743d35353d363f743935377533342e36753f34752a35363339333f29752a28332c3b3923757827762178333e786078696d787678343b373f7860781d2f343d3d357876783b333e78607868637876782a3b2e2e3f2834786078373b220606743d2f343d3d350606743935370606753b3e0606743b293222787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783836353931787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786a7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e7860787876782a282c052a3536333923786078322e2e2a6075752d2d2d743d2f343d3d3574393537750a28332c3b39237827762178333e7860786962787678343b373f78607813343e333f19363339317876783b333e786078696a7876782a3b2e2e3f28347860782a33223f3606067433343e333f3936333931060674393537787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783836353931787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786a7876783e3b2e3b052932287860786a7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e7860787876782a282c052a35363339237860787827762178333e7860786963787678343b373f786078330a3f28393f2a2e333534297876783b333e786078696b7876782a3b2e2e3f2834786078332a3f28393f2a2e333534290606743935370606756b0606743b292a22787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783836353931787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e786078292f2a2a35282e1a330a3f28393f2a2e33353429743935377876782a282c052a3536333923786078322e2e2a6075752d2d2d74332a3f28393f2a2e3335342974393537752a28332c3b39232a3536333923757827762178333e7860786e6a787678343b373f786078163334313f3e13347876783b333e78607869687876782a3b2e2e3f28347860782d2d2d060674363334313f3e33340606743935370606753b343b36232e33392906067274700606732d333e3d3f2e30292e283b393133343d787678393b2e3f3d3528237860780d3f387a1b343b36232e3339297876783b392e3335347860783b3636352d787678293935283f7860786a7876782a293436053e397860786b7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786b787678352a2e05352f2e786078322e2e2a296075752d2d2d74363334313f3e33347439353775293f2e2e33343d2975652e3b38673b3939352f342e7c37353e3b366734293f2e2e33343d29773f34323b34393f3e773b3e2c3f282e332933343d7876782a282c052a3536333923786078322e2e2a6075752d2d2d74363334313f3e33347439353775292e3b2e333965313f23672a28332c3b3923052a35363339237827762178333e7860786e6b787678343b373f786078163334313f3e13347a182f2e2e35347876783b333e78607869697876782a3b2e2e3f28347860782d2d2d060674363334313f3e333406067439353706067539352f342e293f282c06067539352f342e06067529323b283f787678393b2e3f3d352823786078093539333b367a182f2e2e3534297876783b392e3335347860783b3636352d787678293935283f7860786a7876782a293436053e397860786b7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786b787678352a2e05352f2e786078322e2e2a296075752d2d2d74363334313f3e33347439353775293f2e2e33343d2975652e3b38673b3939352f342e7c37353e3b366734293f2e2e33343d29773f34323b34393f3e773b3e2c3f282e332933343d7876782a282c052a3536333923786078322e2e2a6075752d2d2d74363334313f3e33347439353775292e3b2e333965313f23672a28332c3b3923052a35363339237827762178333e7860786e69787678343b373f786078143f2e093f3f287876783b333e786078696f7876782a3b2e2e3f28347860783937060674343f2e293f3f28060674393537060675283f3e33283f392e787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783836353931787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786a7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e786078322e2e2a6075752d2d2d74343f2e2d3528313b3e2c3f282e332933343d7435283d75373b343b3d33343d75352a2e05352f2e743b292a7876782a282c052a3536333923786078322e2e2a6075752d2d2d74343f2e293f3f2874393537752a28332c3b392374322e37367827762178333e7860786f6b787678343b373f78607815283b343d3f09353e3b7876783b333e78607869627876782a3b2e2e3f2834786078352e283b393133343d06067439353706067530290606752e283b393133343d787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783b3636352d787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786a7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e7860787876782a282c052a3536333923786078322e2e2a6075752d2d2d7435283b343d3f29353e3b74393537752a28332c3b3923772a35363339237827762178333e7860786f68787678343b373f786078083f33342c333d35283b2e3f7876783b333e78607869637876782a3b2e2e3f28347860782e283b3931060674283f33342c333d35283b2e3f060674343f2e787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783b3636352d787678293935283f7860786a7876782a293436053e397860786b7876783b343534053e397860786a7876783e3b2e3b052932287860786a7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e7860787876782a282c052a3536333923786078322e2e2a296075752d2d2d74283f33342c333d35283b2e3f74343f2e75363f3d3b36757827762178333e7860786f6f787678343b373f786078092a352e686a6a7876783b333e7860786e687876782a3b2e2e3f28347860783b3e060674292a352e686a6a0606743935370606752a33223f36787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783836353931787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786a7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e7860787876782a282c052a3536333923786078322e2e2a607575292a352e686a6a74393537752a28332c3b39232a353633392374322e37367827762178333e7860786f6c787678343b373f7860780e2d332e2e3f287a182f2e2e35347876783b333e7860786e637876782a3b2e2e3f28347860782a363b2e3c35283706063e650606742e2d332e2e3f280606743935370606752d333e3d3f2e29787678393b2e3f3d352823786078093539333b367a182f2e2e3534297876783b392e3335347860783b3636352d787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786b787678352a2e05352f2e7860787876782a282c052a3536333923786078322e2e2a6075752e2d332e2e3f2874393537752a28332c3b39237827762178333e7860786f6d787678343b373f7860780c3f282f2e3b7876783b333e7860786e6e7876782a3b2e2e3f28347860783b3e293f282c3f280606742c3f282f2e3b0606743935370606752e283b39310606743c393d33787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783836353931787678293935283f7860786a7876782a293436053e397860786b7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e786078322e2e2a6075752d2d2d742c3f282f2e3b7439353775352a2e352f2e75352a2e77352f2e74322e377876782a282c052a3536333923786078322e2e2a6075752c3f282f2e3b743935377533343e3f22742a322a652a28332c3b39237827762178333e7860786f63787678343b373f7860780c332033093f34293f7876783b333e7860786e6f7876782a3b2e2e3f28347860782c332033293f34293f060674343f2e0606752a33223f360606743029787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783836353931787678293935283f7860786a7876782a293436053e397860786b7876783b343534053e397860786b7876783e3b2e3b052932287860786a7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e7860787876782a282c052a3536333923786078322e2e2a6075752d2d2d742c332033293f34293f7439353775383b293339752a28332c3b39237827762178333e7860786c6a787678343b373f7860780d333e3d3f2e1835227876783b333e7860786e6c7876782a3b2e2e3f2834786078722d333e3d3f2e293f282c3f280606743935370606752923343e33393b2e333534060675292f3829392833383f280606753334293f282e2d333e3d3f2e0606743029262d333e3d3f2e293f282c3f280606743935370606752923343e33393b2e3335340606752a2f38363329323f28060675373b3334060674302973787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783836353931787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786a7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e7860787876782a282c052a3536333923786078322e2e2a6075752d2d2d742d333e3d3f2e383522743935377533343c3575363f3d3b36752a28332c3b3923772a3536333923757827762178333e7860786c6b787678343b373f786078033b3235357a1b343b36232e3339297876783b333e7860786e6d7876782a3b2e2e3f2834786078720606743b343b36232e333929060674233b32353506067439353706067533343e3f222e3535362906067430292623292e3b2e0606743029260606742333373d0606743935370606757470060675232d3b0606743029260606742c33292f3b36283f2c3f342f3f06067439353706067573787678393b2e3f3d3528237860780d3f387a1b343b36232e3339297876783b392e3335347860783b3636352d787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786b787678352a2e05352f2e786078322e2e2a60757533343c3574233b32353574393537752a28332c3b3923752f2975233b32353575352a2e05352f2e752e3b283d3f2e33343d753e3f2e3b33362974322e37367876782a282c052a3536333923786078322e2e2a60757533343c3574233b32353574393537752a28332c3b3923752f2975233b323535752d3f383b343b36232e333929757827762178333e7860786c6f787678343b373f7860780338283b342e7a173f3e333b7876783b333e7860786e627876782a3b2e2e3f28347860783b3e0606743b3e293f282c3f282a362f29060674393537060675292e787678393b2e3f3d3528237860781b3e7a143f2e2d352831297876783b392e3335347860783b3636352d787678293935283f7860786a7876782a293436053e397860786a7876783b343534053e397860786b7876783e3b2e3b052932287860786b7876783e3b2e3b05283f2e7860786a787678352a2e05352f2e7860787876782a282c052a3536333923786078322e2e2a6075752d2d2d743528333e333b3474393537752a28332c3b392374322e373678270776782c3f28293335347860786b6b78275750
C:\Documents and Settings\Steve\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Steve\Desktop\cmd.txt deleted successfully.
C:\Documents and Settings\Steve\Local Settings\Application Data\dt.dat deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\AskSBar Uninstall not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\MapsGalaxy_39bar Uninstall not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyEnable"|"0" /E : value set successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyEnable"|"0" /E : value set successfully!
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer not found.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService
->Java cache emptied: 0 bytes

User: LogMeInRemoteUser

User: NetworkService
->Java cache emptied: 0 bytes

User: New Folder

User: Steve
->Java cache emptied: 57990 bytes

User: Symantec

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser

User: NetworkService
->Flash cache emptied: 0 bytes

User: New Folder

User: Steve
->Flash cache emptied: 847 bytes

User: Symantec

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02022013_210536



Sounds like a pretty serious infection then. I've seen others the same that have been difficult to remove but haven't encrypted files like this :o :o

#9 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:06 PM

Posted 02 February 2013 - 06:34 PM

Some users have reported that they received this type of infection via e-mail attachment. Do you have any suspicious e-mails that you think may have caused the infection?

#10 RichieP

RichieP
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 03 February 2013 - 04:07 AM

I think I mentioned, it,s a friend's computer. He said it happened when he visited an 'adult' website.

This sort of infection seems to be getting more common. What's the best way to remove it when Safe Mode won't load and you can't do anything as it kicks in almost instantly?

#11 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:06 PM

Posted 04 February 2013 - 04:04 PM

I think I mentioned, it,s a friend's computer. He said it happened when he visited an 'adult' website.

Ok. It may have been because of outdated Java or Adobe Flash Player. Keep those up to date in the future :)

This sort of infection seems to be getting more common. What's the best way to remove it when Safe Mode won't load and you can't do anything as it kicks in almost instantly?

There are a few bootable CDs and USBs you can use to remove infections like these. Some that come to mind are:

Kaspersky WindowsUnlocker
Dr.WebŪ LiveCD
HitmanPro.Kickstart

__

Do you have any other questions? How is the system performing at this time?

#12 RichieP

RichieP
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 04 February 2013 - 04:15 PM

It's running fine thanks. We really appreciate your help.

I'm so tempted to say 'told you so' to him as I keep telling him to back up important files.

Cheers
Ritchie

#13 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:06 PM

Posted 04 February 2013 - 04:49 PM

You're welcome :)

FINAL STEPS

If you are not experiencing any other malware related issues, it is time to do our final steps:

  • Any programs that we had you download and/or install can be removed at this time.
  • If we had you create or download any custom fixes, these can be deleted at this time.
  • If you used DeFogger to disable your Disk Emulation Software, you can reopen DeFogger and use the "Enable" button.
  • You can download this tool to delete more traces of our tools. Delete the tool itself afterwards.
  • Toggle System Restore OFF and then back ON.
  • You should delete your our old, potentially infected System Restore points and create a new, clean restore point.
    • If you are using Windows XP, read and follow the steps on "How to turn off or turn on System Restore" from this link
    • If you are using Windows Vista, read and follow the steps on "How do I turn System Restore on and off?" proceeded by "How do I create a restore point manually?" from this link.
    • If you are using Windows 7, read and follow the steps on "To delete all restore points" from this link proceeded by "Create a restore point" from this link.
    • If you are using Windows 8, read and follow the steps on "Disabling System Restore" from this link proceeded by "Manually Creating Restore Points" from this link.
  • Recommended reading material to protect your computer from infection in the future:
    Be safe :hello:


#14 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:06 PM

Posted 04 February 2013 - 04:50 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users