Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pop-ups, redirect, virus? (Antimalware doctor)

Started by sue dinym , Aug 24 2010 07:20 PM

  • This topic is locked This topic is locked

#1
sue dinym
Posted 24 August 2010 - 07:20 PM

sue dinym

    Member

  • Member
  • PipPip
  • 67 posts
hello geeks!

thanks for all you do for we who have parents that revere us as computer-savvy, but who don't know anything more technical than how to paste email addresses into evite.

my computer's having troubles. it started a few days ago after i loaded the update for Azureus Vuze and it installed something called "WeFi" on my computer. don't know if it came from there, or something that found its way to my laptop that way, but i've had troubles with pop-ups (especially Anti-Malware Doctor for awhile), redirects (sometimes -- not always -- when i click on a link in a google search result, it points me to a totally different page), and frozen screens.

i found Malwarebytes' Anti-Malware in a search for ways to uninstall "Anti-Malware Doctor" - and that worked mostly, but didn't remove the slot in the start menu for Anti-Malware Doctor. i right-clicked on that slot and deleted it myself, don't know if it matters. now i get pop-ups that say stuff about other infections, but it's not Anti-Malware Doctor anymore, i don't think.

...the main thing is that the computer seems to be having a lot of trouble just running programs cleanly. it seems like there's a lot of effort involved just to get the internet up and going -- and often programs become unresponsive and crash, and that's not normal for this laptop.

i've run the various scans from the malware cleaning guide and the logs are pasted below. i've also uninstalled Vuze if that matters.

okay, the logs (there's six of them)...


thanks so much!

-- sue


*********************************************************************
Anti-Malware Log from four days ago (when i thought my only problem was Anti-Malware Doctor)

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4453

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

8/20/2010 1:23:55 PM
mbam-log-2010-08-20 (13-23-55).txt

Scan type: Full scan (C:\|)
Objects scanned: 229193
Time elapsed: 2 hour(s), 15 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Documents and Settings\Meddle\Local Settings\Temp\2C0.tmp (Rootkit.Dropper) -> Delete on reboot.
C:\Documents and Settings\Meddle\Local Settings\Temp\2C1.tmp (Rootkit.Dropper) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\seneka (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\seneka (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\newsecureapp70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Meddle\Local Settings\Temp\2C0.tmp (Rootkit.Dropper) -> Delete on reboot.
C:\Documents and Settings\Meddle\Local Settings\Temp\2C1.tmp (Rootkit.Dropper) -> Delete on reboot.
C:\Documents and Settings\Meddle\Application Data\E3E4BFBCBB7C6E08B047DC0A8092A933\newsecureapp70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Meddle\Local Settings\Temp\2C2.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Meddle\Local Settings\Temporary Internet Files\Content.IE5\W5Q74TU7\newsecureapp70700[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Meddle\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Meddle\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Meddle\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Meddle\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Meddle\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Meddle\Templates\memory.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

*****************************************************
Anti-Malware Log from today:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4453

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

8/24/2010 5:35:43 PM
mbam-log-2010-08-24 (17-35-43).txt

Scan type: Quick scan
Objects scanned: 139222
Time elapsed: 9 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

************************************************
GMER log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-24 16:55:14
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Meddle\LOCALS~1\Temp\uwldqpob.sys


---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\explorer.exe[1188] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00A2000A
.text C:\WINDOWS\explorer.exe[1188] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 00B0000A
.text C:\WINDOWS\explorer.exe[1188] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 00A1000C
.text C:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 007F000A
.text C:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 0080000A
.text C:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 007E000C
.text C:\WINDOWS\System32\svchost.exe[1316] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00D7000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs Tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip bckd.sys
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver/Trend Micro Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp bckd.sys
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp bckd.sys
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp bckd.sys
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver/Trend Micro Inc.)

Device \FileSystem\Fastfat \Fat 977B3D20

AttachedDevice \FileSystem\Fastfat \Fat Tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

***************************************************
OTL log

OTL logfile created on: 8/24/2010 5:15:00 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Meddle\Desktop\fight club\g2g
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 596.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49.80 Gb Total Space | 17.08 Gb Free Space | 34.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232.88 Gb Total Space | 26.86 Gb Free Space | 11.53% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CASCADE
Current User Name: Meddle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/24 17:14:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Meddle\Desktop\fight club\g2g\OTL.exe
PRC - [2009/07/13 23:18:12 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/01/13 16:39:08 | 001,078,560 | ---- | M] () -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/04 20:54:44 | 000,880,722 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exe
PRC - [2006/06/13 10:09:44 | 000,052,736 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2006/04/11 19:39:22 | 000,176,201 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
PRC - [2006/04/06 12:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2005/11/16 19:35:16 | 000,397,312 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/08/30 14:36:28 | 000,262,215 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exe
PRC - [2005/08/30 14:36:26 | 000,585,792 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 12\TmPfw.exe
PRC - [2005/08/30 14:36:26 | 000,290,889 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe
PRC - [2005/08/30 14:36:20 | 000,823,362 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
PRC - [2003/10/29 00:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/05/08 12:00:58 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
PRC - [2003/04/08 14:42:28 | 000,135,168 | ---- | M] () -- C:\Program Files\Belkin\F1U201.401\usbshare.exe
PRC - [2000/06/29 01:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\WINDOWS\system32\Crypserv.exe


========== Modules (SafeList) ==========

MOD - [2010/08/24 17:14:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Meddle\Desktop\fight club\g2g\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/12/13 21:39:58 | 000,073,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hccutils.dll
MOD - [2003/05/08 12:00:46 | 000,159,744 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\OpHookSE2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\Iasv32.dll -- (Ias)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\6to4v32.dll -- (6to4)
SRV - [2009/07/13 23:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/01/13 16:39:08 | 001,078,560 | ---- | M] () [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV - [2008/08/29 10:01:22 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/09/04 20:54:44 | 000,880,722 | ---- | M] (Trend Micro Incorporated.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exe -- (PcCtlCom)
SRV - [2006/06/13 10:09:44 | 000,052,736 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2006/04/06 12:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/08/30 14:36:28 | 000,262,215 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exe -- (tmproxy)
SRV - [2005/08/30 14:36:26 | 000,585,792 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 12\TmPfw.exe -- (TmPfw)
SRV - [2005/08/30 14:36:26 | 000,290,889 | ---- | M] (Trend Micro Incorporated.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe -- (Tmntsrv)
SRV - [2000/06/29 01:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2009/01/13 16:39:06 | 000,072,992 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bckd.sys -- (bckd)
DRV - [2008/11/26 18:42:42 | 000,205,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (Tmfilter)
DRV - [2008/11/26 18:42:40 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (Tmpreflt)
DRV - [2008/11/26 18:39:56 | 001,195,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\VsapiNT.sys -- (Vsapint)
DRV - [2008/04/13 11:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 11:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/19 12:16:06 | 000,053,888 | ---- | M] (Echo Digital Audio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\echo1394.sys -- (echo1394)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/06/13 10:09:42 | 000,011,376 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS -- (CdaC15BA)
DRV - [2005/11/29 16:36:56 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/11/16 19:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/02 17:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/10/14 13:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 13:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 13:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/30 14:36:30 | 001,884,585 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\tm_cfw.sys -- (tm_cfw)
DRV - [2005/08/30 14:36:30 | 000,038,528 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\tmtdi.sys -- (tmtdi)
DRV - [2005/08/12 15:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 14:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/22 01:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 01:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 01:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/05 23:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/05 23:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/05 23:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/05 23:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/05 23:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/05 23:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/05 23:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/05 23:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/05 23:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 01:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 00:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/08/03 20:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 09:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 09:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/02/13 14:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 12:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2000/02/03 12:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://swift.riseup...rc/webmail.php"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/12 13:05:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/04 11:32:49 | 000,000,000 | ---D | M]

[2008/07/09 16:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Mozilla\Extensions
[2010/08/24 12:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Mozilla\Firefox\Profiles\xjcdtd2o.default\extensions
[2008/09/22 12:27:52 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Meddle\Application Data\Mozilla\Firefox\Profiles\xjcdtd2o.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2008/06/20 11:12:02 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Meddle\Application Data\Mozilla\Firefox\Profiles\xjcdtd2o.default\searchplugins\imdb.xml
[2008/11/12 18:00:10 | 000,000,586 | ---- | M] () -- C:\Documents and Settings\Meddle\Application Data\Mozilla\Firefox\Profiles\xjcdtd2o.default\searchplugins\knowmoreorg-english.xml
[2008/05/28 17:17:56 | 000,000,958 | ---- | M] () -- C:\Documents and Settings\Meddle\Application Data\Mozilla\Firefox\Profiles\xjcdtd2o.default\searchplugins\scroogle-scraper.xml
[2008/06/20 11:12:02 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Meddle\Application Data\Mozilla\Firefox\Profiles\xjcdtd2o.default\searchplugins\webster.xml
[2008/06/20 11:12:02 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Meddle\Application Data\Mozilla\Firefox\Profiles\xjcdtd2o.default\searchplugins\wikipedia-en.xml
[2010/08/23 22:08:23 | 000,002,087 | ---- | M] () -- C:\Documents and Settings\Meddle\Application Data\Mozilla\Firefox\Profiles\xjcdtd2o.default\searchplugins\youtube---videos.xml
[2010/08/24 12:48:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/09/22 12:50:56 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/04/22 20:10:59 | 000,163,840 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2004/08/10 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe (Trend Micro Incorporated.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [OE_OEM] C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\F1U201.401.lnk = C:\Program Files\Belkin\F1U201.401\usbshare.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1148501628630 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Meddle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Meddle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{eef8472f-dbef-11dc-bb26-0015c5153574}\Shell - "" = AutoRun
O33 - MountPoints2\{eef8472f-dbef-11dc-bb26-0015c5153574}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eef8472f-dbef-11dc-bb26-0015c5153574}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - C:\WINDOWS\System32\6to4v32.dll File not found
NetSvcs: Ias - C:\WINDOWS\System32\Iasv32.dll File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.xvid - xvidvfw.dll File not found
Drivers32: VIDC.YV12 - xvidvfw.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465003472846848)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/24 14:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/08/24 14:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/08/24 14:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/08/23 22:34:06 | 000,327,472 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\Meddle\Desktop\utorrent.exe
[2010/08/23 22:22:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/23 22:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/21 17:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meddle\My Documents\tlc farm
[2010/08/20 10:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meddle\Desktop\fight club
[2010/08/20 09:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/20 09:17:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/20 09:05:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meddle\Local Settings\Application Data\Windows Server
[2010/08/20 09:05:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meddle\Application Data\E3E4BFBCBB7C6E08B047DC0A8092A933
[2010/08/20 08:37:19 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/08/20 08:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meddle\Local Settings\Application Data\Conduit
[2010/08/19 09:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meddle\My Documents\chrysalis
[2010/06/04 15:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meddle\My Documents\finances
[2010/05/29 17:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meddle\My Documents\health stuff

========== Files - Modified Within 90 Days ==========

[2010/08/24 17:15:17 | 013,107,200 | ---- | M] () -- C:\Documents and Settings\Meddle\NTUSER.DAT
[2010/08/24 17:02:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/24 17:02:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/24 17:01:57 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/24 17:01:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/24 16:49:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/24 16:40:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/23 22:52:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Meddle\ntuser.ini
[2010/08/23 22:34:08 | 000,327,472 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Meddle\Desktop\utorrent.exe
[2010/08/23 21:51:10 | 000,013,340 | ---- | M] () -- C:\Documents and Settings\Meddle\Desktop\social ecology notes.odt
[2010/08/23 10:55:38 | 000,002,565 | ---- | M] () -- C:\Documents and Settings\Meddle\Application Data\Microsoft\Internet Explorer\Quick Launch\OpenOffice.org Writer.lnk
[2010/08/22 09:11:47 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/16 17:16:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/10 10:06:34 | 000,000,587 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/10 10:06:34 | 000,000,257 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/09 12:56:06 | 000,087,040 | ---- | M] () -- C:\Documents and Settings\Meddle\Desktop\fawc emails.xls
[2010/08/04 17:37:03 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\Meddle\Desktop\notes
[2010/08/04 12:14:30 | 000,000,418 | ---- | M] () -- C:\Documents and Settings\Meddle\Desktop\Shortcut to rka laptop backup.lnk
[2010/08/02 17:52:07 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Meddle\Desktop\compensation.models.xls
[2010/07/29 19:31:46 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Meddle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/20 04:56:10 | 000,010,276 | ---- | M] () -- C:\Documents and Settings\Meddle\Desktop\sophie questions.odt
[2010/06/20 16:32:23 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Meddle\My Documents\medical negotions - collection agency final.doc
[2010/06/20 16:17:43 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Meddle\My Documents\medical negotions - collection agency.doc
[2010/06/15 14:03:43 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\Meddle\Desktop\Shortcut to Network Connections.lnk
[2010/06/06 10:55:03 | 000,115,140 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/05/29 10:23:31 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

========== Files Created - No Company Name ==========

[2010/08/23 12:43:31 | 000,013,340 | ---- | C] () -- C:\Documents and Settings\Meddle\Desktop\social ecology notes.odt
[2010/08/09 12:56:03 | 000,087,040 | ---- | C] () -- C:\Documents and Settings\Meddle\Desktop\fawc emails.xls
[2010/08/04 17:37:02 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\Meddle\Desktop\notes
[2010/08/04 12:14:32 | 000,000,418 | ---- | C] () -- C:\Documents and Settings\Meddle\Desktop\Shortcut to rka laptop backup.lnk
[2010/08/02 17:52:03 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Meddle\Desktop\compensation.models.xls
[2010/07/20 04:56:06 | 000,010,276 | ---- | C] () -- C:\Documents and Settings\Meddle\Desktop\sophie questions.odt
[2010/06/20 16:32:22 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Meddle\My Documents\medical negotions - collection agency final.doc
[2010/06/20 16:17:41 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Meddle\My Documents\medical negotions - collection agency.doc
[2010/06/15 14:03:43 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\Meddle\Desktop\Shortcut to Network Connections.lnk
[2010/05/29 10:23:31 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/01/13 16:39:06 | 000,072,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\bckd.sys
[2008/07/10 14:06:33 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2008/04/07 11:50:10 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/12/05 20:27:50 | 000,151,040 | ---- | C] () -- C:\WINDOWS\System32\wimadll.dll
[2007/09/17 14:32:52 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/01/09 13:25:54 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/13 10:26:31 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Meddle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/26 12:50:43 | 000,000,067 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2006/06/13 10:53:00 | 000,115,140 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/06/13 10:17:44 | 000,000,056 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2006/06/13 10:17:41 | 000,024,608 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2006/06/13 10:17:41 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2006/06/13 10:17:38 | 000,097,802 | ---- | C] () -- C:\WINDOWS\System32\Crp32dll.dll
[2006/06/13 10:09:44 | 000,201,216 | ---- | C] () -- C:\WINDOWS\CDAC14BA.DLL
[2006/06/13 10:09:43 | 000,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\CdaC15BA.SYS
[2006/06/08 12:51:51 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\ngprtserv.dll
[2006/06/07 15:38:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack16.INI
[2006/06/02 16:04:16 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\BC237DCA75.sys
[2006/05/26 10:34:21 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Meddle\Application Data\PFP120JPR.{PB
[2006/05/26 10:34:21 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Meddle\Application Data\PFP120JCM.{PB
[2006/05/24 17:26:10 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2006/05/24 15:26:38 | 000,006,686 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/05/24 15:26:38 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\75CA7D23BC.sys
[2006/05/24 14:30:11 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/05/24 13:07:03 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Meddle\Local Settings\Application Data\fusioncache.dat
[2006/05/21 14:12:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/21 14:00:32 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/21 13:55:19 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/05/21 13:26:56 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/05/21 13:26:44 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/05/21 13:26:40 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/05/21 13:26:34 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 02:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 12:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/09 15:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/10/15 15:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== LOP Check ==========

[2006/05/24 15:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2008/04/04 14:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/02/27 11:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon
[2008/04/07 11:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/04/07 11:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2008/09/12 10:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tracktion 2
[2006/05/21 14:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/04 11:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/01/21 14:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Amazon
[2006/05/24 15:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Autodesk
[2010/08/20 15:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Azureus
[2009/07/15 15:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Canneverbe_Limited
[2008/04/07 13:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Canon
[2010/08/20 09:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\E3E4BFBCBB7C6E08B047DC0A8092A933
[2008/06/06 11:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Echo AudioFire Console
[2008/07/18 07:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\iPodder
[2006/06/13 10:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Mathsoft
[2008/04/07 11:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\ScanSoft

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/08/16 02:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/05/24 13:06:38 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2005/08/16 02:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/05/21 13:33:54 | 000,006,257 | RH-- | M] () -- C:\dell.sdr
[2010/08/24 17:01:57 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2006/05/24 16:38:57 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2005/08/16 02:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2006/05/21 14:00:26 | 000,000,828 | -H-- | M] () -- C:\IPH.PH
[2005/08/16 02:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/10 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/15 10:38:31 | 000,250,048 | ---- | M] () -- C:\ntldr
[2010/08/24 17:01:55 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/08/20 10:26:11 | 000,000,382 | ---- | M] () -- C:\rkill.log
[2006/06/08 12:58:11 | 000,000,122 | ---- | M] () -- C:\ss_nb.dat
[2006/06/08 12:58:12 | 000,000,004 | ---- | M] () -- C:\ss_udp.dat
[2006/06/08 12:58:12 | 000,000,004 | ---- | M] () -- C:\ss_udp2.dat

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/08/16 02:42:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/04/18 23:15:22 | 000,010,240 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNWFDPA3.DLL

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/08/16 02:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 02:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 02:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2005/06/09 09:33:42 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\3 Months Free NetZero.exe
[2008/09/15 10:48:42 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/09/15 10:57:46 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Meddle\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/08/16 02:50:28 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Meddle\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/08/23 22:34:08 | 000,327,472 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Meddle\Desktop\utorrent.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2009/03/26 12:11:02 | 000,307,704 | ---- | M] (Mozilla Corporation) MD5=7E4B0BB3B1E87D2B0F07DFACBD5B3F0B -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2008/04/13 17:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\Program Files\Internet Explorer\iexplore.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2008-12-16 03:48:44
< End of report >


****************************************************
OTL log extras

OTL Extras logfile created on: 8/24/2010 5:15:00 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Meddle\Desktop\fight club\g2g
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 596.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49.80 Gb Total Space | 17.08 Gb Free Space | 34.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232.88 Gb Total Space | 26.86 Gb Free Space | 11.53% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CASCADE
Current User Name: Meddle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus / Vuze -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05410000-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Encyclopedia Deluxe 2005
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{23B72D50-1C7E-491C-8086-9E060051D316}" = Manual CanoScan LiDE 60
"{24C242C0-28C0-43C8-A0A1-FE181F3B3319}" = OpenOffice.org 2.0
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{408D5763-DC74-4B68-B75B-1258EE039999}" = RISA-2D
"{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}" = TBS WMP Plug-in
"{5783F2D7-0209-0409-0000-0060B0CE6BBA}" = AutoCAD LT 2004
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{65F75F96-C727-45F7-A657-135BE84ADE30}" = iPF700 Printer Driver Extra Kit
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7698EDA5-A90F-4205-99CB-8FF6F9048ED9}" = Trend Micro PC-cillin Internet Security 12
"{78183C31-521C-438E-98C3-B646B0037A7F}" = Mathcad 12
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8E63EAE6-34CB-4AC4-8838-C2BFB4C30BB2}" = TJ-Beam
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A3752427-9AAA-4B1C-B428-01723E0E9FFA}" = 2x1/4x1 USB Peripheral Switch
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.7
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = Canon CanoScan Toolbox 4.9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"AudibleManager" = AudibleManager
"AudioFire Windows Drivers" = AudioFire Windows Drivers
"Autodesk Express Viewer" = Autodesk Express Viewer
"AviSynth" = AviSynth 2.5
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Blue Coat K9 Web Protection" = Blue Coat® K9 Web Protection 4.0.288
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CdaC13Ba" = SafeCast Shared Components
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"CutePDF Writer Installation" = CutePDF Writer 2.6
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ERUNT_is1" = ERUNT 1.1j
"Handbrake" = Handbrake 0.9.2
"InstallShield_{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}" = TBS WMP Plug-in
"Juice" = Juice 2.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NETGEAR Print Server Software" = NETGEAR Print Server Software
"RealPlayer 6.0" = RealPlayer
"SC DVD Copier_is1" = SC DVD Copier 3.3.0.0
"Shockwave" = Shockwave
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"VobSub" = VobSub v2.23 (Remove Only)
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WildTangent CDA" = WildTangent Web Driver
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/24/2010 12:58:56 AM | Computer Name = CASCADE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 8/24/2010 11:40:07 AM | Computer Name = CASCADE | Source = Google Update | ID = 20
Description =

Error - 8/24/2010 12:40:07 PM | Computer Name = CASCADE | Source = Google Update | ID = 20
Description =

Error - 8/24/2010 1:40:06 PM | Computer Name = CASCADE | Source = Google Update | ID = 20
Description =

Error - 8/24/2010 2:40:06 PM | Computer Name = CASCADE | Source = Google Update | ID = 20
Description =

Error - 8/24/2010 6:15:57 PM | Computer Name = CASCADE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/24/2010 6:15:57 PM | Computer Name = CASCADE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/24/2010 6:16:04 PM | Computer Name = CASCADE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 8/24/2010 6:16:05 PM | Computer Name = CASCADE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/24/2010 6:16:05 PM | Computer Name = CASCADE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 8/24/2010 6:33:06 PM | Computer Name = CASCADE | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 8/24/2010 6:33:06 PM | Computer Name = CASCADE | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 8/24/2010 6:34:00 PM | Computer Name = CASCADE | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 8/24/2010 6:34:00 PM | Computer Name = CASCADE | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 8/24/2010 6:34:46 PM | Computer Name = CASCADE | Source = Service Control Manager | ID = 7022
Description = The Trend Micro Real-time Service service hung on starting.

Error - 8/24/2010 6:34:58 PM | Computer Name = CASCADE | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 8/24/2010 8:02:25 PM | Computer Name = CASCADE | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 8/24/2010 8:02:25 PM | Computer Name = CASCADE | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 8/24/2010 8:03:10 PM | Computer Name = CASCADE | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 8/24/2010 8:03:10 PM | Computer Name = CASCADE | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126


< End of report >

************************************************
TDS Killer log

2010/08/24 17:47:33.0406 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/24 17:47:33.0406 ================================================================================
2010/08/24 17:47:33.0406 SystemInfo:
2010/08/24 17:47:33.0406
2010/08/24 17:47:33.0406 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/24 17:47:33.0406 Product type: Workstation
2010/08/24 17:47:33.0406 ComputerName: CASCADE
2010/08/24 17:47:33.0406 UserName: Meddle
2010/08/24 17:47:33.0406 Windows directory: C:\WINDOWS
2010/08/24 17:47:33.0406 System windows directory: C:\WINDOWS
2010/08/24 17:47:33.0406 Processor architecture: Intel x86
2010/08/24 17:47:33.0406 Number of processors: 2
2010/08/24 17:47:33.0406 Page size: 0x1000
2010/08/24 17:47:33.0406 Boot type: Normal boot
2010/08/24 17:47:33.0406 ================================================================================
2010/08/24 17:47:33.0734 Initialize success
2010/08/24 17:47:38.0484 ================================================================================
2010/08/24 17:47:38.0484 Scan started
2010/08/24 17:47:38.0484 Mode: Manual;
2010/08/24 17:47:38.0484 ================================================================================
2010/08/24 17:47:41.0828 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2010/08/24 17:47:42.0109 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/08/24 17:47:42.0203 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/24 17:47:42.0281 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/24 17:47:42.0328 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/08/24 17:47:42.0390 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/24 17:47:42.0484 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/24 17:47:42.0531 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/08/24 17:47:42.0578 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/08/24 17:47:42.0625 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/08/24 17:47:42.0781 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/08/24 17:47:42.0843 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/08/24 17:47:42.0906 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/08/24 17:47:42.0984 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/08/24 17:47:43.0031 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/08/24 17:47:43.0109 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/08/24 17:47:43.0171 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2010/08/24 17:47:43.0250 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/24 17:47:43.0312 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/08/24 17:47:43.0437 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/08/24 17:47:43.0515 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/08/24 17:47:43.0578 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/24 17:47:43.0656 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/24 17:47:43.0703 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/24 17:47:43.0765 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/24 17:47:43.0812 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2010/08/24 17:47:43.0890 bckd (ca52f010696f4548eb486c83b9b0a2b6) C:\WINDOWS\system32\drivers\bckd.sys
2010/08/24 17:47:44.0000 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/08/24 17:47:44.0234 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/08/24 17:47:44.0312 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/24 17:47:44.0375 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/08/24 17:47:44.0421 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/24 17:47:44.0484 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/08/24 17:47:44.0546 CdaC15BA (69419792390122eefd84e598d896715b) C:\WINDOWS\system32\drivers\CdaC15BA.SYS
2010/08/24 17:47:44.0593 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/24 17:47:44.0656 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/24 17:47:44.0703 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/24 17:47:44.0781 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/08/24 17:47:44.0875 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/08/24 17:47:44.0906 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/08/24 17:47:44.0953 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/08/24 17:47:45.0000 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/08/24 17:47:45.0109 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/08/24 17:47:45.0156 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/24 17:47:45.0265 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/24 17:47:45.0484 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/24 17:47:45.0593 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/24 17:47:45.0687 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/24 17:47:45.0796 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/08/24 17:47:45.0875 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/24 17:47:45.0937 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/08/24 17:47:46.0000 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2010/08/24 17:47:46.0203 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/08/24 17:47:46.0281 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2010/08/24 17:47:46.0390 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/08/24 17:47:46.0468 echo1394 (5be111b90f5d712b6e939842d4ef5dc7) C:\WINDOWS\system32\Drivers\echo1394.sys
2010/08/24 17:47:46.0625 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/24 17:47:46.0734 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/24 17:47:46.0859 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/24 17:47:46.0937 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/24 17:47:47.0015 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/24 17:47:47.0093 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/24 17:47:47.0156 Ftdisk (aaeccb102be73f6f4b69a6e2bab79728) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/24 17:47:47.0156 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ftdisk.sys. Real md5: aaeccb102be73f6f4b69a6e2bab79728, Fake md5: 6ac26732762483366c3969c9e4d2259d
2010/08/24 17:47:47.0171 Ftdisk - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/08/24 17:47:47.0234 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/08/24 17:47:47.0312 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/24 17:47:47.0375 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/08/24 17:47:47.0453 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/24 17:47:47.0546 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/08/24 17:47:47.0656 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2010/08/24 17:47:47.0765 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/08/24 17:47:48.0062 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/24 17:47:48.0203 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/08/24 17:47:48.0265 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/08/24 17:47:48.0343 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/24 17:47:48.0468 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/08/24 17:47:48.0656 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/24 17:47:48.0734 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/08/24 17:47:48.0828 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/24 17:47:48.0921 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/24 17:47:49.0000 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/24 17:47:49.0093 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/24 17:47:49.0171 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/24 17:47:49.0250 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/24 17:47:49.0312 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/24 17:47:49.0375 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/24 17:47:49.0421 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/24 17:47:49.0562 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/24 17:47:49.0640 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/24 17:47:49.0703 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/24 17:47:49.0843 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/08/24 17:47:49.0906 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/08/24 17:47:49.0953 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/24 17:47:50.0031 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/24 17:47:50.0046 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/24 17:47:50.0109 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/24 17:47:50.0156 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/24 17:47:50.0187 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/08/24 17:47:50.0218 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/24 17:47:50.0312 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/24 17:47:50.0468 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/24 17:47:50.0546 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/24 17:47:50.0625 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/24 17:47:50.0703 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/24 17:47:50.0781 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/24 17:47:50.0828 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/24 17:47:50.0906 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/24 17:47:50.0968 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/24 17:47:51.0015 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/24 17:47:51.0078 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/24 17:47:51.0125 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/24 17:47:51.0171 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/24 17:47:51.0203 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/24 17:47:51.0328 NetworkX (199f29c6f503872167a53c4421dc14b1) C:\WINDOWS\system32\ckldrv.sys
2010/08/24 17:47:51.0359 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/24 17:47:51.0406 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/24 17:47:51.0468 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/24 17:47:51.0531 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/24 17:47:51.0671 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/08/24 17:47:51.0875 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/24 17:47:51.0968 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/24 17:47:52.0046 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/24 17:47:52.0109 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/08/24 17:47:52.0156 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/24 17:47:52.0203 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/24 17:47:52.0250 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/24 17:47:52.0296 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/24 17:47:52.0359 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/24 17:47:52.0406 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/24 17:47:52.0546 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/08/24 17:47:52.0578 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/08/24 17:47:52.0687 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/24 17:47:52.0781 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/24 17:47:52.0828 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/24 17:47:52.0890 PxHelp20 (0c8da0a8b0d227319c285e0eae65defd) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/24 17:47:52.0968 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/08/24 17:47:53.0046 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/08/24 17:47:53.0093 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/08/24 17:47:53.0171 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/08/24 17:47:53.0203 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/08/24 17:47:53.0250 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/24 17:47:53.0343 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/24 17:47:53.0453 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/24 17:47:53.0562 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/24 17:47:53.0625 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/24 17:47:53.0703 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/24 17:47:53.0765 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/24 17:47:53.0859 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/24 17:47:53.0953 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/24 17:47:54.0015 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2010/08/24 17:47:54.0078 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2010/08/24 17:47:54.0140 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2010/08/24 17:47:54.0312 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/08/24 17:47:54.0453 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/24 17:47:54.0578 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/24 17:47:54.0640 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/24 17:47:54.0671 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/24 17:47:54.0734 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/08/24 17:47:54.0828 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/08/24 17:47:54.0937 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/24 17:47:55.0015 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/24 17:47:55.0156 Srv (4f8a43adef66f135564085a9dca96a26) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/24 17:47:55.0312 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2010/08/24 17:47:55.0390 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2010/08/24 17:47:55.0515 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
2010/08/24 17:47:55.0734 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/24 17:47:55.0812 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/24 17:47:55.0906 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/08/24 17:47:56.0015 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/08/24 17:47:56.0109 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/08/24 17:47:56.0203 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/08/24 17:47:56.0328 SynTP (35d5b3632e0bcebe27b391157de05996) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/08/24 17:47:56.0406 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/24 17:47:56.0578 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/24 17:47:56.0703 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/24 17:47:56.0781 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/24 17:47:56.0828 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/24 17:47:56.0921 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2010/08/24 17:47:56.0953 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2010/08/24 17:47:57.0000 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2010/08/24 17:47:57.0015 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2010/08/24 17:47:57.0062 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2010/08/24 17:47:57.0187 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2010/08/24 17:47:57.0218 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2010/08/24 17:47:57.0250 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2010/08/24 17:47:57.0296 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2010/08/24 17:47:57.0375 Tmfilter (3d473e97ff805dab903aa66f08286c90) C:\WINDOWS\system32\drivers\TmXPFlt.sys
2010/08/24 17:47:57.0562 Tmpreflt (0c89809f1df614bd42093a446b222a32) C:\WINDOWS\system32\drivers\Tmpreflt.sys
2010/08/24 17:47:57.0656 tmtdi (309f8d84fcb94fda6629228aa3c893e5) C:\WINDOWS\System32\Drivers\tmtdi.sys
2010/08/24 17:47:57.0796 tm_cfw (6b34c260fe86e9171f8c897b552625aa) C:\WINDOWS\System32\Drivers\tm_cfw.sys
2010/08/24 17:47:58.0156 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/08/24 17:47:58.0265 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/24 17:47:58.0343 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/08/24 17:47:58.0484 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/24 17:47:58.0640 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/08/24 17:47:58.0703 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/24 17:47:58.0765 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/24 17:47:58.0812 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/24 17:47:58.0875 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/24 17:47:58.0921 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/24 17:47:59.0031 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/24 17:47:59.0078 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/24 17:47:59.0125 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/24 17:47:59.0187 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/24 17:47:59.0234 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/08/24 17:47:59.0296 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/08/24 17:47:59.0359 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/24 17:47:59.0500 Vsapint (50e1ea1dd3ea74919d7a1c5d6c9c0b56) C:\WINDOWS\system32\drivers\Vsapint.sys
2010/08/24 17:47:59.0890 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/24 17:48:00.0046 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/24 17:48:00.0171 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/08/24 17:48:00.0359 ================================================================================
2010/08/24 17:48:00.0359 Scan finished
2010/08/24 17:48:00.0359 ================================================================================
2010/08/24 17:48:00.0375 Detected object count: 1
2010/08/24 17:48:12.0750 Ftdisk (aaeccb102be73f6f4b69a6e2bab79728) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/24 17:48:12.0750 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ftdisk.sys. Real md5: aaeccb102be73f6f4b69a6e2bab79728, Fake md5: 6ac26732762483366c3969c9e4d2259d
2010/08/24 17:48:14.0671 Backup copy found, using it..
2010/08/24 17:48:14.0734 C:\WINDOWS\system32\DRIVERS\ftdisk.sys - will be cured after reboot
2010/08/24 17:48:14.0734 Rootkit.Win32.TDSS.tdl3(Ftdisk) - User select action: Cure
2010/08/24 17:48:28.0718 Deinitialize success
  • 0

Advertisements

#2
emeraldnzl
Posted 25 August 2010 - 01:01 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello sue dinym,

Please download ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#3
sue dinym
Posted 25 August 2010 - 01:45 AM

sue dinym

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
alright, thanks for getting on this for me! and i just had a balloon pop-up saying that i've got windows updates available and there's like a million things to install. is that normal? are there any MS updates i should not install? i remember having issues with service pack 3 when it came out, i think.

anyway, here is the log:

ComboFix 10-08-24.0A - Meddle 08/25/2010 0:22.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.441 [GMT -7:00]
Running from: c:\documents and settings\Meddle\Desktop\fight club\g2g\ComboFix.exe
AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Meddle\Application Data\E3E4BFBCBB7C6E08B047DC0A8092A933
c:\documents and settings\Meddle\Application Data\E3E4BFBCBB7C6E08B047DC0A8092A933\enemies-names.txt
c:\documents and settings\Meddle\Application Data\E3E4BFBCBB7C6E08B047DC0A8092A933\local.ini
c:\documents and settings\Meddle\Local Settings\Application Data\Windows Server
c:\documents and settings\Meddle\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Meddle\Local Settings\Application Data\Windows Server\server.dat
c:\documents and settings\Meddle\Local Settings\Application Data\Windows Server\uses32.dat
c:\windows\system32\senekaxetoqbiq.dat

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_IAS
-------\Service_6to4
-------\Service_Ias


((((((((((((((((((((((((( Files Created from 2010-07-25 to 2010-08-25 )))))))))))))))))))))))))))))))
.

2010-08-25 00:28 . 2010-08-25 00:28 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-08-24 21:15 . 2010-08-24 21:15 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-08-24 21:14 . 2010-08-24 21:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-08-24 05:22 . 2010-08-24 05:22 -------- d-----w- c:\program files\ERUNT
2010-08-20 15:37 . 2010-08-20 15:37 -------- d-----w- c:\program files\Conduit
2010-08-20 15:37 . 2010-08-20 15:37 -------- d-----w- c:\documents and settings\Meddle\Local Settings\Application Data\Conduit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 07:29 . 2008-09-12 17:10 -------- d-----w- c:\program files\Blue Coat K9 Web Protection
2010-08-25 07:14 . 2006-05-26 22:32 -------- d-----w- c:\documents and settings\Meddle\Application Data\OpenOffice.org2
2010-08-25 00:48 . 2001-08-17 18:52 125056 ----a-w- c:\windows\system32\drivers\ftdisk.sys
2010-08-24 05:35 . 2008-04-04 21:12 -------- d-----w- c:\program files\Azureus
2010-08-20 22:24 . 2008-04-04 21:13 -------- d-----w- c:\documents and settings\Meddle\Application Data\Azureus
2010-08-20 17:30 . 2008-12-17 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-20 15:38 . 2010-08-20 15:38 310208 ----a-w- c:\documents and settings\Meddle\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
2006-08-10 22:55 . 2006-05-24 22:26 88 --sh--r- c:\windows\system32\75CA7D23BC.sys
2006-08-04 22:08 . 2006-06-02 23:04 104 --sh--r- c:\windows\system32\BC237DCA75.sys
2006-08-10 22:55 . 2006-05-24 22:26 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-12 176201]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-17 397312]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-21 24576]
F1U201.401.lnk - c:\program files\Belkin\F1U201.401\usbshare.exe [2007-9-17 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [1/13/2009 4:39 PM 72992]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [2/7/2007 4:01 PM 1078560]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [8/30/2005 2:36 PM 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [8/30/2005 2:36 PM 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [8/30/2005 2:36 PM 585792]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [8/30/2005 2:36 PM 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [8/30/2005 2:36 PM 262215]
S2 gupdate1c9aca44d1b6cec;Google Update Service (gupdate1c9aca44d1b6cec);c:\program files\Google\Update\GoogleUpdate.exe [3/24/2009 10:16 AM 133104]
S3 echo1394;AudioFire service;c:\windows\system32\drivers\echo1394.sys [10/19/2006 12:16 PM 53888]
.
Contents of the 'Scheduled Tasks' folder

2010-08-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 17:16]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 17:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.com
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Meddle\Application Data\Mozilla\Firefox\Profiles\xjcdtd2o.default\
FF - prefs.js: browser.startup.homepage - hxxps://swift.riseup.net/sm/src/webmail.php
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
.
------- File Associations -------
.
.scr=AutoCADLTScriptFile
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-cleanswepx.exe - c:\cleanswepx.exe\cleanswepx.exe
SafeBoot-klmdb.sys
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-25 00:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\windows\System32\BCMLogon.dll
c:\windows\system32\MFC71ENU.DLL

- - - - - - - > 'explorer.exe'(2400)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\stsystra.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\windows\system32\crypserv.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2010-08-25 00:36:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-25 07:36

Pre-Run: 18,187,583,488 bytes free
Post-Run: 18,131,750,912 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 431E7EB86470B14B27E8A2E9C9EA4088
  • 0

#4
emeraldnzl
Posted 25 August 2010 - 02:20 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

i've got windows updates available and there's like a million things to install. is that normal?


Malware often prevents Windows and anti-virus program updates. When the infection is removed there are often a back log of updates to catch up on. Yes completely normal.

Turning to your question about SP3. Your logs show your computer already has SP3. In any event in answer to your question, yes SP3 is good to install, it updates a whole swathe of system files and increases your security. Initially some people had an issue with IE8 (you have version 6 on your machine) which often comes with the updates but it actually is much more secure than earlier versions and nowadays I don't hear of those problems anymore. Some people do have issues with updates for Microsoft Office 2003. You may want to avoid those if you have Office 2003 and think the updates may cause problems.

Now

Your Java is out to date. Older versions are vunerable to attack.

Please follow these steps:

  • Download from here Java Runtime Environment (JRE) Update
  • Scroll to where it says "Windows 7/Vista/2000/2003/2008 online" and download and follow the instructions.

    Reboot your computer.
    You also need to uininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.

After that

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3.

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Copy and paste that information in your next post.

So when you return please post
  • MBAM log
  • Kaspersky scan results
  • and tell me how your computer is performing now
  • 0

#5
sue dinym
Posted 25 August 2010 - 07:04 PM

sue dinym

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
okay. the computer's definitely running noticeably better. i haven't seen any pop-ups show up recently, and google appears to be behaving itself. the computer's still slower than i think of as normal, but maybe it's just getting older.

i installed the latest java update, and uninstalled all the old ones (there were like 10).

one troublesome thing - when i went to install my backlog of windows updates, a message came up saying that a whole swath of them couldn't be installed. is that maybe a sign of a lingering virus/trojan?


here's that message:

microsoft could not install the following updates:

Security Update for Windows XP Service Pack 3 (KB973540)
Update for Windows XP (KB967715)
Security Update for Windows XP (KB973904)
Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP3 (KB978695)
Windows Malicious Software Removal Tool - August 2010 (KB890830)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB978601)
Update for Windows XP (KB981793)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB972270)
Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP 3 (KB954155)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB978037)
Internet Explorer 8 for Windows XP
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB974318)
Update for Windows XP (KB955759)
Security Update for Windows XP (KB2115168)
Microsoft .NET Framework 1.1 SP1 Security Update for Windows 2000 and Windows XP (KB979906)
Security Update for Windows XP (KB980232)
Cumulative Security Update for ActiveX Killbits for Windows XP (KB980195)
Microsoft .NET Framework 1.0 SP3 Security Update for Windows XP Tablet PC and Media Center (KB979904)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB959426)
Cumulative Security Update for Internet Explorer 6 for Windows XP (KB2183461)
Security Update for Windows XP (KB980218)

...and here's the malwarebytes log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4453

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

8/25/2010 12:45:05 PM
mbam-log-2010-08-25 (12-45-05).txt

Scan type: Quick scan
Objects scanned: 139142
Time elapsed: 9 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


...and here's the kaspersky report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, August 25, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, August 25, 2010 16:59:29
Records in database: 4142741
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 130591
Threats found: 6
Infected objects found: 12
Suspicious objects found: 0
Scan duration: 03:29:27


File name / Threat / Threats count
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\37\2086c6a5-187795bf Infected: Trojan-Downloader.Java.Agent.fx 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\37\2086c6a5-187795bf Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\37\2086c6a5-187795bf Infected: Trojan-Downloader.Java.Agent.fy 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\43.tmp Infected: Packed.Win32.Krap.ao 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\59.tmp Infected: Backdoor.Win32.Agent.ayrq 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\88.tmp Infected: Packed.Win32.Krap.ao 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\8E.tmp Infected: Packed.Win32.Krap.ao 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\90.tmp Infected: Packed.Win32.Krap.ao 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\92.tmp Infected: Packed.Win32.Krap.ao 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\96.tmp Infected: Packed.Win32.Krap.ao 1
C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir Infected: Trojan.Win32.Patched.kl 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir Infected: Trojan.Win32.Patched.kl 1

Selected area has been scanned.
  • 0

#6
sue dinym
Posted 25 August 2010 - 07:34 PM

sue dinym

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
...one other thing i just noticed.

i have a bunch of music on an external hard drive that's connected to my laptop. i just opened it up after rebooting and saw two new folders in there with names like: c6a2f89818d94e8308546b42c1e13e and they both purport to be authored by microsoft corporation and be involved with the .net framework.

they look like they were created today, basically right after my computer re-started.


should i delete them? no microsoft product has ever wound up on my external hard drive before...


thanks!

Edited by sue dinym, 25 August 2010 - 07:35 PM.

  • 0

#7
emeraldnzl
Posted 25 August 2010 - 07:36 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

when i went to install my backlog of windows updates, a message came up saying that a whole swath of them couldn't be installed.


What exactly did the message say? For example if it said, "the Windows Installer Service could not be accessed" then go to the link below for instructions on how to fix that:

Go to how to reregister/reinstall Windows Installer.

Tell me when you come back if the foregoing isn't the problem.

Now

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\37\2086c6a5-187795bf
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\37\2086c6a5-187795bf
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\37\2086c6a5-187795bf

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.

Edited by emeraldnzl, 25 August 2010 - 07:37 PM.
typo

  • 0

#8
emeraldnzl
Posted 25 August 2010 - 07:42 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Oh I see we cross posted. :)

.net framework is part of microsoft but then things can masquerade as microsoft when they are not. Have you scanned with your anti-virus program i.e. right click and scan the folders?

Secondly, try this:

Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

  • 0

#9
sue dinym
Posted 26 August 2010 - 09:52 AM

sue dinym

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

What exactly did the message say? For example if it said, "the Windows Installer Service could not be accessed" then go to the link below for instructions on how to fix that:

Go to how to reregister/reinstall Windows Installer.

Tell me when you come back if the foregoing isn't the problem.


it just says, "some of the updates could not be installed," and then it lists the uninstalled updates. it then gives me a notice that i have updates to download and install, and then wants to try to install the updates again.

...just wanted to quick post that, and i'm off to do the other things you wrote about right now.

cheers!
  • 0

#10
sue dinym
Posted 26 August 2010 - 10:27 AM

sue dinym

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
an update on the external hard-drive is that one of the folders with the weird names has disappeared. don't know if that's meaningful. also, i did the flash_disinfector thing. it only took like 10 seconds and then popped up a message that said, "done!" is that normative behavior for that program? if so, i guess we're coolio there.


and here's the combofix log:

ComboFix 10-08-25.01 - Meddle 08/26/2010 8:59.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.476 [GMT -7:00]
Running from: c:\documents and settings\Meddle\Desktop\fight club\g2g\ComboFix.exe
Command switches used :: c:\documents and settings\Meddle\Desktop\fight club\g2g\CFScript.txt
AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

FILE ::
"c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\37\2086c6a5-187795bf"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\37\2086c6a5-187795bf

.
((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 )))))))))))))))))))))))))))))))
.

2010-08-26 15:36 . 2010-08-26 15:36 -------- d-----w- c:\windows\LastGood.Tmp
2010-08-26 01:34 . 2010-08-26 01:34 -------- d-----w- c:\windows\system32\XPSViewer
2010-08-26 01:34 . 2010-08-26 01:34 -------- d-----w- c:\program files\MSBuild
2010-08-26 01:34 . 2010-08-26 01:34 -------- d-----w- c:\program files\Reference Assemblies
2010-08-26 01:34 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-08-26 01:33 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-08-26 01:33 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-08-26 01:33 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-08-26 01:33 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-08-26 01:33 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-08-26 01:33 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-08-26 01:33 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-08-26 01:33 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-08-25 19:09 . 2010-07-17 12:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-25 17:53 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-08-25 17:51 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-08-25 17:51 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-08-25 00:28 . 2010-08-25 00:28 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-08-24 21:15 . 2010-08-24 21:15 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-08-24 21:14 . 2010-08-24 21:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-08-24 05:22 . 2010-08-24 05:22 -------- d-----w- c:\program files\ERUNT
2010-08-20 15:37 . 2010-08-20 15:37 -------- d-----w- c:\program files\Conduit
2010-08-20 15:37 . 2010-08-20 15:37 -------- d-----w- c:\documents and settings\Meddle\Local Settings\Application Data\Conduit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 16:08 . 2008-09-12 17:10 -------- d-----w- c:\program files\Blue Coat K9 Web Protection
2010-08-26 01:36 . 2006-05-26 22:32 -------- d-----w- c:\documents and settings\Meddle\Application Data\OpenOffice.org2
2010-08-25 19:22 . 2006-05-21 20:48 -------- d-----w- c:\program files\Java
2010-08-25 19:22 . 2006-05-21 20:48 -------- d-----w- c:\program files\Common Files\Java
2010-08-25 19:10 . 2010-08-25 19:10 503808 ----a-w- c:\documents and settings\Meddle\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-74fc3044-n\msvcp71.dll
2010-08-25 19:10 . 2010-08-25 19:10 499712 ----a-w- c:\documents and settings\Meddle\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-74fc3044-n\jmc.dll
2010-08-25 19:10 . 2010-08-25 19:10 348160 ----a-w- c:\documents and settings\Meddle\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-74fc3044-n\msvcr71.dll
2010-08-25 19:10 . 2010-08-25 19:10 61440 ----a-w- c:\documents and settings\Meddle\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-12fa4fec-n\decora-sse.dll
2010-08-25 19:10 . 2010-08-25 19:10 12800 ----a-w- c:\documents and settings\Meddle\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-12fa4fec-n\decora-d3d.dll
2010-08-25 00:48 . 2001-08-17 18:52 125056 ----a-w- c:\windows\system32\drivers\ftdisk.sys
2010-08-24 05:35 . 2008-04-04 21:12 -------- d-----w- c:\program files\Azureus
2010-08-20 22:24 . 2008-04-04 21:13 -------- d-----w- c:\documents and settings\Meddle\Application Data\Azureus
2010-08-20 17:30 . 2008-12-17 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-20 15:38 . 2010-08-20 15:38 310208 ----a-w- c:\documents and settings\Meddle\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
2010-06-17 14:03 . 2008-09-11 16:04 80384 ----a-w- c:\windows\system32\iccvid.dll
2006-08-10 22:55 . 2006-05-24 22:26 88 --sh--r- c:\windows\system32\75CA7D23BC.sys
2006-08-04 22:08 . 2006-06-02 23:04 104 --sh--r- c:\windows\system32\BC237DCA75.sys
2006-08-10 22:55 . 2006-05-24 22:26 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-12 176201]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-17 397312]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-21 24576]
F1U201.401.lnk - c:\program files\Belkin\F1U201.401\usbshare.exe [2007-9-17 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [1/13/2009 4:39 PM 72992]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [2/7/2007 4:01 PM 1078560]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [8/30/2005 2:36 PM 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [8/30/2005 2:36 PM 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [8/30/2005 2:36 PM 585792]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [8/30/2005 2:36 PM 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [8/30/2005 2:36 PM 262215]
S2 gupdate1c9aca44d1b6cec;Google Update Service (gupdate1c9aca44d1b6cec);c:\program files\Google\Update\GoogleUpdate.exe [3/24/2009 10:16 AM 133104]
S3 echo1394;AudioFire service;c:\windows\system32\drivers\echo1394.sys [10/19/2006 12:16 PM 53888]
.
Contents of the 'Scheduled Tasks' folder

2010-08-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 17:16]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 17:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.com
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Meddle\Application Data\Mozilla\Firefox\Profiles\xjcdtd2o.default\
FF - prefs.js: browser.startup.homepage - hxxps://swift.riseup.net/sm/src/webmail.php
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-26 09:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3268)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\stsystra.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\windows\system32\crypserv.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2010-08-26 09:17:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-26 16:17
ComboFix2.txt 2010-08-25 07:36

Pre-Run: 16,418,332,672 bytes free
Post-Run: 16,605,540,352 bytes free

- - End Of File - - CF950EA47CD85B5FE3FAB9BD0D5AC3EC
  • 0

Advertisements

#11
emeraldnzl
Posted 26 August 2010 - 02:21 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

i did the flash_disinfector thing. it only took like 10 seconds and then popped up a message that said, "done!" is that normative behavior for that program?


Yes that is normal.

it just says, "some of the updates could not be installed,"


Just out of interest can you try disabling your anti-virus firewall etc and then try the downloads (the reason I ask is because I wonder if your firewall has been told to stop them at some stage). Tell me if that makes a difference.

Now

I think your machine is clean.

We have a couple of last steps to perform and then you're all set.Posted Image

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.
  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    Posted Image
Step 2
  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep. Erunt can also be uninstalled via the add/remove programs utility.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

Now that your machine is clean here are some things that I think are worth having a look at if you don't already know a bout them:

---------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.
  • Download from here Java Runtime Environment (JDK) Update
  • Scroll to where it says "Windows XP/Vista/2000/2003/2008 online" and download and follow the instructions to install.

    Reboot your computer.
    You also need to uininstall older versions of Java.
  • Click Start > Control Panel > Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week.

For ease of use, you might consider the following free program:--------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
* Consider using an alternate browser.

Opera may be downloaded from here. It is one of the least targeted of all browers.

Avant may be downloaded from here. Another one that is less well known.

Firefox may be downloaded from Here. I use Firefox because I like it. Used to be one of the safest but now targeted probably as much as IE.

Adblock Plus is a good Add-on for Firefox that helps prevent those annoying pop ups.

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:

  • If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

    * Click Start > Control Panel > System and Security > Windows Update
    * Under Windows Update click on Turn automatic updating on or off
    * Check items shown to ensure you receive updates automatically. Click OK.

    And to keep your system clean consider choosing from these free for home use malware scanners and updating and running weekly.
  • Malwarebytes
  • SuperAntiSpyWare
Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

Have a safe and happy computing day!
  • 0

#12
sue dinym
Posted 26 August 2010 - 04:36 PM

sue dinym

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
awesome! thanks so much for all the help. the computer's definitely back to itself as far as i can tell.

if i can ask a few last questions:

1. i never, ever use internet explorer. i'm all about firefox. does it make sense then to uninstall explorer? or in some weird way will it still remain on my machine and just never get updated and cause security breaches?

2. i'm down to one last microsoft update that won't install. it's "security update for windows xp service pack 3" -- i tried installing it with my firewall off and continued to have no success. any thoughts on that one?

3. i have Trend Micro PC-Cillin on my computer for a firewall/anti-virus program. does it make sense to keep malwarebytes on my machine and occasionally run a scan with malwarebytes, or will the two interfere with each other?


thanks again for the advice. especially on cleaning out my temp files -- i cleared upwards of 2 gigs of space up when i did that this time.



a toast to the geekdom -- sue

Edited by sue dinym, 26 August 2010 - 04:37 PM.

  • 0

#13
emeraldnzl
Posted 26 August 2010 - 04:56 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

i never, ever use internet explorer. i'm all about firefox. does it make sense then to uninstall explorer? or in some weird way will it still remain on my machine and just never get updated and cause security breaches?


I use Firefox but keep IE as well. There are times that is is useful to have, one of them being your microsoft updates, although, as I think I mentioned earlier, you can use Firefox with the right Add-on but I find it works better for me to use IE. I update it and have the latest version on my machine. I just don't have it as my default browser.

i have Trend Micro PC-Cillin on my computer for a firewall/anti-virus program. does it make sense to keep malwarebytes on my machine and occasionally run a scan with malwarebytes, or will the two interfere with each other?


The free for personal use version of Malwarebytes is not active in real time. It will not conflict with your anti-virus and yes as I said above it is good to update it and run it say once a week. I do this and use TFC (see above) to clean my temp files. I also run a full scan with my anti-virus and defrag my computer.

i'm down to one last microsoft update that won't install. it's "security update for windows xp service pack 3"


I have seen it where an update won't load if the version of the Windows program you have on your machine is too old and is not compatible with the update. For example your version of Internet Explorer or your Microsoft Office might be too old to accept the updates designed for the current versions. You might try updating your IE and other microsoft programs that attract updates and see if that helps. Tell me how you get on.
  • 0

#14
emeraldnzl
Posted 26 August 2010 - 05:07 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Further to my last post it occurrs to me that there are a couple of things you could do that may help with your update problem and with the general working of your machine.

CHKDSK (short for Checkdisk) is a command on computers running DOS, OS/2 and Microsoft Windows operating systems that displays the file system integrity status of hard disks and floppy disk and can fix logical file system errors.

How to run Chkdsk using the Command Line:

Before running Chkdsk, be aware of the following:

* Chkdsk requires exclusive access to a volume while it is running. Chkdsk might display a prompt asking if you want to check the disk the next time you restart your computer.

* Chkdsk might take a long time to run, depending on the number of files and folders, the size of the volume, disk performance, and available system resources (such as processor and memory).


Now

Go to Start > Run and type:

chkdsk C: /f /r note the spaces. They are meant to be there.

Hit OK

If chkdsk does not start immediately reboot your computer. Chkdsk will run during the start up process. It can take a very long time... so be patient.

Next

Run the System File Checker:

Follow these steps:

  • Click Start > Run and type sfc /scannow (note the space, it should be there), and then press ENTER.
  • Follow the prompts throughout the System File Checker process.
  • Restart your computer when System File Checker process is complete.

Tell me if these actions make a difference.
  • 0

#15
emeraldnzl
Posted 05 September 2010 - 04:02 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP