Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cannot run any .exe to get rid of virus


  • This topic is locked This topic is locked

#1
p.ave

p.ave

    Member

  • Member
  • PipPip
  • 27 posts
Running windows XP and cannot run any .exe in normal mode. Any help would be greatly appreciated!! Had to start OTL in alt mode. Here is my OTL log:


OTL logfile created on: 8/9/2011 1:49:08 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\TEST\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.52 Mb Total Physical Memory | 58.36 Mb Available Physical Memory | 6.09% Memory free
2.26 Gb Paging File | 0.89 Gb Available in Paging File | 39.32% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 62.03 Gb Total Space | 24.91 Gb Free Space | 40.15% Space Free | Partition Type: NTFS
Drive D: | 11.46 Gb Total Space | 1.27 Gb Free Space | 11.04% Space Free | Partition Type: FAT32

Computer Name: YOUR-0CDC4F5844 | User Name: TEST | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/09 13:47:47 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TEST\My Documents\Downloads\OTL.scr
PRC - [2011/08/04 08:52:50 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\FWES\program\fsdfwd.exe
PRC - [2011/08/04 08:23:53 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe
PRC - [2011/08/04 08:23:41 | 000,484,520 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsav32.exe
PRC - [2011/08/04 08:22:03 | 000,983,592 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe
PRC - [2011/08/04 08:22:03 | 000,508,456 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32.exe
PRC - [2011/06/29 22:14:50 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/27 09:23:56 | 000,161,336 | ---- | M] (Google) -- C:\Documents and Settings\TEST\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2009/11/25 15:42:18 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2009/08/05 11:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
PRC - [2009/08/05 11:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSHDLL32.EXE
PRC - [2009/08/05 11:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
PRC - [2009/06/03 08:46:36 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2011/08/09 13:47:47 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TEST\My Documents\Downloads\OTL.scr
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (HitmanPro35CrusaderBoot) Hitman Pro 3.5 Crusader (Boot)
SRV - [2011/08/04 08:52:50 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2011/08/04 08:23:53 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2009/11/25 15:42:18 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2009/08/05 11:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Charter Security Suite\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/08/05 11:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/06/03 08:46:36 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2006/06/12 16:27:28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/08/04 08:53:28 | 000,082,120 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2011/08/04 08:25:53 | 000,042,664 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2011/08/04 08:22:55 | 000,148,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 14:15:58 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/08/05 11:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/08/05 11:56:14 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009/08/05 11:56:14 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\Charter Security Suite\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2009/06/22 07:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/06/16 14:38:28 | 000,057,088 | ---- | M] (Promethean) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\activhidsermini.sys -- (ActivHidSerMini)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2006/06/19 08:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/06 16:39:56 | 000,061,952 | ---- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006/06/01 20:02:36 | 000,572,928 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/05/12 16:05:02 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/04/28 13:12:00 | 000,429,184 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/04/19 06:03:20 | 000,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/19 06:02:40 | 000,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/19 06:02:36 | 000,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/03/05 19:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/02 20:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/02 20:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/26 20:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/11/16 00:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/10/31 22:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/31 21:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/09/19 17:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 17:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 17:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4020052512-1902659552-4142755142-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://som.startnow....ion=5.1-x86-SP3
IE - HKU\S-1-5-21-4020052512-1902659552-4142755142-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-4020052512-1902659552-4142755142-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: [email protected]:1.10
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\TEST\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\TEST\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\TEST\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\TEST\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Charter Security Suite\NRS\[email protected] [2011/08/04 08:25:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: G:\Documents\Downloads\PortableApps\FirefoxPortable\App\firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: G:\Documents\Downloads\PortableApps\FirefoxPortable\App\firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: F:\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: F:\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: H:\PortableApps\FirefoxPortable\App\firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: H:\PortableApps\FirefoxPortable\App\firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/18 13:14:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/18 13:14:54 | 000,000,000 | ---D | M]

[2010/04/29 16:56:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Extensions
[2011/08/03 09:14:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\1w1qklcx.default\extensions
[2010/07/27 16:39:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\1w1qklcx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/04 07:51:34 | 000,000,000 | ---D | M] (Somoto Toolbar) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\1w1qklcx.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}
[2011/06/19 19:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/19 19:13:55 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2011/08/04 08:25:29 | 000,000,000 | ---D | M] ("Browsing Protection") -- C:\PROGRAM FILES\CHARTER SECURITY SUITE\NRS\[email protected]
[2011/06/29 22:14:51 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/28 15:27:17 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/05/08 20:25:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files\somototoolbar\vmntemplateX.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files\somototoolbar\vmntemplateX.dll ()
O4 - HKLM..\Run: [ActivControl] C:\Program Files\ACTIV Software\ActivDriver\ActivControl2.exe (Promethean Technologies Group Ltd)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Charter Security Suite\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Charter Security Suite\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKU\S-1-5-21-4020052512-1902659552-4142755142-1005..\Run: [2752702302] File not found
O4 - HKU\S-1-5-21-4020052512-1902659552-4142755142-1005..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4020052512-1902659552-4142755142-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4020052512-1902659552-4142755142-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4020052512-1902659552-4142755142-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4020052512-1902659552-4142755142-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://www.charter.n...suite/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 66.189.0.100 24.159.64.23 24.247.24.53
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-4020052512-1902659552-4142755142-1005..exefile [open] -- "C:\Documents and Settings\TEST\Local Settings\Application Data\ifb.exe" -a "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4020052512-1902659552-4142755142-1005\...exe [@ = exefile] -- "C:\Documents and Settings\TEST\Local Settings\Application Data\ifb.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/07 09:03:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Application Data\vmntemplate
[2011/08/04 08:51:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Charter Security Suite
[2011/08/04 08:16:11 | 000,082,120 | ---- | C] (F-Secure Corporation) -- C:\WINDOWS\System32\drivers\fsdfw.sys
[2011/08/04 07:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\somototoolbar
[2011/08/04 07:51:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Application Data\somototoolbar
[2011/08/04 07:51:21 | 000,000,000 | ---D | C] -- C:\Program Files\Temp File Cleaner FileBulldog Toolbar
[2011/08/04 07:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Temp File Cleaner
[2011/08/04 07:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Start Menu\Programs\Temp File Cleaner
[2011/08/03 12:06:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\DoctorWeb
[2011/08/03 09:24:10 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/03 09:22:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/02 17:50:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Desktop\MovedFiles
[2011/08/02 16:29:20 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\TEST\Desktop\aswMBR.exe
[2011/08/01 13:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Local Settings\Application Data\NPE
[2011/08/01 12:58:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/07/31 14:16:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/07/29 11:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Application Data\F-Secure
[2011/07/27 19:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/07/27 19:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/07/21 16:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Local Settings\Application Data\magicJack
[2011/07/21 16:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2011/07/21 08:23:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Application Data\CANON INC
[2011/07/21 08:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Application Data\ZoomBrowser EX
[2011/07/21 08:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Canon MyCameraFiles
[2011/07/21 08:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2011/07/21 07:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon
[2011/07/18 13:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/07/18 13:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/07/18 13:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/18 13:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/07/18 13:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/18 13:14:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/07/18 13:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/07/18 13:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/07/18 13:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

========== Files - Modified Within 30 Days ==========

[2011/08/09 14:16:26 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{ACBB0E90-5ACE-40E0-B1A7-18F8264DEDF2}.job
[2011/08/09 14:07:31 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/08/09 14:06:14 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/09 14:02:30 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4020052512-1902659552-4142755142-1005UA.job
[2011/08/09 13:11:55 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/09 13:11:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/09 13:11:48 | 1005,154,304 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/09 11:26:44 | 000,013,222 | -HS- | M] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\1m2p2wod7t8xjpf658ojpg4k27x8510j
[2011/08/09 11:26:44 | 000,013,222 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1m2p2wod7t8xjpf658ojpg4k27x8510j
[2011/08/09 08:38:41 | 000,001,777 | ---- | M] () -- C:\hpqp.ini
[2011/08/06 12:57:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4020052512-1902659552-4142755142-1005Core.job
[2011/08/05 10:53:41 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2011/08/05 10:53:40 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/08/05 10:53:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/04 08:53:28 | 000,082,120 | ---- | M] (F-Secure Corporation) -- C:\WINDOWS\System32\drivers\fsdfw.sys
[2011/08/04 08:51:42 | 000,001,976 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Charter Security Suite.lnk
[2011/08/04 08:25:53 | 000,042,664 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2011/08/04 08:16:13 | 000,462,682 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/04 08:16:13 | 000,079,404 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/04 07:51:20 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Temp File Cleaner.lnk
[2011/08/04 07:25:45 | 000,306,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/03 16:42:08 | 003,601,355 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\kasp.zip
[2011/08/03 14:50:32 | 000,000,814 | -HS- | M] () -- C:\WINDOWS\1303390drv.spi
[2011/08/03 09:24:20 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/08/03 09:08:56 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\MBR.dat
[2011/08/02 18:20:13 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/08/02 18:20:13 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/02 16:30:23 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\TEST\Desktop\aswMBR.exe
[2011/08/02 15:46:52 | 000,670,206 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/08/01 23:06:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/01 20:04:10 | 000,000,999 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\magicJack.lnk
[2011/08/01 17:48:29 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/01 13:36:14 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011/08/01 12:58:21 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\sdsetup_revwire207.exe
[2011/07/14 03:01:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2011/08/09 13:11:48 | 1005,154,304 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/09 11:19:35 | 000,013,222 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1m2p2wod7t8xjpf658ojpg4k27x8510j
[2011/08/09 11:19:34 | 000,013,222 | -HS- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\1m2p2wod7t8xjpf658ojpg4k27x8510j
[2011/08/04 08:19:19 | 000,001,976 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Charter Security Suite.lnk
[2011/08/04 08:16:34 | 000,042,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2011/08/04 07:51:20 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Temp File Cleaner.lnk
[2011/08/03 16:42:01 | 003,601,355 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\kasp.zip
[2011/08/03 12:52:40 | 000,000,814 | -HS- | C] () -- C:\WINDOWS\1303390drv.spi
[2011/08/03 09:24:20 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/08/03 09:24:14 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/03 09:08:56 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\MBR.dat
[2011/08/02 18:20:13 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/02 15:46:33 | 000,670,206 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/08/01 16:37:53 | 000,000,999 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\magicJack.lnk
[2011/08/01 12:58:59 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\sdsetup_revwire207.exe
[2011/07/21 16:22:43 | 000,001,005 | ---- | C] () -- C:\Documents and Settings\TEST\Start Menu\Programs\magicJack.lnk
[2011/07/18 13:09:55 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/13 14:00:41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/31 12:34:39 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/01/21 06:22:05 | 000,007,687 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\D249.6B7
[2010/06/10 14:56:48 | 000,227,624 | ---- | C] () -- C:\WINDOWS\libactivboardex.dll
[2010/06/10 14:56:30 | 000,256,280 | ---- | C] () -- C:\WINDOWS\ActivDRV.dll
[2010/04/14 03:09:33 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/06/13 22:23:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/25 17:35:32 | 000,001,296 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/11/16 12:53:19 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/11/16 12:48:12 | 000,117,681 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2008/11/05 12:48:26 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/11/05 00:46:46 | 000,002,179 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\evpro32.prf
[2008/11/03 19:51:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\wklnhst.dat
[2008/07/24 12:58:02 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/24 12:35:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008/07/16 19:56:25 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\fusioncache.dat
[2006/10/17 18:05:44 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/10/17 18:01:32 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/10/17 18:01:32 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/10/17 17:47:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/17 17:36:06 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/09/12 11:08:38 | 006,172,672 | ---- | C] () -- C:\WINDOWS\System32\HwRecogK.dll
[2006/08/18 04:00:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/18 04:00:00 | 001,617,920 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/18 04:00:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/18 04:00:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/18 04:00:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/18 04:00:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/18 04:00:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/18 04:00:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/08/18 04:00:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/14 09:56:52 | 007,946,240 | ---- | C] () -- C:\WINDOWS\System32\HWRecogT.dll
[2006/08/13 17:48:58 | 015,147,008 | ---- | C] () -- C:\WINDOWS\System32\HWRecog.dll
[2006/06/29 15:18:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/29 15:18:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 14:49:18 | 000,087,268 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/06/29 14:46:56 | 000,000,320 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 14:43:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/29 14:27:08 | 000,462,682 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/29 14:27:08 | 000,079,404 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/29 14:18:06 | 000,306,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/29 14:13:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/29 14:08:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/05/05 06:20:40 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/03/16 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/16 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/16 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/16 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/16 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/16 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/16 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/16 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/03/04 03:07:34 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/02 14:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/05 22:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/08/07 16:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/03/24 06:03:00 | 000,279,552 | ---- | C] () -- C:\WINDOWS\System32\FGWVB32.DLL
[2002/05/28 17:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 17:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/03/26 01:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

========== LOP Check ==========

[2011/08/09 11:40:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activ Software
[2011/08/04 08:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2011/08/04 08:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2011/01/31 13:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/07/21 16:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2009/03/13 17:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2011/06/24 10:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Promethean
[2009/07/28 22:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2011/07/18 13:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/05 16:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/23 22:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/06/24 10:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\ACTIV Software
[2011/06/28 15:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Catalina Marketing Corp
[2009/10/15 18:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Elluminate
[2011/07/29 11:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\F-Secure
[2011/01/25 13:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\GetRightToGo
[2009/03/13 17:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\muvee Technologies
[2009/12/14 11:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Netscape
[2011/06/24 10:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Promethean
[2008/11/22 19:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Snapfish
[2011/08/07 09:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\somototoolbar
[2008/11/03 19:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Template
[2009/08/21 21:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\TestGen
[2009/07/28 22:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\TomTom
[2011/08/07 09:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\vmntemplate
[2009/12/13 11:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Windows Live Writer
[2011/08/09 14:16:26 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{ACBB0E90-5ACE-40E0-B1A7-18F8264DEDF2}.job

========== Purity Check ==========



< End of report >

Edited by p.ave, 09 August 2011 - 12:45 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi I see you have run aswMBR could you post the log please

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O4 - HKU\S-1-5-21-4020052512-1902659552-4142755142-1005..\Run: [2752702302] File not found
    O35 - HKU\S-1-5-21-4020052512-1902659552-4142755142-1005..exefile [open] -- "C:\Documents and Settings\TEST\Local Settings\Application Data\ifb.exe" -a "%1" %*
    O37 - HKU\S-1-5-21-4020052512-1902659552-4142755142-1005\...exe [@ = exefile] -- "C:\Documents and Settings\TEST\Local Settings\Application Data\ifb.exe" -a "%1" %*
    [2011/08/09 11:26:44 | 000,013,222 | -HS- | M] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\1m2p2wod7t8xjpf658ojpg4k27x8510j
    [2011/08/09 11:26:44 | 000,013,222 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1m2p2wod7t8xjpf658ojpg4k27x8510j
    [2011/08/03 14:50:32 | 000,000,814 | -HS- | M] () -- C:\WINDOWS\1303390drv.spi
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#3
p.ave

p.ave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here is the MBR log...Running in Safe mode with networking and being attacked by XP Home Security 2012.

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-10 14:53:41
-----------------------------
14:53:41.531 OS Version: Windows 5.1.2600 Service Pack 3
14:53:41.531 Number of processors: 2 586 0x4802
14:53:41.562 ComputerName: YOUR-0CDC4F5844 UserName: Administrator
14:53:43.109 Initialize success
14:54:26.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000008e
14:54:26.812 Disk 0 Vendor: TOSHIBA_MK8040GSX AH001C Size: 76319MB BusType: 3
14:54:26.937 Device \Device\00000085 -> \??\IDE#DiskTOSHIBA_MK8040GSX_______________________AH001C__#2020202020202020202039203836364E39345334#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
14:54:27.078 Disk 0 MBR read error 0
14:54:27.234 Disk 0 MBR scan
14:54:27.328 Disk 0 unknown MBR code
14:54:27.500 MBR BIOS signature not found 0
14:54:27.625 Disk 0 scanning sectors +156296385
14:54:27.734 Disk 0 scanning C:\WINDOWS\system32\drivers
14:55:05.937 Service scanning
14:55:17.437 Modules scanning
14:55:33.125 Disk 0 trace - called modules:
14:55:33.406 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x861d04d0]<<
14:55:33.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8620e030]
14:55:33.812 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\00000086[0x861e3e78]
14:55:34.062 5 ACPI.sys[f743e620] -> nt!IofCallDriver -> [0x861c4030]
14:55:34.281 \Driver\nvata[0x8620d628] -> IRP_MJ_CREATE -> 0x861d04d0
14:55:34.500 Scan finished successfully
14:56:42.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
14:56:42.906 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR8-10log.txt"
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did the running of the OTL fix allow you to run exe files ?

Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Posted Image
  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.


Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

  • 0

#5
p.ave

p.ave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
It allowed exe files for a time and then stoppped I will run combofix now. Can it be run in safe mode or must it be in normal?
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Normal will be preferable but safe mode will do
  • 0

#7
p.ave

p.ave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
That took quite awhile, but here is the log


ComboFix 11-08-10.03 - TEST 08/10/2011 16:57:04.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.181 [GMT -4:00]
Running from: c:\documents and settings\TEST\My Documents\Downloads\ComboFix.exe
AV: Charter Security Suite 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Charter Security Suite 9.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\NetworkService\Local Settings\Application Data\tah.exe
c:\windows\system32\WPDShServiceObj.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Service_6to4
.
.
((((((((((((((((((((((((( Files Created from 2011-07-10 to 2011-08-10 )))))))))))))))))))))))))))))))
.
.
2011-08-10 15:16 . 2011-08-10 15:16 -------- d-----w- C:\Adobe
2011-08-10 14:47 . 2011-08-10 14:47 -------- d-----w- C:\_OTL
2011-08-10 01:18 . 2011-08-10 01:18 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2011-08-09 20:09 . 2011-08-09 20:09 218624 ----a-w- c:\windows\system32\terdsw32.dll
2011-08-09 18:45 . 2011-08-10 00:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-08-07 13:03 . 2011-08-07 13:03 -------- d-----w- c:\documents and settings\TEST\Application Data\vmntemplate
2011-08-04 12:16 . 2011-08-04 12:25 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys
2011-08-04 12:16 . 2011-08-04 12:53 82120 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2011-08-04 11:55 . 2011-08-10 18:23 -------- d-----w- c:\windows\system32\wbem\Logs
2011-08-04 11:51 . 2011-08-07 13:04 -------- d-----w- c:\documents and settings\TEST\Application Data\somototoolbar
2011-08-04 11:51 . 2011-08-04 11:51 -------- d-----w- c:\program files\somototoolbar
2011-08-04 11:51 . 2011-08-04 11:51 -------- d-----w- c:\program files\Temp File Cleaner FileBulldog Toolbar
2011-08-04 11:51 . 2011-08-04 11:51 -------- d-----w- c:\program files\Temp File Cleaner
2011-08-03 16:06 . 2011-08-03 16:06 -------- d-----w- c:\documents and settings\TEST\DoctorWeb
2011-08-02 20:48 . 2011-08-02 20:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2011-08-01 19:50 . 2011-08-01 19:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-08-01 17:23 . 2011-08-01 17:43 -------- d-----w- c:\documents and settings\TEST\Local Settings\Application Data\NPE
2011-08-01 16:58 . 2011-08-02 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-07-29 15:19 . 2011-07-29 15:19 -------- d-----w- c:\documents and settings\TEST\Application Data\F-Secure
2011-07-27 23:08 . 2011-07-27 23:08 -------- d-----w- c:\program files\Microsoft Silverlight
2011-07-21 20:23 . 2011-07-21 20:23 -------- d-----w- c:\documents and settings\TEST\Local Settings\Application Data\magicJack
2011-07-21 20:23 . 2011-07-21 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\magicJack
2011-07-21 20:13 . 2008-04-14 04:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-07-21 20:13 . 2008-04-14 04:15 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-07-21 12:23 . 2011-07-21 12:23 -------- d-----w- c:\documents and settings\TEST\Application Data\CANON INC
2011-07-21 12:21 . 2011-07-21 12:21 -------- d-----w- c:\documents and settings\TEST\Application Data\ZoomBrowser EX
2011-07-21 12:19 . 2011-07-21 12:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-21 12:07 . 2011-07-21 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2011-07-21 11:37 . 2011-07-21 11:37 -------- d-----w- c:\program files\Common Files\Canon
2011-07-18 17:38 . 2011-07-18 17:38 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-07-18 17:21 . 2011-07-18 17:21 -------- d-----w- c:\program files\iPod
2011-07-18 17:21 . 2011-07-18 17:22 -------- d-----w- c:\program files\iTunes
2011-07-18 17:21 . 2011-07-18 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-07-18 17:09 . 2011-07-18 17:09 -------- d-----w- c:\program files\Apple Software Update
2011-07-18 17:01 . 2011-07-18 17:02 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 23:52 . 2010-03-04 01:53 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2010-03-04 01:53 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 14:02 . 2006-03-16 04:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-30 02:14 . 2011-05-09 00:25 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{652853ad-5592-4231-88c6-706613a52e61}]
2011-07-21 16:40 81920 ----a-w- c:\program files\somototoolbar\vmntemplateX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{652853ad-5592-4231-88c6-706613a52e61}"= "c:\program files\somototoolbar\vmntemplateX.dll" [2011-07-21 81920]
.
[HKEY_CLASSES_ROOT\clsid\{652853ad-5592-4231-88c6-706613a52e61}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-31 68856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-06-03 251240]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016]
"nwiz"="nwiz.exe" [2006-08-18 1617920]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-12 102400]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ActivControl"="c:\program files\Activ Software\ActivDriver\ActivControl2.exe" [2010-06-10 1092896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"F-Secure Manager"="c:\program files\Charter Security Suite\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\Charter Security Suite\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2008-7-16 98304]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\TEST\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [8/4/2011 8:16 AM 42664]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [8/4/2011 8:16 AM 82120]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Charter Security Suite\HIPS\drivers\fshs.sys [8/4/2011 8:15 AM 68064]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [3/31/2010 5:39 AM 583640]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/3/2009 8:46 AM 92008]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [8/4/2011 8:15 AM 148648]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Charter Security Suite\ORSP Client\fsorsp.exe [8/4/2011 8:15 AM 61088]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2010 8:30 PM 135664]
S2 HitmanPro35CrusaderBoot;Hitman Pro 3.5 Crusader (Boot);"f:\hitmanpro35.exe" /crusader:boot --> f:\HitmanPro35.exe [?]
S2 TermServices;Remote Desktop Services;c:\windows\System32\svchost.exe -k termfsc [3/16/2006 14336]
S3 40227842;40227842; [x]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 4:39 PM 61952]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [6/16/2008 2:38 PM 57088]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\TEST\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\TEST\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2010 8:30 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/3/2010 9:53 PM 41272]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys --> c:\windows\system32\DRIVERS\activmouse.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 2:15 PM 12872]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys [8/4/2011 8:15 AM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsrec.sys [8/4/2011 8:15 AM 25184]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 00:30]
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 00:30]
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4020052512-1902659552-4142755142-1005Core.job
- c:\documents and settings\TEST\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 20:40]
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4020052512-1902659552-4142755142-1005UA.job
- c:\documents and settings\TEST\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 20:40]
.
2011-08-10 c:\windows\Tasks\User_Feed_Synchronization-{ACBB0E90-5ACE-40E0-B1A7-18F8264DEDF2}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
LSP: c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 192.168.2.1 66.189.0.100 24.159.64.23 24.247.24.53
FF - ProfilePath - c:\documents and settings\TEST\Application Data\Mozilla\Firefox\Profiles\1w1qklcx.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc887fc&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
.
.
------- File Associations -------
.
exefile="c:\documents and settings\NetworkService\Local Settings\Application Data\tah.exe" -a "%1" %*
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-10 17:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<[email protected]? [email protected]?????<[email protected]
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HitmanPro35CrusaderBoot]
"ImagePath"="\"f:\hitmanpro35.exe\" /crusader:boot"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(940)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\charter security suite\hips\fshook32.dll
.
- - - - - - - > 'lsass.exe'(1000)
c:\windows\system32\WININET.dll
c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
c:\program files\charter security suite\hips\fshook32.dll
.
- - - - - - - > 'explorer.exe'(5952)
c:\windows\system32\WININET.dll
c:\program files\charter security suite\hips\fshook32.dll
c:\program files\Charter Security Suite\Spam Control\fsscoepl.dll
c:\documents and settings\All Users\Application Data\ACTIV Software\ActivApplications\ActivFocusHook.dll
c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
c:\program files\charter security suite\scanner-interface\fsgkiapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\msdtc.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Activ Software\ActivDriver\activmgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Charter Security Suite\Anti-Virus\fsgk32st.exe
c:\program files\Charter Security Suite\Anti-Virus\FSGK32.EXE
c:\program files\Charter Security Suite\Common\FSMA32.EXE
c:\program files\Charter Security Suite\Common\FSHDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\mqsvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\program files\Charter Security Suite\Anti-Virus\fssm32.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Charter Security Suite\FWES\Program\fsdfwd.exe
c:\program files\Charter Security Suite\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Completion time: 2011-08-10 17:55:45 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-10 21:55
.
Pre-Run: 26,661,978,112 bytes free
Post-Run: 26,585,391,104 bytes free
.
- - End Of File - - 99C5A49FB940479C301058D3ACFC4903
  • 0

#8
p.ave

p.ave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Still being redirected from google. But no pop-ups for now...computer running in slow motion

Edited by p.ave, 10 August 2011 - 07:16 PM.

  • 0

#9
p.ave

p.ave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Also no sound. Error message no mixer devices available, go to control panel to add hardware.
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
We will clear the malware first and then visit the sound problem

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

Driver::
40227842

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

Advertisements


#11
p.ave

p.ave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Did you want the combofix log? Here it is, if not please let me know.


ComboFix 11-08-11.02 - TEST 08/11/2011 13:19:21.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.374 [GMT -4:00]
Running from: c:\documents and settings\TEST\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\TEST\Desktop\CFScript.txt
AV: Charter Security Suite 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Charter Security Suite 9.01 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Desktop\Security Protection.lnk
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_40227842
-------\Service_40227842
.
.
((((((((((((((((((((((((( Files Created from 2011-07-11 to 2011-08-11 )))))))))))))))))))))))))))))))
.
.
2011-08-10 21:42 . 2011-08-10 21:42 -------- d--h--w- c:\windows\$hf_mig$
2011-08-10 15:16 . 2011-08-10 15:16 -------- d-----w- C:\Adobe
2011-08-10 14:47 . 2011-08-10 14:47 -------- d-----w- C:\_OTL
2011-08-10 01:18 . 2011-08-10 01:18 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2011-08-09 20:09 . 2011-08-09 20:09 218624 ----a-w- c:\windows\system32\terdsw32.dll
2011-08-09 18:45 . 2011-08-10 00:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-08-07 13:03 . 2011-08-07 13:03 -------- d-----w- c:\documents and settings\TEST\Application Data\vmntemplate
2011-08-04 12:16 . 2011-08-04 12:25 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys
2011-08-04 12:16 . 2011-08-04 12:53 82120 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2011-08-04 11:55 . 2011-08-11 13:53 -------- d-----w- c:\windows\system32\wbem\Logs
2011-08-04 11:51 . 2011-08-07 13:04 -------- d-----w- c:\documents and settings\TEST\Application Data\somototoolbar
2011-08-04 11:51 . 2011-08-04 11:51 -------- d-----w- c:\program files\somototoolbar
2011-08-04 11:51 . 2011-08-04 11:51 -------- d-----w- c:\program files\Temp File Cleaner FileBulldog Toolbar
2011-08-04 11:51 . 2011-08-04 11:51 -------- d-----w- c:\program files\Temp File Cleaner
2011-08-03 16:06 . 2011-08-03 16:06 -------- d-----w- c:\documents and settings\TEST\DoctorWeb
2011-08-02 20:48 . 2011-08-02 20:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2011-08-01 19:50 . 2011-08-01 19:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-08-01 17:23 . 2011-08-01 17:43 -------- d-----w- c:\documents and settings\TEST\Local Settings\Application Data\NPE
2011-08-01 16:58 . 2011-08-02 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-07-29 15:19 . 2011-07-29 15:19 -------- d-----w- c:\documents and settings\TEST\Application Data\F-Secure
2011-07-27 23:08 . 2011-07-27 23:08 -------- d-----w- c:\program files\Microsoft Silverlight
2011-07-21 20:23 . 2011-07-21 20:23 -------- d-----w- c:\documents and settings\TEST\Local Settings\Application Data\magicJack
2011-07-21 20:23 . 2011-07-21 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\magicJack
2011-07-21 20:13 . 2008-04-14 04:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-07-21 20:13 . 2008-04-14 04:15 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-07-21 12:23 . 2011-07-21 12:23 -------- d-----w- c:\documents and settings\TEST\Application Data\CANON INC
2011-07-21 12:21 . 2011-07-21 12:21 -------- d-----w- c:\documents and settings\TEST\Application Data\ZoomBrowser EX
2011-07-21 12:19 . 2011-07-21 12:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-21 12:07 . 2011-07-21 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2011-07-21 11:37 . 2011-07-21 11:37 -------- d-----w- c:\program files\Common Files\Canon
2011-07-18 17:38 . 2011-07-18 17:38 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-07-18 17:21 . 2011-07-18 17:21 -------- d-----w- c:\program files\iPod
2011-07-18 17:21 . 2011-07-18 17:22 -------- d-----w- c:\program files\iTunes
2011-07-18 17:21 . 2011-07-18 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-07-18 17:09 . 2011-07-18 17:09 -------- d-----w- c:\program files\Apple Software Update
2011-07-18 17:01 . 2011-07-18 17:02 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 23:52 . 2010-03-04 01:53 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2010-03-04 01:53 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 14:02 . 2006-03-16 04:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-30 02:14 . 2011-05-09 00:25 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_21.34.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-11 17:35 . 2011-08-11 17:35 16384 c:\windows\temp\Perflib_Perfdata_d64.dat
+ 2011-08-11 17:35 . 2011-08-11 17:35 16384 c:\windows\temp\Perflib_Perfdata_180.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{652853ad-5592-4231-88c6-706613a52e61}]
2011-07-21 16:40 81920 ----a-w- c:\program files\somototoolbar\vmntemplateX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{652853ad-5592-4231-88c6-706613a52e61}"= "c:\program files\somototoolbar\vmntemplateX.dll" [2011-07-21 81920]
.
[HKEY_CLASSES_ROOT\clsid\{652853ad-5592-4231-88c6-706613a52e61}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-31 68856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-06-03 251240]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016]
"nwiz"="nwiz.exe" [2006-08-18 1617920]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-12 102400]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ActivControl"="c:\program files\Activ Software\ActivDriver\ActivControl2.exe" [2010-06-10 1092896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"F-Secure Manager"="c:\program files\Charter Security Suite\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\Charter Security Suite\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2008-7-16 98304]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\TEST\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [8/4/2011 8:16 AM 42664]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [8/4/2011 8:16 AM 82120]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Charter Security Suite\HIPS\drivers\fshs.sys [8/4/2011 8:15 AM 68064]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [3/31/2010 5:39 AM 583640]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/3/2009 8:46 AM 92008]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [8/4/2011 8:15 AM 148648]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Charter Security Suite\ORSP Client\fsorsp.exe [8/4/2011 8:15 AM 61088]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2010 8:30 PM 135664]
S2 HitmanPro35CrusaderBoot;Hitman Pro 3.5 Crusader (Boot);"f:\hitmanpro35.exe" /crusader:boot --> f:\HitmanPro35.exe [?]
S2 TermServices;Remote Desktop Services;c:\windows\System32\svchost.exe -k termfsc [3/16/2006 14336]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 4:39 PM 61952]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [6/16/2008 2:38 PM 57088]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\TEST\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\TEST\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2010 8:30 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/3/2010 9:53 PM 41272]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys --> c:\windows\system32\DRIVERS\activmouse.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 2:15 PM 12872]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys [8/4/2011 8:15 AM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsrec.sys [8/4/2011 8:15 AM 25184]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 00:30]
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 00:30]
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4020052512-1902659552-4142755142-1005Core.job
- c:\documents and settings\TEST\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 20:40]
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4020052512-1902659552-4142755142-1005UA.job
- c:\documents and settings\TEST\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 20:40]
.
2011-08-11 c:\windows\Tasks\User_Feed_Synchronization-{ACBB0E90-5ACE-40E0-B1A7-18F8264DEDF2}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
LSP: c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 192.168.2.1 66.189.0.100 24.159.64.23 24.247.24.53
FF - ProfilePath - c:\documents and settings\TEST\Application Data\Mozilla\Firefox\Profiles\1w1qklcx.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc887fc&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-11 13:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<[email protected]? [email protected]?????<[email protected]
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HitmanPro35CrusaderBoot]
"ImagePath"="\"f:\hitmanpro35.exe\" /crusader:boot"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(940)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\charter security suite\hips\fshook32.dll
.
- - - - - - - > 'lsass.exe'(1000)
c:\windows\system32\WININET.dll
c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
c:\program files\charter security suite\hips\fshook32.dll
.
- - - - - - - > 'explorer.exe'(408)
c:\windows\system32\WININET.dll
c:\program files\charter security suite\hips\fshook32.dll
c:\program files\Charter Security Suite\Spam Control\fsscoepl.dll
c:\documents and settings\All Users\Application Data\ACTIV Software\ActivApplications\ActivFocusHook.dll
c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
c:\program files\charter security suite\scanner-interface\fsgkiapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\msdtc.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Activ Software\ActivDriver\activmgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Charter Security Suite\Anti-Virus\fsgk32st.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Charter Security Suite\Anti-Virus\FSGK32.EXE
c:\program files\Charter Security Suite\Common\FSMA32.EXE
c:\program files\Charter Security Suite\Common\FSHDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\mqsvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\program files\Charter Security Suite\Anti-Virus\fssm32.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Charter Security Suite\FWES\Program\fsdfwd.exe
c:\program files\Charter Security Suite\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Completion time: 2011-08-11 13:44:53 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-11 17:44
ComboFix2.txt 2011-08-10 21:55
.
Pre-Run: 26,404,229,120 bytes free
Post-Run: 26,533,326,848 bytes free
.
- - End Of File - - A80CB13374FDD88E22C9F7A79CCF56F5
  • 0

#12
p.ave

p.ave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here is the MBR log


aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-11 14:06:18
-----------------------------
14:06:18.671 OS Version: Windows 5.1.2600 Service Pack 3
14:06:18.718 Number of processors: 2 586 0x4802
14:06:18.718 ComputerName: YOUR-0CDC4F5844 UserName: TEST
14:06:22.546 Initialize success
14:06:52.078 AVAST engine download error: 0
14:07:01.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000008e
14:07:01.140 Disk 0 Vendor: Size: 0MB BusType: 0
14:07:01.218 Device \Device\00000087 -> \??\IDE#DiskTOSHIBA_MK8040GSX_______________________AH001C__#2020202020202020202039203836364E39345334#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
14:07:05.312 Disk 0 MBR read error 0
14:07:05.390 Disk 0 MBR scan
14:07:05.500 Disk 0 unknown MBR code
14:07:05.593 MBR BIOS signature not found 0
14:07:05.671 Disk 0 scanning C:\WINDOWS\system32\drivers
14:07:27.250 Service scanning
14:07:29.218 Modules scanning
14:07:40.312 Disk 0 trace - called modules:
14:07:40.546 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x861cb4d0]<<
14:07:40.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861b9ab8]
14:07:40.734 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\00000088[0x86193f18]
14:07:40.906 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> [0x861e1030]
14:07:41.000 \Driver\nvata[0x86190d90] -> IRP_MJ_CREATE -> 0x861cb4d0
14:07:41.140 Scan finished successfully
14:11:36.796 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\TEST\Desktop\MBR.dat"
14:11:36.828 The log file has been saved successfully to "C:\Documents and Settings\TEST\Desktop\aswMBR8-11.txt"
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets run a final check on the MBR now, also what are the current problems

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#14
p.ave

p.ave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here it is. Still noticing browsers opening extra windows.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 153):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0x8611B000 \WINDOWS\system32\KDCOM.DLL
0xF789B000 \WINDOWS\system32\BOOTVID.dll
0xF7358000 ACPI.sys
0xF7987000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7347000 pci.sys
0xF7487000 isapnp.sys
0xF7497000 ohci1394.sys
0xF74A7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF789F000 compbatt.sys
0xF78A3000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7989000 intelide.sys
0xF798B000 viaide.sys
0xF798D000 aliide.sys
0xF7329000 pcmcia.sys
0xF74B7000 MountMgr.sys
0xF730A000 ftdisk.sys
0xF798F000 dmload.sys
0xF72E4000 dmio.sys
0xF78A7000 ACPIEC.sys
0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF770F000 PartMgr.sys
0xF74C7000 VolSnap.sys
0xF72CC000 atapi.sys
0xF72B3000 nvata.sys
0xF74D7000 disk.sys
0xF74E7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7293000 fltmgr.sys
0xF7281000 sr.sys
0xF7717000 PxHelp20.sys
0xF726A000 KSecDD.sys
0xF71DD000 Ntfs.sys
0xF71CB000 fsdfw.sys
0xF719E000 \WINDOWS\System32\drivers\NDIS.SYS
0xF74F7000 Serial.sys
0xF7507000 Combo-Fix.sys
0xF7184000 Mup.sys
0xF7517000 fsbts.sys
0xF7537000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF7637000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xF6B48000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF6B40000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0xF7657000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF783F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7947000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF5E88000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF5B03000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF5AEF000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7967000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0xF785F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF5ACB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF786F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF697B000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF695B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF5F71000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF5AA8000 \SystemRoot\system32\DRIVERS\ks.sys
0xF787F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF5A94000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF7887000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xF5F21000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xF5A48000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xF0401000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6B54000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xF0203000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xF01B8000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xF692B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xEBB50000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xEB03C000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7A1F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xEBB40000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xEB8C8000 \SystemRoot\system32\DRIVERS\audstub.sys
0xEB9BA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xEC204000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xEB025000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xEB725000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xEB705000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xEBB28000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xEB014000 \SystemRoot\system32\DRIVERS\psched.sys
0xEB6D5000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xEBB18000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xEBB08000 \SystemRoot\system32\DRIVERS\raspti.sys
0xEB67B000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xEF415000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A23000 \SystemRoot\system32\DRIVERS\swenum.sys
0xEB61D000 \SystemRoot\system32\DRIVERS\update.sys
0xEBC8E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xEBC7E000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xEF4F4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF76E7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xEF2CC000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xEB4F2000 \SystemRoot\system32\drivers\CHDAud.sys
0xEB4CE000 \SystemRoot\system32\drivers\portcls.sys
0xEF29C000 \SystemRoot\system32\drivers\drmk.sys
0xEB49B000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xEB3A7000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xEB2F5000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xEB79F000 \SystemRoot\System32\Drivers\Modem.SYS
0xEF3F9000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7A33000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xEF174000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A37000 \SystemRoot\System32\Drivers\Beep.SYS
0xEF35B000 \SystemRoot\System32\drivers\vga.sys
0xF7A3B000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A3F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xEF34B000 \SystemRoot\System32\Drivers\Msfs.SYS
0xEF33B000 \SystemRoot\System32\Drivers\Npfs.SYS
0xEF3F1000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEB2C2000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEB269000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEB241000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEB21B000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF2A9D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEB1F9000 \SystemRoot\System32\drivers\afd.sys
0xF2A5D000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF2A3D000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF7A45000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0xEB1D7000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xEEE5A000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xEB1AC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEB13C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xEB9DA000 \SystemRoot\System32\Drivers\Fips.SYS
0xEB745000 \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys
0xEB118000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEEE52000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xEB0FA000 \SystemRoot\System32\Drivers\usbvideo.sys
0xEB0E1000 \SystemRoot\System32\Drivers\dump_nvata.sys
0xF7A4B000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7148000 \SystemRoot\System32\drivers\Dxapi.sys
0xEEE3A000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xEB8C2000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF3E0000 \SystemRoot\System32\ATMFD.DLL
0xF48D8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB9CD3000 \SystemRoot\system32\drivers\wdmaud.sys
0xF7697000 \SystemRoot\system32\drivers\sysaudio.sys
0xB99A8000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB9A75000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB7D38000 \SystemRoot\System32\Drivers\HTTP.sys
0xB7B78000 \SystemRoot\system32\DRIVERS\srv.sys
0xB7BF8000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB726F000 \??\C:\WINDOWS\system32\drivers\mqac.sys
0xB7175000 \??\C:\WINDOWS\system32\drivers\RMCast.sys
0xB6A78000 \??\C:\Program Files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys
0xF2883000 \??\C:\ComboFix\catchme.sys
0xF79E9000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xB4D21000 \??\C:\DOCUME~1\TEST\LOCALS~1\Temp\aswMBR.sys
0xB3635000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 72):
0 System Idle Process
4 System
848 C:\WINDOWS\system32\smss.exe
908 csrss.exe
940 C:\WINDOWS\system32\winlogon.exe
988 C:\WINDOWS\system32\services.exe
1000 C:\WINDOWS\system32\lsass.exe
1156 C:\WINDOWS\system32\svchost.exe
1224 svchost.exe
1400 svchost.exe
1444 svchost.exe
1720 C:\WINDOWS\system32\spoolsv.exe
1636 C:\WINDOWS\ehome\ehtray.exe
1736 C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
1464 C:\WINDOWS\system32\rundll32.exe
1864 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1868 C:\Program Files\HP\QuickPlay\QPService.exe
1884 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
1872 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
1908 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
1956 C:\Program Files\ACTIV Software\ActivDriver\ActivControl2.exe
1980 C:\Program Files\iTunes\iTunesHelper.exe
1988 C:\Program Files\Charter Security Suite\Common\FSM32.EXE
2008 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
232 C:\Program Files\Windows Media Player\wmpnscfg.exe
176 C:\Program Files\Skype\Phone\Skype.exe
332 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
348 C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
500 svchost.exe
304 msdtc.exe
668 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
1516 C:\Program Files\ACTIV Software\ActivDriver\ActivMgr.exe
2136 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2296 C:\Program Files\Bonjour\mDNSResponder.exe
2424 C:\WINDOWS\ehome\ehrecvr.exe
2580 C:\WINDOWS\ehome\ehSched.exe
2748 C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
2936 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
2968 C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32.exe
2972 C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
3124 C:\Program Files\Charter Security Suite\Common\FSHDLL32.EXE
3404 C:\WINDOWS\system32\svchost.exe
3428 C:\Program Files\Java\jre6\bin\jqs.exe
3524 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1608 C:\WINDOWS\system32\nvsvc32.exe
1852 C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
1936 C:\WINDOWS\system32\tcpsvcs.exe
3060 svchost.exe
3248 C:\WINDOWS\system32\svchost.exe
3600 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
3764 mcrdsvc.exe
3996 C:\WINDOWS\system32\mqsvc.exe
4064 wmpnetwk.exe
1652 C:\Program Files\Canon\CAL\CALMAIN.exe
2416 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
2620 C:\WINDOWS\system32\mqtgsvc.exe
2548 C:\Program Files\iPod\bin\iPodService.exe
3964 C:\WINDOWS\system32\dllhost.exe
732 C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe
4184 fsorsp.exe
4428 C:\WINDOWS\ehome\ehmsas.exe
4572 C:\Program Files\Charter Security Suite\FWES\program\fsdfwd.exe
4940 alg.exe
1844 C:\Program Files\Charter Security Suite\Anti-Virus\fsav32.exe
5476 C:\WINDOWS\system32\wuauclt.exe
408 C:\WINDOWS\explorer.exe
5908 C:\Program Files\Google\Chrome\Application\chrome.exe
2896 C:\Program Files\Google\Chrome\Application\chrome.exe
5160 C:\WINDOWS\system32\notepad.exe
4788 C:\Program Files\Google\Chrome\Application\chrome.exe
5280 C:\WINDOWS\system32\svchost.exe
1848 C:\Documents and Settings\TEST\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000f`82a7c600 (FAT32)

PhysicalDrive0 Model Number: TOSHIBAMK8040GSX, Rev: AH001C

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F19F100B4DC860880BDC331CC9D56B1C13F605D5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I would like you to dump the MBR for me and then attach it to your next post

Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Enter Y and press Enter.

The following dialog will be presented:

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:



Enter 1 and press Enter

The following dialog will be presented:

Enter the physical disk number to fix (0-99, -1 to cancel):



Enter >>0<< and press Enter

You will then be asked where to place the file
Save to the desktop with a .txt extension

Then once done press -1

Then attach the mbr to your next post
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP