Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Antimalware doctor & malware protection


  • This topic is locked This topic is locked

#1
redriller

redriller

    Member

  • Member
  • PipPip
  • 11 posts
I have problems with these malwares. I'm looking for help from the forum. Thanks in advance.

OTL logfile created on: 6/07/2011 9:30:28 PM - Run 1
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Users\Thu Le\Desktop\malware
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.50 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 54.88% Memory free
7.00 Gb Paging File | 5.25 Gb Available in Paging File | 74.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 205.13 Gb Free Space | 72.38% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 8.53 Gb Free Space | 58.26% Space Free | Partition Type: NTFS

Computer Name: THULE-PC | User Name: Thu Le | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/06 21:29:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Thu Le\Desktop\malware\OTL.exe
PRC - [2011/05/30 03:31:20 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\Thu Le\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/04/15 02:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/01 19:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/10/15 19:51:51 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009/09/11 06:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/09/11 06:23:46 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/08/17 09:52:08 | 002,043,904 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/08/17 09:52:08 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/08/17 09:50:32 | 008,919,040 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/08/13 08:20:28 | 000,615,720 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009/07/30 14:03:58 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/30 14:03:28 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/14 11:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/01 17:03:12 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/07/01 17:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/07/01 17:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/06/30 03:44:38 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/06/30 03:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\stacsv.exe
PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/03/03 04:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\AEstSrv.exe
PRC - [2006/04/19 09:55:00 | 000,675,840 | ---- | M] () -- C:\Program Files\UniKey Vista 2.0\UniKeyVista2.0.exe
PRC - [2005/01/21 04:57:32 | 003,134,896 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe


========== Modules (SafeList) ==========

MOD - [2011/07/06 21:29:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Thu Le\Desktop\malware\OTL.exe
MOD - [2009/07/14 11:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/07/01 17:03:26 | 000,226,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
MOD - [2009/03/27 01:35:39 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll
MOD - [2006/04/19 09:53:51 | 000,188,416 | ---- | M] () -- C:\Program Files\UniKey Vista 2.0\UKHook40.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/07/02 09:52:29 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/09/11 06:33:18 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/11 06:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/08/17 09:52:08 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/08/13 08:20:28 | 000,615,720 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009/07/30 14:03:28 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/01 17:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/06/30 03:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\stacsv.exe -- (STacSV)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/03/03 04:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\AEstSrv.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV - [2011/01/06 18:37:00 | 000,044,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/06/02 18:06:50 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/09/11 06:26:26 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2009/09/11 06:26:20 | 000,135,048 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2009/09/11 06:23:50 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/09/11 06:17:16 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009/08/13 08:07:02 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009/07/31 00:10:42 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/14 09:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 08:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/06/30 03:44:38 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/06/19 08:10:40 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/12/30 20:00:04 | 000,144,128 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2008/04/17 14:36:14 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/04/27 06:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2007/04/27 06:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E F5 65 34 9C 91 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: [email protected]:6.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.2.1
FF - prefs.js..extensions.enabledItems: {e7f7b7dc-7dec-4e84-9a87-ece02e8a160a}:3.3.2.1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Thu Le\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Thu Le\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/11 14:31:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{025FA5F8-96F1-412F-A690-91EAB475A380}: C:\Users\Thu Le\AppData\Local\{025FA5F8-96F1-412F-A690-91EAB475A380}\ [2011/07/06 20:22:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 21:04:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/10 07:54:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/03/25 11:26:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/01/10 13:03:26 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/11 14:31:22 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\{025FA5F8-96F1-412F-A690-91EAB475A380}: C:\Users\Thu Le\AppData\Local\{025FA5F8-96F1-412F-A690-91EAB475A380}\ [2011/07/06 20:22:48 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 21:04:54 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/10 07:54:17 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/03/25 11:26:44 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKCU\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/01/10 13:03:26 | 000,000,000 | ---D | M]

[2010/03/25 11:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thu Le\AppData\Roaming\Mozilla\Extensions
[2010/03/25 11:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thu Le\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/06/29 08:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thu Le\AppData\Roaming\Mozilla\Firefox\Profiles\644drum5.default\extensions
[2011/06/23 20:53:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Thu Le\AppData\Roaming\Mozilla\Firefox\Profiles\644drum5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/07 10:54:48 | 000,000,000 | ---D | M] (TranslatorBar 3.3 Community Toolbar) -- C:\Users\Thu Le\AppData\Roaming\Mozilla\Firefox\Profiles\644drum5.default\extensions\{e7f7b7dc-7dec-4e84-9a87-ece02e8a160a}
[2011/05/07 10:54:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Thu Le\AppData\Roaming\Mozilla\Firefox\Profiles\644drum5.default\extensions\[email protected]
[2011/05/05 21:04:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/19 21:07:43 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/08 18:57:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/06 20:22:48 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\THU LE\APPDATA\LOCAL\{025FA5F8-96F1-412F-A690-91EAB475A380}
[2011/04/15 02:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/08 18:56:50 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 18:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (brumamkcwgrm Object) - {20F08D1D-10F1-4EEB-BF27-ABC45E7E761D} - C:\Windows\$XNTUninstall643$\rhlqh.dll ()
O2 - BHO: (adfamkcwpr Object) - {27DAE335-5892-4D9E-9210-9AE2717AFAAB} - Reg Error: Value error. File not found
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Bvukozuvovepur] File not found
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Mkuwujecazuwipiq] C:\Users\Thu Le\AppData\Local\tlacrgo.dll (Acronis)
O4 - HKCU..\Run: [Security Protection] File not found
O4 - HKCU..\Run: [UniKey] C:\Program Files\UniKey Vista 2.0\UniKeyVista2.0.exe ()
O4 - Startup: C:\Users\Thu Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/06 22:47:15 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{445fe855-b9b4-11df-815e-c32606dcf9c3}\Shell - "" = AutoRun
O33 - MountPoints2\{445fe855-b9b4-11df-815e-c32606dcf9c3}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{46acc7c1-ff4b-11de-9bcb-002564418c12}\Shell - "" = AutoRun
O33 - MountPoints2\{46acc7c1-ff4b-11de-9bcb-002564418c12}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{49cab61a-fdd0-11de-afc7-002564418c12}\Shell - "" = AutoRun
O33 - MountPoints2\{49cab61a-fdd0-11de-afc7-002564418c12}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{d0bfa5a8-13c2-11df-b0c4-002556d3c532}\Shell - "" = AutoRun
O33 - MountPoints2\{d0bfa5a8-13c2-11df-b0c4-002556d3c532}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d0bfa5bc-13c2-11df-b0c4-002556d3c532}\Shell - "" = AutoRun
O33 - MountPoints2\{d0bfa5bc-13c2-11df-b0c4-002556d3c532}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d0bfa5c6-13c2-11df-b0c4-002556d3c532}\Shell - "" = AutoRun
O33 - MountPoints2\{d0bfa5c6-13c2-11df-b0c4-002556d3c532}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/06 21:29:41 | 000,000,000 | ---D | C] -- C:\Users\Thu Le\Desktop\malware
[2011/07/06 20:52:33 | 000,000,000 | ---D | C] -- C:\Users\Thu Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
[2011/07/06 20:32:09 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/07/06 20:22:48 | 000,000,000 | ---D | C] -- C:\Users\Thu Le\AppData\Local\{025FA5F8-96F1-412F-A690-91EAB475A380}
[2011/07/06 20:21:57 | 000,000,000 | ---D | C] -- C:\Users\Thu Le\AppData\Roaming\13957DED7CBC473FDE8F00437C97F86C
[2011/07/06 20:21:29 | 000,000,000 | ---D | C] -- C:\Windows\$XNTUninstall643$
[2011/06/18 11:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2009/07/14 09:24:44 | 000,093,184 | ---- | C] (Acronis) -- C:\Users\Thu Le\AppData\Local\tlacrgo.dll
[1 C:\Users\Thu Le\*.tmp files -> C:\Users\Thu Le\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/06 21:22:01 | 000,010,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/06 21:22:01 | 000,010,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/06 21:19:06 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/06 21:19:06 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/06 21:14:43 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/06 21:14:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/06 21:14:17 | 2817,282,048 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/06 21:10:20 | 000,000,637 | ---- | M] () -- C:\Users\Public\Desktop\Malware Protection.lnk
[2011/07/06 20:57:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/06 20:52:33 | 000,001,161 | ---- | M] () -- C:\Users\Thu Le\Desktop\Antimalware Doctor.lnk
[2011/07/06 20:52:33 | 000,001,153 | ---- | M] () -- C:\Users\Thu Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2011/07/06 20:52:33 | 000,001,141 | ---- | M] () -- C:\Users\Thu Le\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2011/07/06 20:36:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3824682909-2734197690-2682267914-1000UA.job
[2011/07/06 20:31:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/07/06 20:31:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/07/06 20:22:50 | 000,000,120 | ---- | M] () -- C:\Users\Thu Le\AppData\Local\Qwoyal.dat
[2011/07/06 20:22:50 | 000,000,000 | ---- | M] () -- C:\Users\Thu Le\AppData\Local\Jqunom.bin
[2011/07/06 07:37:19 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3824682909-2734197690-2682267914-1000Core.job
[2011/07/05 21:36:52 | 451,486,419 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/01 23:21:10 | 000,000,109 | ---- | M] () -- C:\Users\Thu Le\Desktop\wWww7.jpg
[1 C:\Users\Thu Le\*.tmp files -> C:\Users\Thu Le\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/06 21:10:20 | 000,000,637 | ---- | C] () -- C:\Users\Public\Desktop\Malware Protection.lnk
[2011/07/06 20:52:33 | 000,001,161 | ---- | C] () -- C:\Users\Thu Le\Desktop\Antimalware Doctor.lnk
[2011/07/06 20:52:33 | 000,001,153 | ---- | C] () -- C:\Users\Thu Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2011/07/06 20:52:33 | 000,001,141 | ---- | C] () -- C:\Users\Thu Le\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2011/07/06 20:31:18 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/07/06 20:31:18 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/07/06 20:22:50 | 000,000,120 | ---- | C] () -- C:\Users\Thu Le\AppData\Local\Qwoyal.dat
[2011/07/06 20:22:50 | 000,000,000 | ---- | C] () -- C:\Users\Thu Le\AppData\Local\Jqunom.bin
[2011/07/01 23:21:08 | 000,000,109 | ---- | C] () -- C:\Users\Thu Le\Desktop\wWww7.jpg
[2011/06/18 11:52:54 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/18 11:52:53 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/06 00:23:24 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/08/26 12:01:13 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010/06/19 20:33:17 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2010/04/19 15:57:03 | 000,003,584 | ---- | C] () -- C:\Users\Thu Le\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/25 11:26:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/01/11 19:00:45 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl27.dat.temp
[2010/01/11 14:23:02 | 000,164,628 | ---- | C] () -- C:\Windows\hpoins27.dat
[2010/01/11 14:23:02 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl27.dat
[2010/01/10 13:43:01 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/01/10 13:01:54 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/01/10 13:01:54 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/01/10 13:01:53 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/01/10 13:01:53 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/01/10 13:01:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010/01/10 13:01:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/01/10 12:22:40 | 000,000,431 | ---- | C] () -- C:\Users\Thu Le\AppData\Local\Win7_Upgrade.bat
[2010/01/10 12:21:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2010/01/10 12:21:22 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/01/10 12:21:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2010/01/10 12:12:49 | 000,001,081 | ---- | C] () -- C:\Users\Thu Le\AppData\Local\Win7_tmp1.htm
[2010/01/10 12:02:55 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/01/10 11:55:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 14:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 14:33:53 | 000,385,320 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 12:05:48 | 000,619,642 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 12:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 12:05:48 | 000,107,792 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 12:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 12:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 12:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 09:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 09:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/07/06 21:12:21 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\13957DED7CBC473FDE8F00437C97F86C
[2010/09/06 23:08:10 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\Autodesk
[2010/06/02 18:09:37 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\DAEMON Tools Lite
[2011/07/06 21:14:49 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\DMCache
[2010/01/10 13:05:03 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\ESET
[2010/01/10 12:58:22 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\Foxit
[2010/05/03 21:00:25 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\IDM
[2010/02/22 09:59:40 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\Juniper Networks
[2011/07/06 09:28:38 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\MTD
[2010/03/25 11:26:44 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\Thunderbird
[2010/01/10 20:36:16 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\Western Digital
[2011/07/06 20:38:01 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/10/21 20:18:26 | 000,016,548 | ---- | M] ()(C:\Users\Thu Le\Documents\Bài tho t́nh cho nh?ng ngu?i không d?n du?c v?i nhau.docx) -- C:\Users\Thu Le\Documents\Bài thơ t́nh cho những người không đến được với nhau.docx
[2010/10/21 20:18:25 | 000,016,548 | ---- | C] ()(C:\Users\Thu Le\Documents\Bài tho t́nh cho nh?ng ngu?i không d?n du?c v?i nhau.docx) -- C:\Users\Thu Le\Documents\Bài thơ t́nh cho những người không đến được với nhau.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:0CE7F3C9

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see what I can do to assist :) On completion of these runs can you let me know what problems remain

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/07/06 20:22:48 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\THU LE\APPDATA\LOCAL\{025FA5F8-96F1-412F-A690-91EAB475A380}
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (brumamkcwgrm Object) - {20F08D1D-10F1-4EEB-BF27-ABC45E7E761D} - C:\Windows\$XNTUninstall643$\rhlqh.dll ()
    O2 - BHO: (adfamkcwpr Object) - {27DAE335-5892-4D9E-9210-9AE2717AFAAB} - Reg Error: Value error. File not found
    O4 - HKCU..\Run: [Mkuwujecazuwipiq] C:\Users\Thu Le\AppData\Local\tlacrgo.dll (Acronis)
    O4 - HKCU..\Run: [Security Protection] File not found
    O4 - Startup: C:\Users\Thu Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk = File not found
    [2011/07/06 20:52:33 | 000,000,000 | ---D | C] -- C:\Users\Thu Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
    [2011/07/06 20:32:09 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
    [2011/07/06 20:22:48 | 000,000,000 | ---D | C] -- C:\Users\Thu Le\AppData\Local\{025FA5F8-96F1-412F-A690-91EAB475A380}
    [2011/07/06 20:21:57 | 000,000,000 | ---D | C] -- C:\Users\Thu Le\AppData\Roaming\13957DED7CBC473FDE8F00437C97F86C
    [2011/07/06 20:21:29 | 000,000,000 | ---D | C] -- C:\Windows\$XNTUninstall643$
    [2009/07/14 09:24:44 | 000,093,184 | ---- | C] (Acronis) -- C:\Users\Thu Le\AppData\Local\tlacrgo.dll
    [2011/07/06 21:10:20 | 000,000,637 | ---- | M] () -- C:\Users\Public\Desktop\Malware Protection.lnk
    [2011/07/06 20:52:33 | 000,001,161 | ---- | M] () -- C:\Users\Thu Le\Desktop\Antimalware Doctor.lnk
    [2011/07/06 20:52:33 | 000,001,153 | ---- | M] () -- C:\Users\Thu Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk
    [2011/07/06 20:52:33 | 000,001,141 | ---- | M] () -- C:\Users\Thu Le\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
    [2011/07/06 20:22:50 | 000,000,120 | ---- | M] () -- C:\Users\Thu Le\AppData\Local\Qwoyal.dat
    [2011/07/06 20:22:50 | 000,000,000 | ---- | M] () -- C:\Users\Thu Le\AppData\Local\Jqunom.bin
    [2011/07/06 21:10:20 | 000,000,637 | ---- | C] () -- C:\Users\Public\Desktop\Malware Protection.lnk
    [2011/07/06 20:52:33 | 000,001,161 | ---- | C] () -- C:\Users\Thu Le\Desktop\Antimalware Doctor.lnk
    [2011/07/06 20:52:33 | 000,001,153 | ---- | C] () -- C:\Users\Thu Le\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk
    [2011/07/06 20:52:33 | 000,001,141 | ---- | C] () -- C:\Users\Thu Le\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
    [2011/07/06 20:22:50 | 000,000,120 | ---- | C] () -- C:\Users\Thu Le\AppData\Local\Qwoyal.dat
    [2011/07/06 20:22:50 | 000,000,000 | ---- | C] () -- C:\Users\Thu Le\AppData\Local\Jqunom.bin
    [2011/07/06 21:12:21 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\13957DED7CBC473FDE8F00437C97F86C

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

AND FINALY

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
redriller

redriller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL logfile created on: 7/07/2011 9:34:46 PM - Run 2
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Users\Thu Le\Desktop\malware
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.50 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 24.93% Memory free
7.00 Gb Paging File | 4.05 Gb Available in Paging File | 57.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 214.70 Gb Free Space | 75.76% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 8.53 Gb Free Space | 58.26% Space Free | Partition Type: NTFS

Computer Name: THULE-PC | User Name: Thu Le | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/06 21:29:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Thu Le\Desktop\malware\OTL.exe
PRC - [2011/05/30 03:31:20 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\Thu Le\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/04/15 02:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/01 19:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/10/15 19:51:51 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009/09/11 06:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/09/11 06:23:46 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/08/17 09:52:08 | 002,043,904 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/08/17 09:52:08 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/08/17 09:50:32 | 008,919,040 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/08/13 08:20:28 | 000,615,720 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009/07/30 14:03:58 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/30 14:03:28 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/14 11:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/01 17:03:12 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/07/01 17:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/07/01 17:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/06/30 03:44:38 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/06/30 03:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\stacsv.exe
PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/03/03 04:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\AEstSrv.exe
PRC - [2006/04/19 09:55:00 | 000,675,840 | ---- | M] () -- C:\Program Files\UniKey Vista 2.0\UniKeyVista2.0.exe
PRC - [2005/01/21 04:57:32 | 003,134,896 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe


========== Modules (SafeList) ==========

MOD - [2011/07/06 21:29:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Thu Le\Desktop\malware\OTL.exe
MOD - [2009/07/14 11:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/07/01 17:03:26 | 000,226,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
MOD - [2009/03/27 01:35:39 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll
MOD - [2006/04/19 09:53:51 | 000,188,416 | ---- | M] () -- C:\Program Files\UniKey Vista 2.0\UKHook40.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/07/02 09:52:29 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/09/11 06:33:18 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/11 06:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/08/17 09:52:08 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/08/13 08:20:28 | 000,615,720 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009/07/30 14:03:28 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/01 17:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/06/30 03:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\stacsv.exe -- (STacSV)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/03/03 04:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\AEstSrv.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV - [2011/01/06 18:37:00 | 000,044,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/06/02 18:06:50 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/09/11 06:26:26 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2009/09/11 06:26:20 | 000,135,048 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2009/09/11 06:23:50 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/09/11 06:17:16 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009/08/13 08:07:02 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009/07/31 00:10:42 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/14 09:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 08:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/06/30 03:44:38 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/06/19 08:10:40 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/12/30 20:00:04 | 000,144,128 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2008/04/17 14:36:14 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/04/27 06:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2007/04/27 06:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E F5 65 34 9C 91 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: [email protected]:6.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.2.1
FF - prefs.js..extensions.enabledItems: {e7f7b7dc-7dec-4e84-9a87-ece02e8a160a}:3.3.2.1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Thu Le\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Thu Le\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/11 14:31:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{025FA5F8-96F1-412F-A690-91EAB475A380}: C:\Users\Thu Le\AppData\Local\{025FA5F8-96F1-412F-A690-91EAB475A380}\
FF - HKLM\software\mozilla\Firefox\Extensions\\{E899FABF-9C3A-40F2-9A88-F1059C0492AA}: C:\Users\Thu Le\AppData\Local\{E899FABF-9C3A-40F2-9A88-F1059C0492AA}\ [2011/07/07 21:32:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 21:04:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/10 07:54:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/03/25 11:26:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/01/10 13:03:26 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/11 14:31:22 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\{025FA5F8-96F1-412F-A690-91EAB475A380}: C:\Users\Thu Le\AppData\Local\{025FA5F8-96F1-412F-A690-91EAB475A380}\
FF - HKCU\software\mozilla\Firefox\Extensions\\{E899FABF-9C3A-40F2-9A88-F1059C0492AA}: C:\Users\Thu Le\AppData\Local\{E899FABF-9C3A-40F2-9A88-F1059C0492AA}\ [2011/07/07 21:32:05 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 21:04:54 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/10 07:54:17 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/03/25 11:26:44 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKCU\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/01/10 13:03:26 | 000,000,000 | ---D | M]

[2010/03/25 11:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thu Le\AppData\Roaming\Mozilla\Extensions
[2010/03/25 11:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thu Le\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/06/29 08:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thu Le\AppData\Roaming\Mozilla\Firefox\Profiles\644drum5.default\extensions
[2011/06/23 20:53:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Thu Le\AppData\Roaming\Mozilla\Firefox\Profiles\644drum5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/07 10:54:48 | 000,000,000 | ---D | M] (TranslatorBar 3.3 Community Toolbar) -- C:\Users\Thu Le\AppData\Roaming\Mozilla\Firefox\Profiles\644drum5.default\extensions\{e7f7b7dc-7dec-4e84-9a87-ece02e8a160a}
[2011/05/07 10:54:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Thu Le\AppData\Roaming\Mozilla\Firefox\Profiles\644drum5.default\extensions\[email protected]
[2011/05/05 21:04:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/19 21:07:43 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/08 18:57:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/07 21:32:05 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\THU LE\APPDATA\LOCAL\{E899FABF-9C3A-40F2-9A88-F1059C0492AA}
[2011/04/15 02:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/08 18:56:50 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 18:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/07 21:10:24 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Bvukozuvovepur] File not found
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Mkuwujecazuwipiq] File not found
O4 - HKCU..\Run: [UniKey] C:\Program Files\UniKey Vista 2.0\UniKeyVista2.0.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/06 22:47:15 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{445fe855-b9b4-11df-815e-c32606dcf9c3}\Shell - "" = AutoRun
O33 - MountPoints2\{445fe855-b9b4-11df-815e-c32606dcf9c3}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{46acc7c1-ff4b-11de-9bcb-002564418c12}\Shell - "" = AutoRun
O33 - MountPoints2\{46acc7c1-ff4b-11de-9bcb-002564418c12}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{49cab61a-fdd0-11de-afc7-002564418c12}\Shell - "" = AutoRun
O33 - MountPoints2\{49cab61a-fdd0-11de-afc7-002564418c12}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{d0bfa5a8-13c2-11df-b0c4-002556d3c532}\Shell - "" = AutoRun
O33 - MountPoints2\{d0bfa5a8-13c2-11df-b0c4-002556d3c532}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d0bfa5bc-13c2-11df-b0c4-002556d3c532}\Shell - "" = AutoRun
O33 - MountPoints2\{d0bfa5bc-13c2-11df-b0c4-002556d3c532}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d0bfa5c6-13c2-11df-b0c4-002556d3c532}\Shell - "" = AutoRun
O33 - MountPoints2\{d0bfa5c6-13c2-11df-b0c4-002556d3c532}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/07 21:32:03 | 000,000,000 | ---D | C] -- C:\Users\Thu Le\AppData\Local\{E899FABF-9C3A-40F2-9A88-F1059C0492AA}
[2011/07/07 21:14:58 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/07/07 21:10:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/06 21:29:41 | 000,000,000 | ---D | C] -- C:\Users\Thu Le\Desktop\malware
[2011/06/18 11:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[1 C:\Users\Thu Le\*.tmp files -> C:\Users\Thu Le\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/07 21:36:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3824682909-2734197690-2682267914-1000UA.job
[2011/07/07 21:24:02 | 000,010,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/07 21:24:02 | 000,010,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/07 21:21:02 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/07 21:21:02 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/07 21:16:49 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/07 21:16:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/07 21:16:20 | 2817,282,048 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/07 21:10:24 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/07/07 09:57:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/07 07:56:47 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3824682909-2734197690-2682267914-1000Core.job
[2011/07/06 20:31:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/07/06 20:31:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/07/05 21:36:52 | 451,486,419 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/01 23:21:10 | 000,000,109 | ---- | M] () -- C:\Users\Thu Le\Desktop\wWww7.jpg
[1 C:\Users\Thu Le\*.tmp files -> C:\Users\Thu Le\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/06 20:31:18 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/07/06 20:31:18 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/07/01 23:21:08 | 000,000,109 | ---- | C] () -- C:\Users\Thu Le\Desktop\wWww7.jpg
[2011/06/18 11:52:54 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/18 11:52:53 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/06 00:23:24 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/08/26 12:01:13 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010/06/19 20:33:17 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2010/04/19 15:57:03 | 000,003,584 | ---- | C] () -- C:\Users\Thu Le\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/25 11:26:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/01/11 19:00:45 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl27.dat.temp
[2010/01/11 14:23:02 | 000,164,628 | ---- | C] () -- C:\Windows\hpoins27.dat
[2010/01/11 14:23:02 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl27.dat
[2010/01/10 13:43:01 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/01/10 13:01:54 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/01/10 13:01:54 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/01/10 13:01:53 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/01/10 13:01:53 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/01/10 13:01:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010/01/10 13:01:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/01/10 12:22:40 | 000,000,431 | ---- | C] () -- C:\Users\Thu Le\AppData\Local\Win7_Upgrade.bat
[2010/01/10 12:21:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2010/01/10 12:21:22 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/01/10 12:21:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2010/01/10 12:12:49 | 000,001,081 | ---- | C] () -- C:\Users\Thu Le\AppData\Local\Win7_tmp1.htm
[2010/01/10 12:02:55 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/01/10 11:55:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 14:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 14:33:53 | 000,385,320 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 12:05:48 | 000,619,642 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 12:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 12:05:48 | 000,107,792 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 12:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 12:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 12:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 09:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 09:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/09/06 23:08:10 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\Autodesk
[2010/06/02 18:09:37 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\DAEMON Tools Lite
[2011/07/07 21:37:19 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\DMCache
[2010/01/10 13:05:03 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\ESET
[2010/01/10 12:58:22 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\Foxit
[2010/05/03 21:00:25 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\IDM
[2010/02/22 09:59:40 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\Juniper Networks
[2011/07/06 22:49:07 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\MTD
[2010/03/25 11:26:44 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\Thunderbird
[2010/01/10 20:36:16 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\Western Digital
[2011/07/07 21:15:45 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/10/21 20:18:26 | 000,016,548 | ---- | M] ()(C:\Users\Thu Le\Documents\Bài tho tình cho nh?ng ngu?i không d?n du?c v?i nhau.docx) -- C:\Users\Thu Le\Documents\Bài thơ tình cho những người không đến được với nhau.docx
[2010/10/21 20:18:25 | 000,016,548 | ---- | C] ()(C:\Users\Thu Le\Documents\Bài tho tình cho nh?ng ngu?i không d?n du?c v?i nhau.docx) -- C:\Users\Thu Le\Documents\Bài thơ tình cho những người không đến được với nhau.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:0CE7F3C9

< End of report >

________________________________________________

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7040

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/07/2011 9:48:28 PM
mbam-log-2011-07-07 (21-48-28).txt

Scan type: Quick scan
Objects scanned: 160026
Time elapsed: 6 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Context\Context-Ads (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Context\Context-Ads (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$XNTUninstall643$ (Adware.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mkuwujecazuwipiq (Trojan.Agent.U) -> Value: Mkuwujecazuwipiq -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bvukozuvovepur (Trojan.Agent.U) -> Value: Bvukozuvovepur -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Temp\R66v.exe (Trojan.Agent) -> Delete on reboot.
c:\Windows\Temp\temporary internet files\Content.IE5\AEUPKQQ5\info[1].exe (Trojan.Agent) -> Delete on reboot.

_______________________________________

aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-07 21:54:24
-----------------------------
21:54:24.230 OS Version: Windows 6.1.7600
21:54:24.231 Number of processors: 2 586 0x170A
21:54:24.233 ComputerName: THULE-PC UserName: Thu Le
21:54:25.654 Initialize success
22:01:56.821 AVAST engine defs: 11070700
22:03:31.918 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:03:31.920 Disk 0 Vendor: WDC_WD3200BEVT-75ZCT2 11.01A11 Size: 305245MB BusType: 11
22:03:33.924 Disk 0 MBR read successfully
22:03:33.927 Disk 0 MBR scan
22:03:33.930 Disk 0 [email protected] code has been found
22:03:33.933 Disk 0 Windows 7 default MBR code found via API
22:03:33.938 Disk 0 MBR hidden
22:03:33.941 Disk 0 MBR [TDL4] **ROOTKIT**
22:03:33.946 Disk 0 trace - called modules:
22:03:33.950 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x873d84d0]<<
22:03:33.955 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x873a5030]
22:03:33.960 3 CLASSPNP.SYS[8d36f59e] -> nt!IofCallDriver -> [0x8722fa60]
22:03:33.964 \Driver\atapi[0x873a9258] -> IRP_MJ_CREATE -> 0x873d84d0
22:03:36.816 AVAST engine scan C:\Windows
22:24:30.845 AVAST engine scan C:\Users\Thu Le
22:28:26.335 AVAST engine scan C:\ProgramData
22:30:05.194 Scan finished successfully
22:31:45.440 Disk 0 MBR has been saved successfully to "C:\Users\Thu Le\Desktop\malware\MBR.dat"
22:31:45.457 The log file has been saved successfully to "C:\Users\Thu Le\Desktop\malware\aswMBR.txt"

Edited by redriller, 07 July 2011 - 06:32 AM.

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK one major player to kill now and then let me know of any problems at all

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/07/07 21:32:05 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\THU LE\APPDATA\LOCAL\{E899FABF-9C3A-40F2-9A88-F1059C0492AA}

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#5
redriller

redriller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL logfile created on: 8/07/2011 9:06:02 PM - Run 3
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Users\Thu Le\Desktop\malware
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.50 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 67.77% Memory free
7.00 Gb Paging File | 5.68 Gb Available in Paging File | 81.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 214.48 Gb Free Space | 75.68% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 8.53 Gb Free Space | 58.26% Space Free | Partition Type: NTFS

Computer Name: THULE-PC | User Name: Thu Le | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/06 21:29:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Thu Le\Desktop\malware\OTL.exe
PRC - [2011/05/30 03:31:20 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\Thu Le\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/04/15 02:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/01 19:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/10/15 19:51:51 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009/09/11 06:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/09/11 06:23:46 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/08/17 09:52:08 | 002,043,904 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/08/17 09:52:08 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/08/17 09:50:32 | 008,919,040 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/08/13 08:20:28 | 000,615,720 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009/07/30 14:03:58 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/30 14:03:28 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/14 11:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/01 17:03:12 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/07/01 17:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/07/01 17:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/06/30 03:44:38 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/06/30 03:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\stacsv.exe
PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/03/03 04:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\AEstSrv.exe
PRC - [2006/04/19 09:55:00 | 000,675,840 | ---- | M] () -- C:\Program Files\UniKey Vista 2.0\UniKeyVista2.0.exe
PRC - [2005/01/21 04:57:32 | 003,134,896 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe


========== Modules (SafeList) ==========

MOD - [2011/07/06 21:29:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Thu Le\Desktop\malware\OTL.exe
MOD - [2009/07/14 11:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/07/01 17:03:26 | 000,226,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
MOD - [2009/03/27 01:35:39 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll
MOD - [2006/04/19 09:53:51 | 000,188,416 | ---- | M] () -- C:\Program Files\UniKey Vista 2.0\UKHook40.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/07/02 09:52:29 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/09/11 06:33:18 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/11 06:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/08/17 09:52:08 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/08/13 08:20:28 | 000,615,720 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009/07/30 14:03:28 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/01 17:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/06/30 03:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\stacsv.exe -- (STacSV)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/03/03 04:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\AEstSrv.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/01/06 18:37:00 | 000,044,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/06/02 18:06:50 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/09/11 06:26:26 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2009/09/11 06:26:20 | 000,135,048 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2009/09/11 06:23:50 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/09/11 06:17:16 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009/08/13 08:07:02 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009/07/31 00:10:42 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/14 09:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 08:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/06/30 03:44:38 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/06/19 08:10:40 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/12/30 20:00:04 | 000,144,128 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2008/04/17 14:36:14 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/04/27 06:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2007/04/27 06:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E F5 65 34 9C 91 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: [email protected]:6.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.2.1
FF - prefs.js..extensions.enabledItems: {e7f7b7dc-7dec-4e84-9a87-ece02e8a160a}:3.3.2.1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Thu Le\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Thu Le\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/11 14:31:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{025FA5F8-96F1-412F-A690-91EAB475A380}: C:\Users\Thu Le\AppData\Local\{025FA5F8-96F1-412F-A690-91EAB475A380}\
FF - HKLM\software\mozilla\Firefox\Extensions\\{E899FABF-9C3A-40F2-9A88-F1059C0492AA}: C:\Users\Thu Le\AppData\Local\{E899FABF-9C3A-40F2-9A88-F1059C0492AA}\
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 21:04:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/10 07:54:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/03/25 11:26:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/01/10 13:03:26 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/11 14:31:22 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\{025FA5F8-96F1-412F-A690-91EAB475A380}: C:\Users\Thu Le\AppData\Local\{025FA5F8-96F1-412F-A690-91EAB475A380}\
FF - HKCU\software\mozilla\Firefox\Extensions\\{E899FABF-9C3A-40F2-9A88-F1059C0492AA}: C:\Users\Thu Le\AppData\Local\{E899FABF-9C3A-40F2-9A88-F1059C0492AA}\
FF - HKCU\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 21:04:54 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/10 07:54:17 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/03/25 11:26:44 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKCU\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/01/10 13:03:26 | 000,000,000 | ---D | M]

[2010/03/25 11:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thu Le\AppData\Roaming\Mozilla\Extensions
[2010/03/25 11:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thu Le\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/06/29 08:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thu Le\AppData\Roaming\Mozilla\Firefox\Profiles\644drum5.default\extensions
[2011/06/23 20:53:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Thu Le\AppData\Roaming\Mozilla\Firefox\Profiles\644drum5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/07 10:54:48 | 000,000,000 | ---D | M] (TranslatorBar 3.3 Community Toolbar) -- C:\Users\Thu Le\AppData\Roaming\Mozilla\Firefox\Profiles\644drum5.default\extensions\{e7f7b7dc-7dec-4e84-9a87-ece02e8a160a}
[2011/05/07 10:54:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Thu Le\AppData\Roaming\Mozilla\Firefox\Profiles\644drum5.default\extensions\[email protected]
[2011/05/05 21:04:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/19 21:07:43 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/08 18:57:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
[2011/04/15 02:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/08 18:56:50 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 18:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/08 21:01:04 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [UniKey] C:\Program Files\UniKey Vista 2.0\UniKeyVista2.0.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\idmmbc.dll (Tonec Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/06 22:47:15 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{445fe855-b9b4-11df-815e-c32606dcf9c3}\Shell - "" = AutoRun
O33 - MountPoints2\{445fe855-b9b4-11df-815e-c32606dcf9c3}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{49cab61a-fdd0-11de-afc7-002564418c12}\Shell - "" = AutoRun
O33 - MountPoints2\{49cab61a-fdd0-11de-afc7-002564418c12}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{d0bfa5a8-13c2-11df-b0c4-002556d3c532}\Shell - "" = AutoRun
O33 - MountPoints2\{d0bfa5a8-13c2-11df-b0c4-002556d3c532}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d0bfa5bc-13c2-11df-b0c4-002556d3c532}\Shell - "" = AutoRun
O33 - MountPoints2\{d0bfa5bc-13c2-11df-b0c4-002556d3c532}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d0bfa5c6-13c2-11df-b0c4-002556d3c532}\Shell - "" = AutoRun
O33 - MountPoints2\{d0bfa5c6-13c2-11df-b0c4-002556d3c532}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/07 21:40:29 | 000,000,000 | ---D | C] -- C:\Users\Thu Le\AppData\Roaming\Malwarebytes
[2011/07/07 21:40:22 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/07 21:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/07 21:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/07 21:40:18 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/07 21:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/07 21:14:58 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/07/07 21:10:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/06 21:29:41 | 000,000,000 | ---D | C] -- C:\Users\Thu Le\Desktop\malware
[2011/06/18 11:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[1 C:\Users\Thu Le\*.tmp files -> C:\Users\Thu Le\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/08 21:03:04 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/08 21:02:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/08 21:02:42 | 2817,282,048 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/08 21:02:04 | 000,010,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/08 21:02:04 | 000,010,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/08 21:01:52 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/08 21:01:52 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/08 21:01:04 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/07/07 22:57:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/07 22:36:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3824682909-2734197690-2682267914-1000UA.job
[2011/07/07 21:40:22 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/07 07:56:47 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3824682909-2734197690-2682267914-1000Core.job
[2011/07/06 20:31:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/07/06 20:31:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/07/05 21:36:52 | 451,486,419 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/01 23:21:10 | 000,000,109 | ---- | M] () -- C:\Users\Thu Le\Desktop\wWww7.jpg
[1 C:\Users\Thu Le\*.tmp files -> C:\Users\Thu Le\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/07 21:40:22 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/06 20:31:18 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/07/06 20:31:18 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/07/01 23:21:08 | 000,000,109 | ---- | C] () -- C:\Users\Thu Le\Desktop\wWww7.jpg
[2011/06/18 11:52:54 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/18 11:52:53 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/06 00:23:24 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/08/26 12:01:13 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010/06/19 20:33:17 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2010/04/19 15:57:03 | 000,003,584 | ---- | C] () -- C:\Users\Thu Le\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/25 11:26:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/01/11 19:00:45 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl27.dat.temp
[2010/01/11 14:23:02 | 000,164,628 | ---- | C] () -- C:\Windows\hpoins27.dat
[2010/01/11 14:23:02 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl27.dat
[2010/01/10 13:43:01 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/01/10 13:01:54 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/01/10 13:01:54 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/01/10 13:01:53 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/01/10 13:01:53 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/01/10 13:01:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010/01/10 13:01:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/01/10 12:22:40 | 000,000,431 | ---- | C] () -- C:\Users\Thu Le\AppData\Local\Win7_Upgrade.bat
[2010/01/10 12:21:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2010/01/10 12:21:22 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/01/10 12:21:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2010/01/10 12:12:49 | 000,001,081 | ---- | C] () -- C:\Users\Thu Le\AppData\Local\Win7_tmp1.htm
[2010/01/10 12:02:55 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/01/10 11:55:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 14:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 14:33:53 | 000,385,320 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 12:05:48 | 000,619,642 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 12:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 12:05:48 | 000,107,792 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 12:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 12:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 12:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 09:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 09:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/09/06 23:08:10 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\Autodesk
[2010/06/02 18:09:37 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\DAEMON Tools Lite
[2011/07/08 21:03:44 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\DMCache
[2010/01/10 13:05:03 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\ESET
[2010/01/10 12:58:22 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\Foxit
[2010/05/03 21:00:25 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\IDM
[2010/02/22 09:59:40 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\Juniper Networks
[2011/07/06 22:49:07 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\MTD
[2010/03/25 11:26:44 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\Thunderbird
[2010/01/10 20:36:16 | 000,000,000 | ---D | M] -- C:\Users\Thu Le\AppData\Roaming\Western Digital
[2011/07/07 22:48:28 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/10/21 20:18:26 | 000,016,548 | ---- | M] ()(C:\Users\Thu Le\Documents\Bài tho t́nh cho nh?ng ngu?i không d?n du?c v?i nhau.docx) -- C:\Users\Thu Le\Documents\Bài thơ t́nh cho những người không đến được với nhau.docx
[2010/10/21 20:18:25 | 000,016,548 | ---- | C] ()(C:\Users\Thu Le\Documents\Bài tho t́nh cho nh?ng ngu?i không d?n du?c v?i nhau.docx) -- C:\Users\Thu Le\Documents\Bài thơ t́nh cho những người không đến được với nhau.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:0CE7F3C9

< End of report >


________________________________________

2011/07/08 21:10:03.0571 5032 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/08 21:10:05.0106 5032 ================================================================================
2011/07/08 21:10:05.0106 5032 SystemInfo:
2011/07/08 21:10:05.0106 5032
2011/07/08 21:10:05.0106 5032 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/08 21:10:05.0106 5032 Product type: Workstation
2011/07/08 21:10:05.0106 5032 ComputerName: THULE-PC
2011/07/08 21:10:05.0106 5032 UserName: Thu Le
2011/07/08 21:10:05.0106 5032 Windows directory: C:\Windows
2011/07/08 21:10:05.0106 5032 System windows directory: C:\Windows
2011/07/08 21:10:05.0106 5032 Processor architecture: Intel x86
2011/07/08 21:10:05.0106 5032 Number of processors: 2
2011/07/08 21:10:05.0106 5032 Page size: 0x1000
2011/07/08 21:10:05.0106 5032 Boot type: Normal boot
2011/07/08 21:10:05.0106 5032 ================================================================================
2011/07/08 21:10:06.0347 5032 Initialize success
2011/07/08 21:10:17.0729 4864 ================================================================================
2011/07/08 21:10:17.0729 4864 Scan started
2011/07/08 21:10:17.0729 4864 Mode: Manual;
2011/07/08 21:10:17.0729 4864 ================================================================================
2011/07/08 21:10:19.0219 4864 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/08 21:10:19.0282 4864 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/08 21:10:19.0319 4864 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/08 21:10:19.0372 4864 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/08 21:10:19.0410 4864 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/08 21:10:19.0436 4864 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/08 21:10:19.0508 4864 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/07/08 21:10:19.0534 4864 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/08 21:10:19.0583 4864 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/07/08 21:10:19.0623 4864 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/08 21:10:19.0672 4864 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/07/08 21:10:19.0692 4864 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/08 21:10:19.0730 4864 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/08 21:10:19.0761 4864 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/08 21:10:19.0798 4864 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/07/08 21:10:19.0844 4864 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/08 21:10:19.0872 4864 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/07/08 21:10:19.0907 4864 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/07/08 21:10:19.0961 4864 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/07/08 21:10:19.0993 4864 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/08 21:10:20.0035 4864 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/08 21:10:20.0060 4864 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/08 21:10:20.0247 4864 atikmdag (6b70eb8e4aaf60598d61bcf8c41eacfb) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/08 21:10:20.0521 4864 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/07/08 21:10:20.0849 4864 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/08 21:10:21.0428 4864 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/07/08 21:10:21.0697 4864 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/07/08 21:10:21.0756 4864 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/08 21:10:21.0779 4864 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/08 21:10:21.0800 4864 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/08 21:10:21.0827 4864 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/08 21:10:21.0863 4864 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/07/08 21:10:21.0888 4864 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/08 21:10:21.0910 4864 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/08 21:10:21.0934 4864 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/08 21:10:21.0994 4864 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/07/08 21:10:22.0016 4864 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/08 21:10:22.0060 4864 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/07/08 21:10:22.0101 4864 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2011/07/08 21:10:22.0153 4864 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2011/07/08 21:10:22.0204 4864 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys
2011/07/08 21:10:22.0242 4864 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\DRIVERS\btwavdt.sys
2011/07/08 21:10:22.0285 4864 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/07/08 21:10:22.0299 4864 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/07/08 21:10:22.0359 4864 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/08 21:10:22.0412 4864 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/08 21:10:22.0458 4864 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/08 21:10:22.0492 4864 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/07/08 21:10:22.0527 4864 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/08 21:10:22.0546 4864 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/08 21:10:22.0576 4864 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/07/08 21:10:22.0627 4864 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/08 21:10:22.0665 4864 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/08 21:10:22.0705 4864 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/08 21:10:22.0763 4864 CtClsFlt (281b2b60b5cb449bcf0474eecf73ebec) C:\Windows\system32\DRIVERS\CtClsFlt.sys
2011/07/08 21:10:22.0811 4864 dc3d (484ffbcec4091ff617494b6b0cb04eb3) C:\Windows\system32\DRIVERS\dc3d.sys
2011/07/08 21:10:22.0864 4864 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/07/08 21:10:22.0900 4864 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/07/08 21:10:22.0938 4864 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/07/08 21:10:22.0996 4864 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
2011/07/08 21:10:23.0028 4864 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/07/08 21:10:23.0063 4864 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/07/08 21:10:23.0106 4864 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/07/08 21:10:23.0169 4864 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
2011/07/08 21:10:23.0235 4864 DXGKrnl (39806cfeddcc55e686a49bccd2972f23) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/08 21:10:23.0320 4864 eamon (30372bcc67d63bee538cdfeca755d81c) C:\Windows\system32\DRIVERS\eamon.sys
2011/07/08 21:10:23.0439 4864 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/07/08 21:10:23.0572 4864 ehdrv (6504d6afb75fef830dd99e8c4235d54d) C:\Windows\system32\DRIVERS\ehdrv.sys
2011/07/08 21:10:23.0616 4864 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/08 21:10:23.0645 4864 epfw (86895d4413316becc2d7944d2749586c) C:\Windows\system32\DRIVERS\epfw.sys
2011/07/08 21:10:23.0685 4864 Epfwndis (3b47010b2425b69826004767e59045ba) C:\Windows\system32\DRIVERS\Epfwndis.sys
2011/07/08 21:10:23.0725 4864 epfwwfp (396ce762d1650387a2fe184e245fbba1) C:\Windows\system32\DRIVERS\epfwwfp.sys
2011/07/08 21:10:23.0761 4864 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/08 21:10:23.0808 4864 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/07/08 21:10:23.0833 4864 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/07/08 21:10:23.0870 4864 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/08 21:10:23.0910 4864 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/07/08 21:10:23.0939 4864 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/07/08 21:10:23.0961 4864 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/08 21:10:23.0993 4864 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/07/08 21:10:24.0034 4864 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/07/08 21:10:24.0062 4864 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/08 21:10:24.0092 4864 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/08 21:10:24.0148 4864 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/08 21:10:24.0197 4864 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/08 21:10:24.0248 4864 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/07/08 21:10:24.0289 4864 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/08 21:10:24.0309 4864 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/08 21:10:24.0345 4864 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/08 21:10:24.0381 4864 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/08 21:10:24.0421 4864 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/08 21:10:24.0493 4864 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/08 21:10:24.0551 4864 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/07/08 21:10:24.0607 4864 hwdatacard (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/07/08 21:10:24.0631 4864 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/08 21:10:24.0693 4864 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/08 21:10:24.0726 4864 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/07/08 21:10:24.0778 4864 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/08 21:10:24.0814 4864 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/08 21:10:24.0849 4864 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/08 21:10:24.0877 4864 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/08 21:10:24.0907 4864 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/08 21:10:24.0934 4864 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/07/08 21:10:24.0967 4864 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/07/08 21:10:24.0993 4864 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/08 21:10:25.0032 4864 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/08 21:10:25.0081 4864 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/08 21:10:25.0108 4864 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/08 21:10:25.0137 4864 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/08 21:10:25.0166 4864 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/08 21:10:25.0233 4864 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/08 21:10:25.0298 4864 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/08 21:10:25.0328 4864 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/08 21:10:25.0355 4864 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/08 21:10:25.0386 4864 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/08 21:10:25.0433 4864 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/07/08 21:10:25.0510 4864 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/07/08 21:10:25.0530 4864 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/08 21:10:25.0581 4864 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/08 21:10:25.0615 4864 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/07/08 21:10:25.0662 4864 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/08 21:10:25.0693 4864 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/08 21:10:25.0723 4864 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/08 21:10:25.0746 4864 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/07/08 21:10:25.0777 4864 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/08 21:10:25.0801 4864 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/08 21:10:25.0840 4864 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/07/08 21:10:25.0881 4864 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/08 21:10:25.0911 4864 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/08 21:10:25.0937 4864 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/08 21:10:25.0957 4864 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/08 21:10:25.0988 4864 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/08 21:10:26.0030 4864 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/07/08 21:10:26.0052 4864 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/08 21:10:26.0077 4864 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/08 21:10:26.0149 4864 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/08 21:10:26.0172 4864 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/08 21:10:26.0198 4864 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/07/08 21:10:26.0221 4864 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/07/08 21:10:26.0251 4864 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/08 21:10:26.0279 4864 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/07/08 21:10:26.0300 4864 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/08 21:10:26.0329 4864 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/07/08 21:10:26.0375 4864 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/08 21:10:26.0422 4864 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/07/08 21:10:26.0459 4864 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/08 21:10:26.0496 4864 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/08 21:10:26.0543 4864 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/08 21:10:26.0573 4864 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/08 21:10:26.0590 4864 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/07/08 21:10:26.0648 4864 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/08 21:10:26.0682 4864 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/08 21:10:26.0745 4864 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/08 21:10:26.0793 4864 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/07/08 21:10:26.0826 4864 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/08 21:10:26.0877 4864 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/07/08 21:10:26.0932 4864 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/07/08 21:10:26.0967 4864 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/07/08 21:10:26.0994 4864 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/07/08 21:10:27.0023 4864 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/08 21:10:27.0066 4864 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/08 21:10:27.0125 4864 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/07/08 21:10:27.0152 4864 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/07/08 21:10:27.0173 4864 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/08 21:10:27.0208 4864 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/07/08 21:10:27.0237 4864 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/08 21:10:27.0271 4864 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/08 21:10:27.0301 4864 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/07/08 21:10:27.0337 4864 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/07/08 21:10:27.0475 4864 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/08 21:10:27.0505 4864 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/07/08 21:10:27.0555 4864 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/08 21:10:27.0614 4864 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/08 21:10:27.0681 4864 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/08 21:10:27.0719 4864 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/08 21:10:27.0747 4864 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/08 21:10:27.0792 4864 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/08 21:10:27.0827 4864 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/08 21:10:27.0874 4864 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/08 21:10:27.0898 4864 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/08 21:10:27.0923 4864 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/08 21:10:27.0971 4864 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/08 21:10:27.0993 4864 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/08 21:10:28.0033 4864 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/08 21:10:28.0062 4864 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/08 21:10:28.0084 4864 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/07/08 21:10:28.0132 4864 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/07/08 21:10:28.0207 4864 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/07/08 21:10:28.0271 4864 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/08 21:10:28.0321 4864 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/08 21:10:28.0361 4864 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/08 21:10:28.0411 4864 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/08 21:10:28.0496 4864 Sentinel (95a26d5d8ceda33377af627dafc2796f) C:\Windows\System32\Drivers\SENTINEL.SYS
2011/07/08 21:10:28.0522 4864 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/08 21:10:28.0568 4864 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/07/08 21:10:28.0590 4864 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/08 21:10:28.0640 4864 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/08 21:10:28.0668 4864 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/08 21:10:28.0700 4864 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/08 21:10:28.0720 4864 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/08 21:10:28.0756 4864 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/07/08 21:10:28.0794 4864 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/08 21:10:28.0821 4864 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/08 21:10:28.0878 4864 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/07/08 21:10:28.0949 4864 SNTNLUSB (8d4a96868ae13c3cf8425b383b59d802) C:\Windows\system32\DRIVERS\SNTNLUSB.SYS
2011/07/08 21:10:28.0984 4864 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/07/08 21:10:29.0080 4864 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/07/08 21:10:29.0080 4864 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/07/08 21:10:29.0087 4864 sptd - detected LockedFile.Multi.Generic (1)
2011/07/08 21:10:29.0129 4864 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
2011/07/08 21:10:29.0162 4864 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/08 21:10:29.0196 4864 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/08 21:10:29.0242 4864 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/08 21:10:29.0303 4864 STHDA (666954876b4c973eee61b1b2332b58c4) C:\Windows\system32\DRIVERS\stwrt.sys
2011/07/08 21:10:29.0341 4864 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/08 21:10:29.0429 4864 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2011/07/08 21:10:29.0511 4864 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/08 21:10:29.0548 4864 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/08 21:10:29.0578 4864 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/07/08 21:10:29.0602 4864 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/07/08 21:10:29.0629 4864 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/08 21:10:29.0648 4864 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/08 21:10:29.0722 4864 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/08 21:10:29.0764 4864 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/08 21:10:29.0792 4864 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/08 21:10:29.0817 4864 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/08 21:10:29.0854 4864 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/08 21:10:29.0900 4864 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/08 21:10:29.0923 4864 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/08 21:10:29.0964 4864 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/08 21:10:30.0008 4864 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/08 21:10:30.0047 4864 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/08 21:10:30.0074 4864 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/08 21:10:30.0104 4864 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/08 21:10:30.0159 4864 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/08 21:10:30.0194 4864 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/08 21:10:30.0227 4864 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/08 21:10:30.0256 4864 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/08 21:10:30.0309 4864 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2011/07/08 21:10:30.0356 4864 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/08 21:10:30.0395 4864 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/08 21:10:30.0422 4864 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/07/08 21:10:30.0454 4864 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/08 21:10:30.0506 4864 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/07/08 21:10:30.0533 4864 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/07/08 21:10:30.0561 4864 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/08 21:10:30.0590 4864 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/08 21:10:30.0627 4864 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/07/08 21:10:30.0664 4864 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/08 21:10:30.0713 4864 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/08 21:10:30.0751 4864 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/08 21:10:30.0784 4864 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/08 21:10:30.0831 4864 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/07/08 21:10:30.0880 4864 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/08 21:10:30.0923 4864 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/08 21:10:30.0937 4864 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/08 21:10:30.0993 4864 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/07/08 21:10:31.0045 4864 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
2011/07/08 21:10:31.0094 4864 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/08 21:10:31.0193 4864 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/08 21:10:31.0222 4864 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/07/08 21:10:31.0299 4864 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/08 21:10:31.0355 4864 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/08 21:10:31.0398 4864 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/07/08 21:10:31.0446 4864 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/08 21:10:31.0517 4864 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
2011/07/08 21:10:31.0577 4864 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0
2011/07/08 21:10:31.0583 4864 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/07/08 21:10:31.0605 4864 Boot (0x1200) (e5340555ad6854635e24d36052265677) \Device\Harddisk0\DR0\Partition0
2011/07/08 21:10:31.0626 4864 Boot (0x1200) (ce4db4c8482652e9715b86b5677b5400) \Device\Harddisk0\DR0\Partition1
2011/07/08 21:10:31.0632 4864 ================================================================================
2011/07/08 21:10:31.0632 4864 Scan finished
2011/07/08 21:10:31.0632 4864 ================================================================================
2011/07/08 21:10:31.0644 3636 Detected object count: 2
2011/07/08 21:10:31.0644 3636 Actual detected object count: 2
2011/07/08 21:11:00.0672 3636 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/07/08 21:11:00.0723 3636 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/07/08 21:11:00.0723 3636 \Device\Harddisk0\DR0 - ok
2011/07/08 21:11:00.0724 3636 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/07/08 21:11:15.0392 5464 Deinitialize success
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?

Could you update and run malwarebytes please and post the resultant log
  • 0

#7
redriller

redriller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/07/2011 10:49:14 AM
mbam-log-2011-07-09 (10-49-14).txt

Scan type: Quick scan
Objects scanned: 155909
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


______________________________

I think it's working well now.

Thanks so much! :)
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :yes:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones

  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup an select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :unsure:
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP