Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32.Backdoor.Papras/A Found/Quarantined


  • Please log in to reply

#1
BJohn66469

BJohn66469

    Member

  • Member
  • PipPip
  • 23 posts
Hello,

I have been experiencing problems with my computer and Internet explorer over the past week. Generally both the computer and Internet explorer have been slow and sometimes unresponsive. I have ran virus scans using Trend Micro Internet Security and have found several things. First virus found was JS_OBFUSCA.SM, which I was able to quarantine and remove. Next was JAVA_AGENT.TEH, which also was quarantined and removed. The next was Mal_FakeAVO which was found but unable to quarantine, and subsequent scans could not find it again. I also have installed Ad-Aware with Ad-Watch Live, and Malwarebyte's Anti-Malware, both of which were to scan the computer before/during each virus scan. Malwarebytes was able to find and remove several Trojan.Downloaders, Trojan.Agents, Spyware.Zbot, and Trojan.Droppers, all of which were in either Windows/Temp directory or local settings/Temp. Ad-Aware found a couple of Trojan.Win32.Adware files which it has quarantined, and the latest item, Win32.Backdoor.Papras/A which I understand to be a process that allows more maleware to be downloaded onto your computer which I think explains the amount of virus and maleware found over the past week. Luckily this process was stopped by Ad-ware and is now quarantined. I would appreciate any help in cleaning up and removing any other threats on my computer. And I apologize for the lengthy post.

P.S: Also a windows beep sound will randomly happen when nothing is necessarily going on.

Here is the OTL file. Figured if I copy/past in form, might get a response back.

OTL logfile created on: 2/13/2011 9:49:13 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\DOH!\My Documents
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.08 Gb Total Space | 41.63 Gb Free Space | 38.88% Space Free | Partition Type: NTFS
Drive E: | 119.98 Mb Total Space | 19.04 Mb Free Space | 15.87% Space Free | Partition Type: FAT

Computer Name: DELL | User Name: DOH! | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/13 09:48:36 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DOH!\My Documents\OTL.exe
PRC - [2011/02/05 17:16:37 | 000,936,712 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/02/05 17:16:36 | 001,402,272 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/08/12 18:37:44 | 000,337,160 | ---- | M] () -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/08/12 18:37:42 | 000,648,456 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2009/08/12 18:37:42 | 000,488,768 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
PRC - [2009/08/12 18:37:06 | 001,398,024 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2009/08/12 18:37:06 | 000,703,008 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/01/17 09:08:33 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/27 14:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/01/02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004/03/04 10:46:24 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2003/12/22 08:38:40 | 000,135,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe


========== Modules (SafeList) ==========

MOD - [2011/02/13 09:48:36 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DOH!\My Documents\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/05 17:16:36 | 001,402,272 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/12 18:37:44 | 000,337,160 | ---- | M] () [Auto | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/08/12 18:37:42 | 000,648,456 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV - [2009/08/12 18:37:42 | 000,488,768 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/08/12 18:37:06 | 000,703,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/04/26 13:43:05 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV - [2010/12/03 04:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/12/03 04:05:33 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/30 16:29:10 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2010/07/30 16:29:00 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2010/07/30 16:06:08 | 001,331,512 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2010/07/19 17:03:10 | 000,059,472 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/19 17:03:00 | 000,051,792 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/19 17:02:54 | 000,163,408 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/08/12 18:38:42 | 000,335,376 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2009/08/12 18:38:42 | 000,066,320 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/07/07 13:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 13:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/04/08 13:29:52 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/09/22 21:56:40 | 001,681,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/08/17 08:55:16 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/27 14:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/08 12:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/12/01 01:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 01:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 01:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/11/02 13:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 22:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A DE 2C 68 35 C7 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2009/04/11 16:38:31 | 000,000,224 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: ??????????????? browser-security.microsoft.com
O1 - Hosts: ??????????????? spywareprotector-2009.com
O1 - Hosts: ??????????????? www.spywareprotector-2009.com
O1 - Hosts: ??????????????? secure.spywareprotector-2009.com
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe ()
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: ActiveGS.cab http://activegs.free...om/ActiveGS.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\DOH!\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DOH!\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/26 13:13:33 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/01/05 21:59:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: dpnsexec - (C:\WINDOWS\system32\bootetup.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/13 09:48:34 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DOH!\My Documents\OTL.exe
[2011/02/09 23:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/02/07 12:27:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\DOH!\Recent
[2011/02/07 12:22:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/02/06 14:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/02/06 14:34:19 | 002,137,352 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\DOH!\My Documents\ccsetup303_slim.exe
[2011/02/06 14:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2011/02/06 14:07:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/02/06 13:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/02/06 13:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/02/06 00:30:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DOH!\My Documents\My Games
[2011/02/06 00:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games
[2011/02/06 00:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2011/02/05 23:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2011/02/05 23:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\Valusoft
[2011/02/05 22:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Softwrap
[2011/02/05 22:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Fonts
[2011/02/05 22:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Config
[2011/02/05 18:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DOH!\My Documents\My Downloads
[2011/02/05 18:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Download Manager
[2011/02/05 18:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\Download Manager
[2011/02/05 18:54:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DOH!\Application Data\IGN_DLM
[2011/02/05 17:17:13 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/02/05 17:17:08 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/02/05 17:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DOH!\Local Settings\Application Data\Sunbelt Software
[2011/02/05 17:12:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2011/02/05 17:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/02/05 17:11:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/02/05 17:11:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/02/05 17:10:13 | 130,359,064 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\DOH!\My Documents\Ad-Aware90Install.exe
[2011/02/05 12:45:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/02/05 09:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/02/03 20:05:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/02/03 20:05:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/02/03 18:59:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/02/03 17:22:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/02/03 17:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/01/15 08:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\aNbMp05200
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/13 09:55:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/13 09:48:36 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DOH!\My Documents\OTL.exe
[2011/02/13 09:27:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/13 09:00:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\gbpxrotk.job
[2011/02/13 08:56:24 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/02/13 08:53:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/13 08:52:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/13 08:52:19 | 2011,197,440 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/09 19:18:50 | 000,442,238 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/09 19:18:49 | 000,071,776 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/07 12:28:05 | 000,000,522 | ---- | M] () -- C:\Documents and Settings\DOH!\My Documents\cc_20110207_122744.reg
[2011/02/07 11:59:24 | 173,215,331 | ---- | M] () -- C:\Documents and Settings\DOH!\My Documents\HDsamplerV.mp4
[2011/02/06 14:40:55 | 000,223,638 | ---- | M] () -- C:\Documents and Settings\DOH!\My Documents\cc_20110206_144024.reg
[2011/02/06 14:34:19 | 002,137,352 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\DOH!\My Documents\ccsetup303_slim.exe
[2011/02/06 14:17:53 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\DOH!\Desktop\HijackThis.lnk
[2011/02/06 08:20:32 | 000,149,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/06 00:30:19 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Age of Empires III Trial.lnk
[2011/02/05 22:28:36 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2011/02/05 22:28:19 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SwSys2.bmp
[2011/02/05 22:28:19 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SwSys1.bmp
[2011/02/05 18:54:55 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Download Manager.lnk
[2011/02/05 17:17:01 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/02/05 17:17:00 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/02/05 17:12:29 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\DOH!\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/02/05 17:12:29 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/02/05 17:10:12 | 130,359,064 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\DOH!\My Documents\Ad-Aware90Install.exe
[2011/02/05 16:21:29 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\vclhvaj.sys
[2011/02/05 14:27:47 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/02/05 14:08:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/01 07:49:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/07 14:09:20 | 2011,197,440 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/07 12:27:58 | 000,000,522 | ---- | C] () -- C:\Documents and Settings\DOH!\My Documents\cc_20110207_122744.reg
[2011/02/07 11:59:25 | 173,215,331 | ---- | C] () -- C:\Documents and Settings\DOH!\My Documents\HDsamplerV.mp4
[2011/02/06 14:40:34 | 000,223,638 | ---- | C] () -- C:\Documents and Settings\DOH!\My Documents\cc_20110206_144024.reg
[2011/02/06 14:17:53 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\DOH!\Desktop\HijackThis.lnk
[2011/02/06 00:30:19 | 000,001,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Age of Empires III Trial.lnk
[2011/02/05 22:28:19 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2011/02/05 22:28:19 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SwSys2.bmp
[2011/02/05 22:28:19 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SwSys1.bmp
[2011/02/05 18:55:04 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/02/05 18:54:55 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Download Manager.lnk
[2011/02/05 17:18:31 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/02/05 17:12:29 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\DOH!\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/02/05 17:12:29 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/02/05 16:21:29 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\vclhvaj.sys
[2010/04/27 15:59:30 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/04/25 13:53:58 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\DOH!\Application Data\Solve Elec 2.5 Prefs
[2010/04/25 10:45:02 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/04/24 19:57:05 | 000,003,698 | ---- | C] () -- C:\WINDOWS\scad3.INI
[2009/09/24 17:02:47 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/06/21 10:54:41 | 000,000,063 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/06/19 19:06:22 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/05/18 22:14:23 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\DOH!\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/18 22:12:10 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/13 16:20:46 | 000,163,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/05/13 16:20:46 | 000,059,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2009/05/13 16:20:46 | 000,051,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2009/01/07 18:36:30 | 000,009,004 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini
[2009/01/07 17:17:23 | 000,000,177 | ---- | C] () -- C:\WINDOWS\QAWIN32.INI
[2009/01/05 22:53:38 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/01/05 22:53:37 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/01/05 22:33:50 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\DOH!\Local Settings\Application Data\fusioncache.dat
[2009/01/05 15:35:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/10 06:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/10 06:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/10 06:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/10 06:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/10 06:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/10 06:00:00 | 000,013,576 | ---- | C] () -- C:\WINDOWS\System32\syscorecfg256.dll

========== LOP Check ==========

[2010/04/25 19:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5Spice Analysis
[2011/02/06 01:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alibre Design
[2011/01/15 08:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aNbMp05200
[2009/05/16 11:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/01/05 22:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2009/03/09 22:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2010/04/25 13:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/02/05 17:12:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010/07/07 20:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/24 23:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/06/29 16:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DOH!\Application Data\Alibre Design
[2009/04/26 14:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DOH!\Application Data\Autodesk
[2010/04/25 10:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DOH!\Application Data\GetRightToGo
[2009/10/13 23:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DOH!\Application Data\LimeWire
[2010/04/24 16:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DOH!\Application Data\Ousetech
[2009/07/14 15:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DOH!\Application Data\RayV
[2010/04/25 13:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DOH!\Application Data\SmartDraw
[2011/02/13 08:56:24 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/02/13 09:00:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\gbpxrotk.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/06/13 09:22:00 | 000,000,000 | ---D | M](C:\Documents and Settings\NetworkService\Local Settings\Application Data\?%ogle) -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ጀ%ogle
(C:\Documents and Settings\NetworkService\Local Settings\Application Data\?%ogle) -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ጀ%ogle

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7BB5E748

< End of report >

Edited by BJohn66469, 15 February 2011 - 04:25 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,152 posts
  • MVP
Before proceeding, disable Ad-Watch and leave it disabled until we're done here. See http://aumha.net/vie...hp?f=43&t=38668

I would also uninstall all Java programs using Control Panel, Add/Remove Programs. (These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE) Then delete the C:\Program Files\Java folder. We will reinstall Java when done.


Copy the text in the code box by highlighting and Ctrl + c

:Services

:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: ActiveGS.cab http://activegs.free...om/ActiveGS.cab (Reg Error: Key error.)
[2011/02/05 16:21:29 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\vclhvaj.sys
[2011/02/13 09:00:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\gbpxrotk.job
[2011/01/15 08:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aNbMp05200
[2010/06/13 09:22:00 | 000,000,000 | ---D | M](C:\Documents and Settings\NetworkService\Local Settings\Application Data\?%ogle) -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ጀ%ogle
(C:\Documents and Settings\NetworkService\Local Settings\Application Data\?%ogle) -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ጀ%ogle
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7BB5E748

:Files
C:\Documents and Settings\NetworkService\Local Settings\Application Data\?%ogle
     
:Commands
[RESETHOSTS]
[purity]
[emptytemp]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again select either the Use SafeList or All option in the Extra Registry group and click the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Reboot now, please :!:

Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with:

OTL Log
MBAM log
Combofix log

Ron
  • 0

#3
BJohn66469

BJohn66469

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hello Ron,

Thanks for your help. I have removed Ad-Aware altogether, along with any Java versions. I have also completed the scans you requested. There was nothing to report for MBAM, but ComboFix did find a Rootkit and removed it. The logs for the scans are as follows:

OTL Scan after fix (sorry posted it first by mistake):

OTL logfile created on: 2/16/2011 9:17:40 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\DOH!\My Documents
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.08 Gb Total Space | 42.73 Gb Free Space | 39.90% Space Free | Partition Type: NTFS
Drive E: | 119.98 Mb Total Space | 19.04 Mb Free Space | 15.87% Space Free | Partition Type: FAT

Computer Name: DELL | User Name: DOH! | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/13 09:48:36 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DOH!\My Documents\OTL.exe
PRC - [2010/06/16 16:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/08/12 18:37:44 | 000,337,160 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/08/12 18:37:42 | 000,648,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2009/08/12 18:37:42 | 000,488,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
PRC - [2009/08/12 18:37:06 | 001,398,024 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2009/08/12 18:37:06 | 000,703,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/01/17 09:08:33 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/22 23:29:48 | 000,014,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
PRC - [2006/07/27 14:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/01/02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2003/12/22 08:38:40 | 000,135,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe


========== Modules (SafeList) ==========

MOD - [2011/02/13 09:48:36 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DOH!\My Documents\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/12 18:37:44 | 000,337,160 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/08/12 18:37:42 | 000,648,456 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV - [2009/08/12 18:37:42 | 000,488,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/08/12 18:37:06 | 000,703,008 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/04/26 13:43:05 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV - [2010/12/03 04:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/07/30 16:29:10 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2010/07/30 16:29:00 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2010/07/30 16:06:08 | 001,331,512 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2010/07/19 17:03:10 | 000,059,472 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/19 17:03:00 | 000,051,792 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/19 17:02:54 | 000,163,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 10:03:56 | 000,114,952 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2009/08/12 18:38:42 | 000,335,376 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2009/08/12 18:38:42 | 000,066,320 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/07/07 13:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 13:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/04/08 13:29:52 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/09/22 21:56:40 | 001,681,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/08/17 08:55:16 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/27 14:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/08 12:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/12/01 01:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 01:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 01:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/11/02 13:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 22:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A DE 2C 68 35 C7 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:2.7.1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.8
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/13 18:33:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/13 18:33:00 | 000,000,000 | ---D | M]

[2011/02/13 18:33:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DOH!\Application Data\Mozilla\Extensions
[2011/02/15 17:18:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DOH!\Application Data\Mozilla\Firefox\Profiles\8j919ivv.default\extensions
[2011/02/15 17:18:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\DOH!\Application Data\Mozilla\Firefox\Profiles\8j919ivv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/15 17:18:08 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\DOH!\Application Data\Mozilla\Firefox\Profiles\8j919ivv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/02/13 18:35:23 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Documents and Settings\DOH!\Application Data\Mozilla\Firefox\Profiles\8j919ivv.default\extensions\[email protected]
[2011/02/13 18:33:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/02/16 20:57:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.16.0.cab (SysInfo Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\DOH!\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DOH!\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/26 13:13:33 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/01/05 21:59:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: dpnsexec - (C:\WINDOWS\system32\bootetup.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/16 20:56:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/16 20:45:32 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\DOH!\Desktop\mbam-setup-1.50.1.1100.exe
[2011/02/15 21:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/02/15 21:39:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DOH!\Application Data\SystemRequirementsLab
[2011/02/15 21:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DOH!\My Documents\Autoruns
[2011/02/14 20:37:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DOH!\Application Data\DriverCure
[2011/02/14 20:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DOH!\Application Data\ParetoLogic
[2011/02/14 20:36:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DOH!\Start Menu\Programs\ParetoLogic
[2011/02/14 20:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2011/02/14 20:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2011/02/14 20:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/02/14 20:35:45 | 005,193,608 | ---- | C] (ParetoLogic Inc.) -- C:\Documents and Settings\DOH!\My Documents\ParetoLogic PC Health Advisor.exe
[2011/02/13 20:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DOH!\Application Data\OpenDNS Updater
[2011/02/13 20:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\OpenDNS Updater
[2011/02/13 18:46:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DOH!\My Documents\Downloads
[2011/02/13 18:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KeyScrambler
[2011/02/13 18:35:03 | 000,114,952 | ---- | C] (QFX Software Corporation) -- C:\WINDOWS\System32\drivers\keyscrambler.sys
[2011/02/13 18:35:03 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2011/02/13 18:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DOH!\Local Settings\Application Data\Mozilla
[2011/02/13 18:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DOH!\Application Data\Mozilla
[2011/02/13 18:33:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/02/13 18:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/02/13 18:13:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/02/13 18:13:00 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/02/13 17:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DOH!\Application Data\SUPERAntiSpyware.com
[2011/02/13 17:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/02/13 17:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/02/13 17:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/02/13 17:18:00 | 008,582,536 | ---- | C] (Mozilla) -- C:\Documents and Settings\DOH!\My Documents\Firefox Setup 3.6.13.exe
[2011/02/13 17:14:08 | 003,194,296 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\DOH!\My Documents\spywareblastersetup44.exe
[2011/02/13 17:13:31 | 010,421,552 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\DOH!\My Documents\SUPERAntiSpyware.exe
[2011/02/13 17:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/02/13 17:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/02/13 17:09:07 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\DOH!\My Documents\erunt-setup.exe
[2011/02/13 09:48:34 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DOH!\My Documents\OTL.exe
[2011/02/09 23:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/02/07 12:27:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\DOH!\Recent
[2011/02/07 12:22:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/02/06 14:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/02/06 14:34:19 | 002,137,352 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\DOH!\My Documents\ccsetup303_slim.exe
[2011/02/06 14:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2011/02/06 14:07:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/02/06 13:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/02/06 13:52:07 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/02/06 13:24:29 | 000,883,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\DOH!\My Documents\JavaSetup6u23.exe
[2011/02/06 00:30:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DOH!\My Documents\My Games
[2011/02/06 00:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games
[2011/02/06 00:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2011/02/05 23:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2011/02/05 23:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\Valusoft
[2011/02/05 22:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Softwrap
[2011/02/05 22:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Fonts
[2011/02/05 22:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Config
[2011/02/05 22:27:57 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2011/02/05 18:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DOH!\My Documents\My Downloads
[2011/02/05 18:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Download Manager
[2011/02/05 18:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\Download Manager
[2011/02/05 18:54:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DOH!\Application Data\IGN_DLM
[2011/02/05 17:17:13 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/02/05 17:17:08 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/02/05 17:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DOH!\Local Settings\Application Data\Sunbelt Software
[2011/02/05 17:11:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/02/05 17:10:13 | 130,359,064 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\DOH!\My Documents\Ad-Aware90Install.exe
[2011/02/05 12:45:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/02/05 09:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/02/03 20:05:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/02/03 20:05:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/02/03 18:59:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/02/03 17:22:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/02/03 17:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

========== Files - Modified Within 30 Days ==========

[2011/02/16 21:11:38 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/16 21:11:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/16 21:11:23 | 2011,197,440 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/16 20:57:19 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/02/16 20:53:17 | 004,270,215 | ---- | M] () -- C:\Documents and Settings\DOH!\Desktop\George.exe
[2011/02/16 20:50:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/16 20:46:17 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\DOH!\Desktop\mbam-setup-1.50.1.1100.exe
[2011/02/16 20:27:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/16 19:13:12 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/02/15 21:14:35 | 000,620,465 | ---- | M] () -- C:\Documents and Settings\DOH!\My Documents\Autoruns.zip
[2011/02/15 18:00:05 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/02/14 20:39:39 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\DOH!\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/02/14 20:36:43 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\DOH!\Desktop\ParetoLogic PC Health Advisor.lnk
[2011/02/14 20:36:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2011/02/14 20:36:38 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2011/02/14 20:36:37 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2011/02/14 20:35:44 | 005,193,608 | ---- | M] (ParetoLogic Inc.) -- C:\Documents and Settings\DOH!\My Documents\ParetoLogic PC Health Advisor.exe
[2011/02/13 20:38:43 | 000,225,336 | ---- | M] () -- C:\Documents and Settings\DOH!\My Documents\OpenDNS-Updater-2.2.1.exe
[2011/02/13 20:04:45 | 000,090,834 | ---- | M] () -- C:\Documents and Settings\DOH!\My Documents\http _192.168.1.1.htm
[2011/02/13 18:33:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/02/13 18:33:04 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/02/13 17:42:58 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/13 17:27:22 | 001,191,584 | ---- | M] () -- C:\Documents and Settings\DOH!\My Documents\KeyScrambler_Setup.exe
[2011/02/13 17:18:32 | 002,062,665 | ---- | M] () -- C:\Documents and Settings\DOH!\My Documents\spywareguardsetup.exe
[2011/02/13 17:17:59 | 008,582,536 | ---- | M] (Mozilla) -- C:\Documents and Settings\DOH!\My Documents\Firefox Setup 3.6.13.exe
[2011/02/13 17:14:16 | 003,194,296 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\DOH!\My Documents\spywareblastersetup44.exe
[2011/02/13 17:13:31 | 010,421,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\DOH!\My Documents\SUPERAntiSpyware.exe
[2011/02/13 17:09:32 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\DOH!\Application Data\Microsoft\Internet Explorer\Quick Launch\NTREGOPT.lnk
[2011/02/13 17:09:32 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\DOH!\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2011/02/13 17:09:11 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\DOH!\My Documents\erunt-setup.exe
[2011/02/13 09:48:36 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DOH!\My Documents\OTL.exe
[2011/02/09 19:18:50 | 000,442,238 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/09 19:18:49 | 000,071,776 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/07 12:28:05 | 000,000,522 | ---- | M] () -- C:\Documents and Settings\DOH!\My Documents\cc_20110207_122744.reg
[2011/02/06 14:40:55 | 000,223,638 | ---- | M] () -- C:\Documents and Settings\DOH!\My Documents\cc_20110206_144024.reg
[2011/02/06 14:34:19 | 002,137,352 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\DOH!\My Documents\ccsetup303_slim.exe
[2011/02/06 14:17:53 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\DOH!\Desktop\HijackThis.lnk
[2011/02/06 13:51:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/02/06 13:24:37 | 000,883,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\DOH!\My Documents\JavaSetup6u23.exe
[2011/02/06 08:20:32 | 000,149,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/06 00:30:19 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Age of Empires III Trial.lnk
[2011/02/05 22:28:36 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2011/02/05 22:28:19 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SwSys2.bmp
[2011/02/05 22:28:19 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SwSys1.bmp
[2011/02/05 18:54:55 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Download Manager.lnk
[2011/02/05 17:17:01 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/02/05 17:10:12 | 130,359,064 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\DOH!\My Documents\Ad-Aware90Install.exe
[2011/02/05 14:27:47 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/02/05 14:08:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/01 07:49:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2011/02/16 20:52:29 | 004,270,215 | ---- | C] () -- C:\Documents and Settings\DOH!\Desktop\George.exe
[2011/02/15 21:14:38 | 000,620,465 | ---- | C] () -- C:\Documents and Settings\DOH!\My Documents\Autoruns.zip
[2011/02/14 20:37:05 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/02/14 20:36:43 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\DOH!\Desktop\ParetoLogic PC Health Advisor.lnk
[2011/02/14 20:36:42 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2011/02/14 20:36:37 | 000,000,374 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2011/02/14 20:36:35 | 000,000,356 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2011/02/13 21:07:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/13 20:41:35 | 000,001,659 | ---- | C] () -- C:\Documents and Settings\DOH!\Start Menu\Programs\OpenDNS Updater.lnk
[2011/02/13 20:38:48 | 000,225,336 | ---- | C] () -- C:\Documents and Settings\DOH!\My Documents\OpenDNS-Updater-2.2.1.exe
[2011/02/13 20:04:45 | 000,090,834 | ---- | C] () -- C:\Documents and Settings\DOH!\My Documents\http _192.168.1.1.htm
[2011/02/13 18:33:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/02/13 18:33:04 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/02/13 17:42:58 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/13 17:27:17 | 001,191,584 | ---- | C] () -- C:\Documents and Settings\DOH!\My Documents\KeyScrambler_Setup.exe
[2011/02/13 17:18:32 | 002,062,665 | ---- | C] () -- C:\Documents and Settings\DOH!\My Documents\spywareguardsetup.exe
[2011/02/13 17:09:32 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\DOH!\Application Data\Microsoft\Internet Explorer\Quick Launch\NTREGOPT.lnk
[2011/02/13 17:09:32 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\DOH!\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2011/02/07 14:09:20 | 2011,197,440 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/07 12:27:58 | 000,000,522 | ---- | C] () -- C:\Documents and Settings\DOH!\My Documents\cc_20110207_122744.reg
[2011/02/06 14:40:34 | 000,223,638 | ---- | C] () -- C:\Documents and Settings\DOH!\My Documents\cc_20110206_144024.reg
[2011/02/06 14:17:53 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\DOH!\Desktop\HijackThis.lnk
[2011/02/06 00:30:19 | 000,001,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Age of Empires III Trial.lnk
[2011/02/05 22:28:19 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2011/02/05 22:28:19 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SwSys2.bmp
[2011/02/05 22:28:19 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SwSys1.bmp
[2011/02/05 18:54:55 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Download Manager.lnk
[2011/02/05 17:18:31 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/27 15:59:30 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/04/25 13:53:58 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\DOH!\Application Data\Solve Elec 2.5 Prefs
[2010/04/25 10:45:02 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/04/24 19:57:05 | 000,003,698 | ---- | C] () -- C:\WINDOWS\scad3.INI
[2009/09/24 17:02:47 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/06/21 10:54:41 | 000,000,063 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/06/19 19:06:22 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/05/18 22:14:23 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\DOH!\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/18 22:12:10 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/07 18:36:30 | 000,009,004 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini
[2009/01/07 17:17:23 | 000,000,177 | ---- | C] () -- C:\WINDOWS\QAWIN32.INI
[2009/01/05 22:53:38 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/01/05 22:53:37 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/01/05 22:33:50 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\DOH!\Local Settings\Application Data\fusioncache.dat
[2009/01/05 15:35:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/10 06:00:00 | 000,013,576 | ---- | C] () -- C:\WINDOWS\System32\syscorecfg256.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Edited by BJohn66469, 16 February 2011 - 10:18 PM.

  • 0

#4
BJohn66469

BJohn66469

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
OTL Custom Fix:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\Program Files\WebEx\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Starting removal of ActiveX control ActiveGS.cab
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ActiveGS.cab\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ActiveGS.cab\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ActiveGS.cab\ not found.
C:\WINDOWS\system32\drivers\vclhvaj.sys moved successfully.
C:\WINDOWS\tasks\gbpxrotk.job moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\aNbMp05200\ not found.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\ጀ%ogle\Update\Manifest\Initial folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\ጀ%ogle\Update\Manifest folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\ጀ%ogle\Update folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\ጀ%ogle folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7BB5E748 deleted successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Application Data\?%ogle not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 32768 bytes

User: Administrator.DELL
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: DOH!
->Temp folder emptied: 1754112492 bytes
->Temporary Internet Files folder emptied: 10081144 bytes
->Java cache emptied: 10613416 bytes
->FireFox cache emptied: 43070505 bytes
->Flash cache emptied: 1706 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 198371011 bytes
->Flash cache emptied: 36538 bytes

User: MCX1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 127684 bytes

User: MCX2
->Temp folder emptied: 305936 bytes
->Temporary Internet Files folder emptied: 2450474 bytes
->Flash cache emptied: 405 bytes

User: MCX3
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: MCX4
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 424840219 bytes
->Java cache emptied: 49978 bytes
->Flash cache emptied: 86870 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1238856 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 63845497 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 77319384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,467.00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02162011_205644

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_3b4.dat not found!

Registry entries deleted on Reboot...
  • 0

#5
BJohn66469

BJohn66469

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
OTL Extras:

OTL Extras logfile created on: 2/16/2011 9:17:40 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\DOH!\My Documents
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.08 Gb Total Space | 42.73 Gb Free Space | 39.90% Space Free | Partition Type: NTFS
Drive E: | 119.98 Mb Total Space | 19.04 Mb Free Space | 15.87% Space Free | Partition Type: FAT

Computer Name: DELL | User Name: DOH! | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- C:\Program Files\ParetoLogic\PCHA\noapp.exe %1 (ParetoLogic)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"3776:UDP" = 3776:UDP:*:Enabled:Media Center Extender Service
"3390:TCP" = 3390:TCP:*:Enabled:Remote Media Center Experience

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Documents and Settings\DOH!\My Documents\Trend Micro Internet Security\TisEzIns.exe" = C:\Documents and Settings\DOH!\My Documents\Trend Micro Internet Security\TisEzIns.exe:*:Enabled:Trend Micro Internet Security -- (Trend Micro Inc.)
"C:\Program Files\RayV\RayV\RayV.dll" = C:\Program Files\RayV\RayV\RayV.dll:*:Enabled:RayV
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FE964A-853B-4176-86D7-9E18B5CA1FC0}" = Media Center Extender
"{25B25C84-6132-4662-972B-4E4DC1B00C98}" = Age of Empires III Trial
"{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}" = 3DMark05
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6833245E-DD86-479A-882A-8360D62C8194}" = NVIDIA PhysX
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6FCBE08B-EB47-448E-8566-CE38E8B8D065}" = System Requirements Lab CYRI
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{A20A58C4-6784-4B4B-86CC-94E2E3671033}" = Nero 7 Ultra Edition
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro Internet Security
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6AE077-1566-4655-BE73-38A869C150DC}" = ATI Catalyst Control Center
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B1591C79-1C35-4E09-AA15-F7D6923AFB96}" = HP Deskjet 3840
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EFD0BFEB-980E-491B-833B-A8848E5E0F0F}" = Hyplay
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"3635FC5A3FE7DACCEF2123BDBDA808BA811B977B" = Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12)
"452416B030C25BAA383F3DA368FECD5D48FAE727" = Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04)
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Download Manager" = Download Manager 2.3.10
"DVD Shrink_is1" = DVD Shrink 3.2
"EHome Devices" = Media Center Extender
"ERUNT_is1" = ERUNT 1.1j
"ESPNMotion" = ESPNMotion
"F631A62FA5E06534A0FE3637D75AAA5B1D3E4FB7" = Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06)
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Deskjet 3840 Series_Driver" = HP Deskjet 3840 Series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{25B25C84-6132-4662-972B-4E4DC1B00C98}" = Age of Empires III Trial
"KeyScrambler" = KeyScrambler
"LimeWire" = LimeWire PRO 4.14.8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenAL" = OpenAL
"OpenDNS Updater" = OpenDNS Updater 2.2.1
"Revo Uninstaller" = Revo Uninstaller 1.80
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/15/2011 5:45:06 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 33734437

Error - 2/15/2011 5:47:11 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/15/2011 5:47:11 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 33859437

Error - 2/15/2011 5:49:16 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/15/2011 5:49:31 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/15/2011 5:49:47 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/15/2011 6:33:56 PM | Computer Name = DELL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/15/2011 9:27:32 PM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module Flash10m.ocx, version 10.2.152.26, fault address 0x0039ca5a.

Error - 2/16/2011 8:27:20 PM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x1039ca5a.

Error - 2/16/2011 8:27:31 PM | Computer Name = DELL | Source = Application Error | ID = 1001
Description = Fault bucket -1978599222.

[ Application Events ]
Error - 2/15/2011 5:45:06 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 33734437

Error - 2/15/2011 5:47:11 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/15/2011 5:47:11 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 33859437

Error - 2/15/2011 5:49:16 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/15/2011 5:49:31 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/15/2011 5:49:47 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/15/2011 6:33:56 PM | Computer Name = DELL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/15/2011 9:27:32 PM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module Flash10m.ocx, version 10.2.152.26, fault address 0x0039ca5a.

Error - 2/16/2011 8:27:20 PM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x1039ca5a.

Error - 2/16/2011 8:27:31 PM | Computer Name = DELL | Source = Application Error | ID = 1001
Description = Fault bucket -1978599222.

[ OSession Events ]
Error - 11/4/2010 5:35:01 PM | Computer Name = DELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 527
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/16/2011 9:34:33 PM | Computer Name = DELL | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2/16/2011 9:56:45 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/16/2011 9:56:45 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 2/16/2011 9:56:45 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/16/2011 9:56:45 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7034
Description = The Trend Micro Central Control Component service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/16/2011 9:56:45 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7034
Description = The Pure Networks Platform Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/16/2011 9:57:16 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7034
Description = The Trend Micro Unauthorized Change Prevention Service service terminated
unexpectedly. It has done this 1 time(s).

Error - 2/16/2011 9:57:17 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 2/16/2011 9:57:17 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7034
Description = The Trend Micro Proxy Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 2/16/2011 9:57:17 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7034
Description = The Trend Micro Personal Firewall service terminated unexpectedly.
It has done this 1 time(s).


< End of report >
  • 0

#6
BJohn66469

BJohn66469

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
MBAM Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5780

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

2/16/2011 10:08:25 PM
mbam-log-2011-02-16 (22-08-25).txt

Scan type: Full scan (C:\|)
Objects scanned: 281720
Time elapsed: 44 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#7
BJohn66469

BJohn66469

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
And the last:

ComboFix 11-02-16.01 - DOH! 02/16/2011 22:36:55.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1918.1435 [GMT -5:00]
Running from: c:\documents and settings\DOH!\Desktop\George.exe
AV: Trend Micro Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\DOH!\System
c:\documents and settings\DOH!\System\win_qs8.jqx

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2011-01-17 to 2011-02-17 )))))))))))))))))))))))))))))))
.

2011-02-17 03:09 . 2011-02-17 03:10 -------- d-----w- C:\32788R22FWJFW
2011-02-17 02:22 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-17 02:22 . 2011-02-17 02:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-17 02:22 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-17 01:56 . 2011-02-17 01:56 -------- d-----w- C:\_OTL
2011-02-16 02:46 . 2011-02-16 02:46 -------- d-----w- c:\program files\SystemRequirementsLab
2011-02-16 02:39 . 2011-02-16 02:39 -------- d-----w- c:\documents and settings\DOH!\Application Data\SystemRequirementsLab
2011-02-15 01:37 . 2011-02-15 01:37 -------- d-----w- c:\documents and settings\DOH!\Application Data\DriverCure
2011-02-15 01:36 . 2011-02-15 01:36 -------- d-----w- c:\documents and settings\DOH!\Application Data\ParetoLogic
2011-02-15 01:36 . 2011-02-15 01:36 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-02-15 01:36 . 2011-02-15 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-02-15 01:36 . 2011-02-15 01:36 -------- d-----w- c:\program files\ParetoLogic
2011-02-14 01:41 . 2011-02-14 01:41 -------- d-----w- c:\documents and settings\DOH!\Application Data\OpenDNS Updater
2011-02-14 01:41 . 2011-02-14 01:41 -------- d-----w- c:\program files\OpenDNS Updater
2011-02-13 23:35 . 2011-02-13 23:35 -------- d-----w- c:\program files\KeyScrambler
2011-02-13 23:35 . 2010-02-11 15:03 114952 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2011-02-13 23:33 . 2011-02-13 23:33 -------- d-----w- c:\documents and settings\DOH!\Local Settings\Application Data\Mozilla
2011-02-13 23:13 . 2011-02-13 23:14 -------- d-----w- c:\program files\SpywareBlaster
2011-02-13 22:43 . 2011-02-13 22:43 -------- d-----w- c:\documents and settings\DOH!\Application Data\SUPERAntiSpyware.com
2011-02-13 22:43 . 2011-02-13 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-02-13 22:42 . 2011-02-14 02:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-13 22:09 . 2011-02-13 22:09 -------- d-----w- c:\program files\ERUNT
2011-02-07 18:25 . 2011-02-07 18:28 -------- d-----w- c:\documents and settings\Administrator.DELL
2011-02-06 19:35 . 2011-02-06 19:36 -------- d-----w- c:\program files\CCleaner
2011-02-06 18:52 . 2011-02-06 18:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-06 05:28 . 2011-02-06 05:28 -------- d-----w- c:\program files\Microsoft Games
2011-02-06 04:49 . 2011-02-06 04:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2011-02-06 04:42 . 2011-02-06 05:24 -------- d-----w- c:\program files\Valusoft
2011-02-05 23:54 . 2011-02-05 23:54 -------- d-----w- c:\program files\Download Manager
2011-02-05 23:54 . 2011-02-06 01:25 -------- d-----w- c:\documents and settings\DOH!\Application Data\IGN_DLM
2011-02-05 22:17 . 2010-12-03 09:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-02-05 22:17 . 2011-02-05 22:17 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-05 22:13 . 2011-02-05 22:13 -------- d-----w- c:\documents and settings\DOH!\Local Settings\Application Data\Sunbelt Software
2011-02-05 22:11 . 2011-02-17 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-02-05 19:06 . 2011-02-05 19:06 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-05 17:45 . 2011-02-05 17:45 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-02-05 14:11 . 2011-02-15 23:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-02-04 01:05 . 2011-02-04 01:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-02-03 23:59 . 2011-02-11 01:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-17 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2424560]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-08-12 1398024]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\DOH!\\My Documents\\Trend Micro Internet Security\\TisEzIns.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/5/2011 5:17 PM 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [5/13/2009 4:20 PM 51792]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [5/13/2009 4:06 PM 36432]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2/13/2011 6:35 PM 114952]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [5/13/2009 4:06 PM 335376]
R3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [5/13/2009 4:21 PM 488768]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [5/13/2009 4:21 PM 648456]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 8:07 PM 135664]
S3 cpuz130;cpuz130;\??\c:\docume~1\DOH!\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\DOH!\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
Contents of the 'Scheduled Tasks' folder

2011-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2011-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 01:07]

2011-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 01:07]

2011-02-15 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]

2011-02-15 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]

2011-02-15 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]

2011-02-15 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {E3F99F0B-942B-4F41-97E3-DA8B9FCFD384} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\DOH!\Application Data\Mozilla\Firefox\Profiles\8j919ivv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: KeyScrambler: [email protected] - %profile%\extensions\[email protected]
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-16 23:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1272)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-02-16 23:05:19
ComboFix-quarantined-files.txt 2011-02-17 04:05

Pre-Run: 45,646,856,192 bytes free
Post-Run: 45,659,537,408 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 294AEC2CCC04BD31D7BF92806C31BE1C
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,152 posts
  • MVP
XP
  • Go to this page and Download TDSSKiller.zip to your Desktop.
  • Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
  • Double click on TDSSKiller.exe
  • If TDSSKiller alerts you that the system needs to reboot, please consent.
  • When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.
  • 0

#9
BJohn66469

BJohn66469

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hey Ron,

I have performed the requested scans using TDSSKiller and MBRCheck.

Thank you for your help.

The following is the TDSSKiller log:

2011/02/17 16:48:52.0703 3424 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/17 16:48:52.0906 3424 ================================================================================
2011/02/17 16:48:52.0906 3424 SystemInfo:
2011/02/17 16:48:52.0906 3424
2011/02/17 16:48:52.0906 3424 OS Version: 5.1.2600 ServicePack: 2.0
2011/02/17 16:48:52.0906 3424 Product type: Workstation
2011/02/17 16:48:52.0906 3424 ComputerName: DELL
2011/02/17 16:48:52.0906 3424 UserName: DOH!
2011/02/17 16:48:52.0906 3424 Windows directory: C:\WINDOWS
2011/02/17 16:48:52.0906 3424 System windows directory: C:\WINDOWS
2011/02/17 16:48:52.0906 3424 Processor architecture: Intel x86
2011/02/17 16:48:52.0906 3424 Number of processors: 2
2011/02/17 16:48:52.0906 3424 Page size: 0x1000
2011/02/17 16:48:52.0906 3424 Boot type: Normal boot
2011/02/17 16:48:52.0906 3424 ================================================================================
2011/02/17 16:48:53.0359 3424 Initialize success
2011/02/17 16:48:58.0140 2104 ================================================================================
2011/02/17 16:48:58.0140 2104 Scan started
2011/02/17 16:48:58.0140 2104 Mode: Manual;
2011/02/17 16:48:58.0140 2104 ================================================================================
2011/02/17 16:49:00.0250 2104 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/17 16:49:00.0328 2104 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/02/17 16:49:00.0406 2104 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/02/17 16:49:00.0500 2104 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/02/17 16:49:00.0843 2104 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/17 16:49:00.0937 2104 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/17 16:49:01.0062 2104 ati2mtag (9e050c4e49a26ff181b70bec61ae048e) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/02/17 16:49:01.0187 2104 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/17 16:49:01.0234 2104 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/17 16:49:01.0312 2104 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/02/17 16:49:01.0359 2104 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/02/17 16:49:01.0484 2104 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/17 16:49:01.0671 2104 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/17 16:49:01.0796 2104 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/17 16:49:01.0859 2104 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/17 16:49:01.0984 2104 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/17 16:49:02.0125 2104 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/02/17 16:49:02.0203 2104 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/02/17 16:49:02.0281 2104 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/02/17 16:49:02.0609 2104 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/17 16:49:02.0718 2104 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/17 16:49:02.0953 2104 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/17 16:49:03.0015 2104 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/17 16:49:03.0078 2104 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/17 16:49:03.0140 2104 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/17 16:49:03.0281 2104 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
2011/02/17 16:49:03.0359 2104 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/17 16:49:03.0437 2104 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/02/17 16:49:03.0484 2104 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/17 16:49:03.0593 2104 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/02/17 16:49:03.0703 2104 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/02/17 16:49:03.0765 2104 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/17 16:49:03.0843 2104 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/17 16:49:03.0921 2104 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/02/17 16:49:04.0062 2104 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/17 16:49:04.0140 2104 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/17 16:49:04.0203 2104 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/17 16:49:04.0296 2104 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2011/02/17 16:49:04.0484 2104 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2011/02/17 16:49:04.0546 2104 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/17 16:49:04.0703 2104 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/17 16:49:04.0843 2104 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/17 16:49:04.0953 2104 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/02/17 16:49:05.0015 2104 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/17 16:49:05.0062 2104 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/17 16:49:05.0203 2104 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/17 16:49:05.0328 2104 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/17 16:49:05.0593 2104 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/17 16:49:05.0656 2104 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/17 16:49:05.0828 2104 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/17 16:49:05.0890 2104 KeyScrambler (75c3aca076eba5a676e3552085545f21) C:\WINDOWS\system32\drivers\keyscrambler.sys
2011/02/17 16:49:05.0953 2104 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/17 16:49:06.0015 2104 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/17 16:49:06.0250 2104 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/02/17 16:49:06.0328 2104 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/02/17 16:49:06.0375 2104 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/02/17 16:49:06.0453 2104 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/17 16:49:06.0515 2104 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/17 16:49:06.0671 2104 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/17 16:49:06.0750 2104 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/17 16:49:06.0796 2104 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/17 16:49:06.0875 2104 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/17 16:49:07.0031 2104 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/17 16:49:07.0187 2104 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/17 16:49:07.0250 2104 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/17 16:49:07.0312 2104 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/17 16:49:07.0343 2104 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/17 16:49:07.0468 2104 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/17 16:49:07.0546 2104 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/17 16:49:07.0671 2104 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/17 16:49:07.0812 2104 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/17 16:49:07.0875 2104 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/17 16:49:07.0937 2104 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/17 16:49:07.0968 2104 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/17 16:49:08.0046 2104 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/17 16:49:08.0234 2104 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/17 16:49:08.0375 2104 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/17 16:49:08.0453 2104 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/17 16:49:08.0578 2104 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/02/17 16:49:08.0640 2104 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/17 16:49:08.0703 2104 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/17 16:49:08.0734 2104 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/17 16:49:08.0796 2104 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2011/02/17 16:49:08.0953 2104 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/17 16:49:09.0000 2104 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/17 16:49:09.0093 2104 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/17 16:49:09.0171 2104 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/17 16:49:09.0296 2104 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/17 16:49:09.0500 2104 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys
2011/02/17 16:49:09.0562 2104 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/17 16:49:09.0640 2104 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/02/17 16:49:09.0703 2104 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/17 16:49:09.0750 2104 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/17 16:49:09.0921 2104 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys
2011/02/17 16:49:09.0984 2104 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/17 16:49:11.0000 2104 QWAVEDRV (2bb1d2baf3493362e5c1949c5f210d5f) C:\WINDOWS\system32\DRIVERS\qwavedrv.sys
2011/02/17 16:49:11.0515 2104 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/17 16:49:11.0828 2104 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/17 16:49:12.0093 2104 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/17 16:49:12.0312 2104 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/17 16:49:12.0750 2104 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/17 16:49:13.0203 2104 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/17 16:49:13.0625 2104 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/17 16:49:14.0203 2104 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/17 16:49:14.0421 2104 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/17 16:49:14.0765 2104 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/02/17 16:49:14.0937 2104 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/02/17 16:49:15.0015 2104 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/02/17 16:49:15.0359 2104 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/02/17 16:49:15.0515 2104 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/17 16:49:16.0015 2104 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/02/17 16:49:16.0390 2104 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/02/17 16:49:16.0531 2104 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/02/17 16:49:16.0812 2104 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/17 16:49:17.0390 2104 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/17 16:49:17.0609 2104 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/17 16:49:18.0078 2104 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/17 16:49:18.0656 2104 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
2011/02/17 16:49:19.0390 2104 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/17 16:49:19.0562 2104 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/17 16:49:20.0406 2104 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/02/17 16:49:20.0718 2104 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/17 16:49:21.0375 2104 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/17 16:49:21.0796 2104 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/17 16:49:21.0906 2104 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/17 16:49:22.0343 2104 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/17 16:49:22.0578 2104 tmactmon (ca9e9c2c04a198ed345c1752222a5f3e) C:\WINDOWS\system32\drivers\tmactmon.sys
2011/02/17 16:49:23.0500 2104 tmcfw (e5aa5bcb134d3ab03a8b56ddd728c37f) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
2011/02/17 16:49:23.0984 2104 tmcomm (a3d20789b3ff0576a29462bef25bcfcc) C:\WINDOWS\system32\drivers\tmcomm.sys
2011/02/17 16:49:24.0187 2104 tmevtmgr (21f215e54770c4bf93efaf63f58fe57e) C:\WINDOWS\system32\drivers\tmevtmgr.sys
2011/02/17 16:49:24.0265 2104 tmpreflt (9cbbe54780770fdb7aaa73be530e4d80) C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
2011/02/17 16:49:24.0343 2104 tmtdi (1cf2f398e08592985a5bd1bbef59d043) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
2011/02/17 16:49:24.0515 2104 tmxpflt (6cc393305bd60056ca09a4c8032a169a) C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
2011/02/17 16:49:24.0609 2104 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/17 16:49:24.0718 2104 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/17 16:49:24.0875 2104 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/02/17 16:49:24.0937 2104 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/17 16:49:25.0015 2104 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/17 16:49:25.0078 2104 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/17 16:49:25.0203 2104 usbhub (ace960e54148821e8e48f5d191562c28) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/17 16:49:25.0250 2104 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/02/17 16:49:25.0296 2104 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/17 16:49:25.0343 2104 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/17 16:49:25.0390 2104 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/17 16:49:25.0531 2104 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/02/17 16:49:25.0640 2104 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/17 16:49:25.0859 2104 vsapint (bbdd84ca629c1f7c8172b4405867f196) C:\WINDOWS\system32\DRIVERS\vsapint.sys
2011/02/17 16:49:26.0015 2104 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/17 16:49:26.0125 2104 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/02/17 16:49:26.0343 2104 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/17 16:49:26.0421 2104 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/02/17 16:49:26.0640 2104 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/02/17 16:49:26.0734 2104 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/17 16:49:26.0875 2104 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/17 16:49:26.0984 2104 xusb21 (a640c90b007762939507c28a021be3b3) C:\WINDOWS\system32\DRIVERS\xusb21.sys
2011/02/17 16:49:27.0265 2104 ================================================================================
2011/02/17 16:49:27.0265 2104 Scan finished
2011/02/17 16:49:27.0265 2104 ================================================================================
  • 0

#10
BJohn66469

BJohn66469

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
And here is the MBRCheck log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 148):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E3000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA4C4000 ACPIEC.sys
0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA338000 cercsr6.sys
0xB9EF3000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9ED3000 fltMgr.sys
0xB9EC1000 sr.sys
0xBA0F8000 Lbd.sys
0xBA340000 PxHelp20.sys
0xB9EAA000 KSecDD.sys
0xB9E1D000 Ntfs.sys
0xB9DF0000 NDIS.sys
0xB9DD5000 Mup.sys
0xBA208000 \SystemRoot\system32\DRIVERS\processr.sys
0xBA58C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB95F6000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB95E2000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB957A000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xBA420000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB9557000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA428000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA218000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA228000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA238000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9534000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA430000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB950E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA248000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB94F3000 \SystemRoot\System32\drivers\keyscrambler.sys
0xBA438000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB94C4000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xBA5D0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA440000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA258000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xB94B3000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xBA268000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xBA598000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA76A000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA278000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA59C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB949C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA288000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA298000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA448000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB948B000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA450000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA458000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB945A000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5D2000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9426000 \SystemRoot\system32\DRIVERS\update.sys
0xB9DA1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB926F000 \SystemRoot\system32\DRIVERS\TM_CFW.sys
0xBA2C8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA2F8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB1125000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0xB102E000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0xB0F78000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0xBA460000 \SystemRoot\System32\Drivers\Modem.SYS
0xB0E65000 \SystemRoot\system32\drivers\sthda.sys
0xB0E43000 \SystemRoot\system32\drivers\portcls.sys
0xBA308000 \SystemRoot\system32\drivers\drmk.sys
0xBA5E6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7F7000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5E8000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA480000 \SystemRoot\System32\drivers\vga.sys
0xBA5EA000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5EC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA488000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA490000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA554000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB07EA000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB0792000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB076A000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB0749000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB0727000 \SystemRoot\System32\drivers\afd.sys
0xBA318000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA108000 \SystemRoot\system32\DRIVERS\tmtdi.sys
0xBA570000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA128000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA498000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA138000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB06DD000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xBA4A0000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB06B2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB0643000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA148000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA4A8000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBA350000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xBA158000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB05C7000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xB926B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB05A4000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB058C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5FE000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB116B000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3C0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6E1000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF055000 \SystemRoot\System32\ati2cqag.dll
0xBF09B000 \SystemRoot\System32\atikvmag.dll
0xBF0DF000 \SystemRoot\System32\ati3duag.dll
0xBF323000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA198000 \SystemRoot\system32\DRIVERS\tmpreflt.sys
0xAE208000 \SystemRoot\system32\DRIVERS\vsapint.sys
0xAE194000 \SystemRoot\system32\DRIVERS\tmxpflt.sys
0xAE354000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\pnarp.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\purendis.sys
0xADE48000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xADCEF000 \SystemRoot\System32\Drivers\HTTP.sys
0xADE08000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xADC48000 \SystemRoot\system32\DRIVERS\srv.sys
0xADB03000 \??\C:\WINDOWS\system32\drivers\tmcomm.sys
0xADDD8000 \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys
0xAD8E5000 \??\C:\WINDOWS\system32\drivers\tmactmon.sys
0xAD330000 \SystemRoot\system32\drivers\wdmaud.sys
0xAD78D000 \SystemRoot\system32\drivers\sysaudio.sys
0xAE06C000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xACF97000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xADA1B000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xACA1C000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 57):
0 System Idle Process
4 System
1180 C:\WINDOWS\system32\smss.exe
1244 csrss.exe
1272 C:\WINDOWS\system32\winlogon.exe
1316 C:\WINDOWS\system32\services.exe
1328 C:\WINDOWS\system32\lsass.exe
1528 C:\WINDOWS\system32\svchost.exe
1596 svchost.exe
1636 C:\WINDOWS\system32\svchost.exe
1924 svchost.exe
1952 svchost.exe
264 C:\WINDOWS\system32\WLTRYSVC.EXE
300 C:\WINDOWS\system32\BCMWLTRY.EXE
456 C:\WINDOWS\system32\spoolsv.exe
556 svchost.exe
596 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
608 C:\Program Files\Bonjour\mDNSResponder.exe
628 C:\WINDOWS\ehome\ehrecvr.exe
692 C:\WINDOWS\ehome\ehSched.exe
924 C:\WINDOWS\ehome\RMSvc.exe
980 C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
1036 svchost.exe
1096 C:\WINDOWS\system32\svchost.exe
1536 McrdSvc.exe
1688 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
1904 C:\Program Files\Trend Micro\BM\TMBMSRV.exe
2736 C:\WINDOWS\system32\dllhost.exe
2868 alg.exe
3508 C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
2380 C:\WINDOWS\system32\svchost.exe
3824 C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
3080 C:\WINDOWS\explorer.exe
3552 C:\WINDOWS\ehome\ehtray.exe
3668 C:\WINDOWS\system32\WLTRAY.EXE
2336 C:\WINDOWS\stsystra.exe
3944 C:\WINDOWS\ehome\ehmsas.exe
2628 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3176 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
3404 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
3120 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
3340 C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
3116 C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
3816 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
3740 C:\Program Files\iTunes\iTunesHelper.exe
3864 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3880 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3892 C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
3900 C:\WINDOWS\system32\ctfmon.exe
3860 C:\WINDOWS\ehome\RMSysTry.exe
3328 C:\Program Files\iPod\bin\iPodService.exe
2928 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
3196 C:\Program Files\Mozilla Firefox\firefox.exe
1716 C:\WINDOWS\system32\wuauclt.exe
4012 C:\WINDOWS\system32\notepad.exe
2940 wmiprvse.exe
4036 C:\Documents and Settings\DOH!\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`04699200 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541612J9SA00, Rev: SBDOC74P

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
  • 0

#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,152 posts
  • MVP
Looks pretty good so far. One final scan:

Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

  • 0

#12
BJohn66469

BJohn66469

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hey Ron,

Sorry for the delay in response time. The GMER scan froze the first time I ran it and was unable to get the results log. I restarted the computer and ran the scan over-night and saved the log this morning. I dont think the scan found anything, and overall the computer seems to be running better, even IE. Thanks for your help.

Here is the log:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-18 07:07:38
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541612J9SA00 rev.SBDOC74P
Running: 8cvvjktx.exe; Driver: C:\DOCUME~1\DOH!\LOCALS~1\Temp\pxtdapob.sys


---- System - GMER 1.0.15 ----

SSDT 89DC6DC0 ZwCreateKey
SSDT 89DC7F60 ZwCreateMutant
SSDT 89DC62C0 ZwCreateProcess
SSDT 89DC6580 ZwCreateProcessEx
SSDT 89DC7C20 ZwCreateThread
SSDT 89DC7340 ZwDeleteKey
SSDT 89DC7600 ZwDeleteValueKey
SSDT 89DC7DC0 ZwLoadDriver
SSDT 89DC6840 ZwOpenProcess
SSDT 89DC8100 ZwSetSystemInformation
SSDT 89DC7080 ZwSetValueKey
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB0703620]
SSDT 89DC7A80 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,152 posts
  • MVP
I think we are done. We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

To hide hidden files again:

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You do not have the latest Java (Java™ 6 Update 24). Get the latest at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterward, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.5.
http://download.cnet...4-10752777.html
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you install the MVP Hosts file:
http://www.mvps.org/...p2002/hosts.htm
it will keep you from going to most bad sites. You do not need Spybot's Immunize which does the same thing.

If you have a router, log on to it today and change the default password!

Ron
  • 0

#14
BJohn66469

BJohn66469

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hey Ron,

Thanks again for all of your help. Looks like everything is back to normal. I couldn't of done it without you or geeks to go.

Much appreciation,

BJohn
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP