Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

TR/Trash.Gen problems! [Solved]


  • This topic is locked This topic is locked

#1
GaryGG

GaryGG

    Member

  • Member
  • PipPip
  • 37 posts
My Antivirus software (Avast) keeps telling me about TR/Trash.Gen trojan(s)!
The files seem to be something like this:
A0076607.exe
A0076612.exe

I think my antivirus software is able to delete those files but they keep coming again and again.
My operating system is Windows XP Home.

Looking forward your professional help! :)
  • 0

Advertisements


#2
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Hello GaryGG and welcome to the G2G forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Download and run OTL

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.

===================================================

Download the GMER Rootkit Scanner

Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • All drives/partitions except C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Logs to include with next post:

OTL.txt
Extras.txt
Gmer.txt


Thanks

Satchfan
  • 0

#3
GaryGG

GaryGG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi and thank you for your quick reply!

Here are the files you asked:

OTL.Txt

OTL logfile created on: 21.11.2011 19:04:19 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040B | Country: Finland | Language: FIN | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 69,74% Memory free
3,85 Gb Paging File | 3,24 Gb Available in Paging File | 84,14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180,66 Gb Total Space | 93,86 Gb Free Space | 51,95% Space Free | Partition Type: NTFS
Drive D: | 750,84 Gb Total Space | 700,45 Gb Free Space | 93,29% Space Free | Partition Type: NTFS
Drive E: | 465,75 Gb Total Space | 404,52 Gb Free Space | 86,85% Space Free | Partition Type: NTFS
Drive H: | 1,91 Gb Total Space | 1,90 Gb Free Space | 99,37% Space Free | Partition Type: FAT

Computer Name: ADMIN-78A2E3BA3 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Logitech\Logitech Vid\Vid.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ping.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files\Logitech\Logitech Vid\SDL.dll ()
MOD - C:\Program Files\Logitech\Logitech Vid\qtxml4.dll ()
MOD - C:\Program Files\Logitech\Logitech Vid\QtWebKit4.dll ()
MOD - C:\Program Files\Logitech\Logitech Vid\qtsql4.dll ()
MOD - C:\Program Files\Logitech\Logitech Vid\QtOpenGL4.dll ()
MOD - C:\Program Files\Logitech\Logitech Vid\QtGui4.dll ()
MOD - C:\Program Files\Logitech\Logitech Vid\QtNetwork4.dll ()
MOD - C:\Program Files\Logitech\Logitech Vid\QtCore4.dll ()
MOD - C:\Program Files\Logitech\Logitech Vid\phonon4.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3170.36930__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3127.31122__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3127.31117__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3127.31128__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3127.31160__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3127.31160__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3127.31111__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3127.31124__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3127.31108__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3127.31110__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3127.31186__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3127.31134__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3127.31124__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3127.31121__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3127.31118__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3127.31130__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3127.31156__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3127.31135__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3127.31123__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3127.31123__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3170.37112__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3170.36953__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3170.37122__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3170.36926__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3170.37119__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3170.36928__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3127.31133__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3170.37152__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3127.31115__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3127.31119__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3127.31132__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3127.31132__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3127.31129__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3127.31114__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3170.37166__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3170.36937__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3170.36927__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3170.36925__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3127.31126__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3170.37121__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()


========== Win32 Services (SafeList) ==========

SRV - (RasManVSS) -- File not found
SRV - (JavaQuickStarterService) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (AMService) -- File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (NTIOLib_1_0_4) -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys (MSI)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (MSI_MSIBIOS_010507) -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys (Your Corporation)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://fi.wikipedia....tunnainen_sivu"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.20 20:28:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.20 17:18:12 | 000,000,000 | ---D | M]

[2009.05.22 13:36:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2011.06.18 23:49:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\y5h36sm4.default\extensions
[2010.07.25 22:54:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\y5h36sm4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.18 23:49:23 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\y5h36sm4.default\extensions\[email protected]
[2011.11.20 20:28:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.07.22 16:11:01 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.11.20 16:38:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
[2011.11.20 20:28:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.20 16:38:28 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.14 08:59:51 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011.10.14 08:59:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.14 08:59:51 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011.10.14 08:59:51 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011.10.14 08:59:51 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\PageRage\YontooIEClient.dll (Yontoo Technology, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.100.153.174 194.100.7.84
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F324E164-693F-4342-AD76-BD1AF57D72F4}: DhcpNameServer = 194.100.153.174 194.100.7.84
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.19 18:06:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6a7239bc-882e-11de-baf3-002421233614}\Shell\AutoRun\command - "" = DRIVE\file.exe
O33 - MountPoints2\{6a7239bc-882e-11de-baf3-002421233614}\Shell\open\command - "" = DRIVE\file.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.11.21 18:53:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2011.11.20 21:59:23 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Admin\Desktop\HijackThis.exe
[2011.11.20 21:16:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011.11.20 20:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Avira
[2011.11.20 20:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011.11.20 20:19:31 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011.11.20 20:19:29 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.11.20 20:19:29 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.11.20 20:19:29 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011.11.20 20:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.11.20 20:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011.11.20 17:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Temp
[2011.11.20 17:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.11.20 17:16:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.11.20 17:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Sun
[2011.11.20 16:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2011.11.20 16:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.20 16:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.11.20 16:48:19 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.11.20 16:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.20 16:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.11.20 16:38:38 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2011.11.20 16:38:38 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2011.11.20 16:38:38 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011.11.20 16:38:38 | 000,128,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2011.11.20 16:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.11.07 19:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011.11.07 19:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.11.07 17:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\New Folder (10)
[2011.11.07 16:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\New Folder (9)
[2011.10.27 20:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\pati
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.11.21 19:07:56 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{99CDBBA8-5870-40DA-98BE-39626B4DEE36}.job
[2011.11.21 18:57:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.11.21 18:53:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2011.11.21 18:49:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011.11.21 18:48:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.20 21:59:30 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Admin\Desktop\HijackThis.exe
[2011.11.20 20:34:28 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.11.20 20:19:42 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011.11.20 17:18:12 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011.11.20 16:57:51 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\bynht.sys
[2011.11.20 16:48:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.20 16:38:28 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2011.11.20 16:38:28 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2011.11.20 16:38:28 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011.11.20 16:38:28 | 000,128,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2011.11.20 16:38:27 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2011.11.20 16:32:51 | 000,000,236 | --S- | M] () -- C:\WINDOWS\System32\554501205.dat
[2011.11.19 21:34:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.09 23:33:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.11.09 23:32:30 | 000,000,129 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011.11.07 19:32:01 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011.11.03 14:40:23 | 000,433,472 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.11.03 14:40:23 | 000,068,318 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.10.27 20:21:31 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.11.21 18:53:57 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\gmer.exe
[2011.11.20 20:19:42 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011.11.20 17:18:12 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011.11.20 17:18:12 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011.11.20 17:06:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.11.20 16:57:51 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\bynht.sys
[2011.11.20 16:48:24 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.09 23:32:30 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011.09.27 16:22:59 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.09.27 16:22:58 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.09.07 16:35:12 | 000,000,236 | --S- | C] () -- C:\WINDOWS\System32\554501205.dat
[2011.07.28 16:49:12 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2010.11.29 22:44:04 | 000,000,054 | ---- | C] () -- C:\WINDOWS\kk.ini
[2009.08.07 20:23:26 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.06 10:08:01 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\PUTTY.RND
[2009.06.02 09:36:25 | 000,036,146 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2009.06.02 09:10:16 | 000,000,160 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2009.06.02 09:10:16 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2009.06.02 09:10:16 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2009.05.23 11:29:00 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.05.22 18:44:22 | 000,016,332 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009.05.22 13:36:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.05.19 20:56:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.05.19 20:53:29 | 000,114,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.05.19 18:28:49 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.05.19 18:26:15 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009.05.19 18:26:15 | 000,234,855 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009.05.19 18:07:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.05.19 18:04:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.05.19 13:32:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009.05.08 09:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009.04.30 21:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009.04.30 15:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008.08.05 11:14:13 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ATIBRTMON.EXE
[2008.04.14 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.14 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 14:00:00 | 000,433,472 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 14:00:00 | 000,068,318 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 14:00:00 | 000,007,184 | ---- | C] () -- C:\WINDOWS\System32\actxprxyx.dat
[2008.04.14 14:00:00 | 000,006,672 | ---- | C] () -- C:\WINDOWS\System32\ansif.dat
[2008.04.14 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.14 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011.07.05 16:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Canon
[2011.11.20 16:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\go
[2011.04.28 19:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\gtk-2.0
[2009.05.24 23:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\OpenOffice.org
[2010.05.10 17:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\SmartDraw
[2010.12.10 12:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TypingMaster7
[2010.05.10 18:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\XMind
[2011.11.07 19:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2009.06.02 09:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011.06.18 23:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011.11.20 16:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011.11.21 18:49:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
[2011.11.21 19:07:56 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{99CDBBA8-5870-40DA-98BE-39626B4DEE36}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009.05.19 18:06:02 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011.11.07 19:32:01 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009.05.19 18:06:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009.05.19 18:06:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009.05.19 18:06:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008.04.14 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008.04.14 14:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011.11.21 18:48:56 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007.06.22 17:05:38 | 005,868,888 | ---- | M] () -- C:\SetupSG.exe

< %systemroot%\Fonts\*.com >
[2006.04.18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006.06.29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006.04.18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006.06.29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009.05.19 18:05:46 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008.07.06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008.07.06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010.04.16 23:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009.05.19 20:52:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.05.19 20:52:48 | 001,064,960 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.05.19 20:52:48 | 000,917,504 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009.05.19 18:06:08 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009.05.19 18:09:29 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009.05.19 18:09:28 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011.07.16 22:21:00 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\gmer.exe
[2011.11.20 21:59:30 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Admin\Desktop\HijackThis.exe
[2011.11.21 18:53:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-11 22:35:00

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >



Extras.Txt

OTL Extras logfile created on: 21.11.2011 19:04:19 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040B | Country: Finland | Language: FIN | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 69,74% Memory free
3,85 Gb Paging File | 3,24 Gb Available in Paging File | 84,14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180,66 Gb Total Space | 93,86 Gb Free Space | 51,95% Space Free | Partition Type: NTFS
Drive D: | 750,84 Gb Total Space | 700,45 Gb Free Space | 93,29% Space Free | Partition Type: NTFS
Drive E: | 465,75 Gb Total Space | 404,52 Gb Free Space | 86,85% Space Free | Partition Type: NTFS
Drive H: | 1,91 Gb Total Space | 1,90 Gb Free Space | 99,37% Space Free | Partition Type: FAT

Computer Name: ADMIN-78A2E3BA3 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AEC292-1A31-CE8E-47E4-266FE77D2570}" = CCC Help Norwegian
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{060D01AA-1D31-AE78-C40F-84031E2190A1}" = Catalyst Control Center Localization Spanish
"{0D62D425-0E0D-DE26-0093-A292D2046C7D}" = CCC Help Italian
"{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver
"{13FA4672-7F3E-7DE8-706D-92930F5C9FF6}" = Catalyst Control Center Localization Russian
"{141EB687-5AFE-B981-0A01-A62F6B862712}" = CCC Help English
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D2B49A-7ADF-528D-2BDA-082F08067F8F}" = Catalyst Control Center Localization German
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1FD2F747-3498-EAFB-B4B8-962077341645}" = Skins
"{2008E16E-EB17-B0D1-BB6D-895A57964470}" = Catalyst Control Center Localization Norwegian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java™ 7 Update 1
"{27BA81F4-0625-02B2-B1C8-E8BEE22A9BE3}" = Catalyst Control Center Localization Turkish
"{284B8284-A557-F842-5A71-78B49BB56B6B}" = ccc-utility
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31933300-7BE3-0040-7962-9B978F57E9B5}" = CCC Help English
"{344846B1-5F9E-12EE-20A8-0F409C65786C}" = Catalyst Control Center Graphics Full Existing
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3648BEC1-6D29-895B-1B54-CDFA8D514B42}" = ccc-utility
"{36E2106B-699C-E74C-C50B-71219A8A3F93}" = Catalyst Control Center Localization French
"{3F3AAD8C-73AE-1980-8606-E3A52AD97CA8}" = CCC Help English
"{412B84F5-74AF-7E93-CF49-D9BEA2DC0C69}" = CCC Help Portuguese
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4893A35F-0A23-48EC-8E74-24969244D6F2}" = Catalyst Control Center - Branding
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C7E7069-1B8C-2E4D-B107-11F854644574}" = Catalyst Control Center Localization Polish
"{4EDA610E-C095-7BCC-4A5E-9EBAB7AA7781}" = CCC Help Japanese
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5AAE882D-F6F7-9791-A0EC-CE1667698211}" = ccc-core-preinstall
"{5C94106E-9072-4C3D-9EAF-184208082ACE}" = OpenOffice.org 3.0
"{632877AA-8645-9E20-C868-7C8B5B9AF977}" = Catalyst Control Center Localization Portuguese
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6CC91C8C-EA7E-D8BB-BB55-3BAA380FA3CA}" = CCC Help Greek
"{6F215FEB-DAAB-DEB0-243C-741BEBF12170}" = CCC Help Danish
"{785849CD-9B33-4267-7574-5584670060B0}" = CCC Help Chinese Standard
"{80612765-75C0-274D-A7E7-D24F3C928A9B}" = Catalyst Control Center InstallProxy
"{8246A227-5472-F50B-7F06-A2FE74FBD76A}" = Catalyst Control Center Graphics Light
"{83E2D6A5-27C7-969D-F068-6DAE5BE023B2}" = Catalyst Control Center Graphics Full New
"{8477A5FF-4D1C-B389-EA56-FA210049107C}" = CCC Help Chinese Traditional
"{87A957D3-47F6-4990-A646-26BC4893D29A}" = CCC Help French
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = PageRage 1.10.01
"{899EAFD7-E8FA-3404-61BA-8D067F1209E6}" = Catalyst Control Center Localization Czech
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8BA39C32-5CB4-E900-4402-866AA1C8065C}" = CCC Help Swedish
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96EC9FA7-4D5A-AB5E-B5FA-799244BE8C5D}" = Catalyst Control Center Localization Dutch
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36DDA33-B366-945D-8023-A53F215DC648}" = CCC Help Korean
"{A6C43283-52B7-1E63-8DF3-930719957355}" = Catalyst Control Center Localization Japanese
"{A7B752D5-CBBF-C03E-78F5-901E3C94AB77}" = ccc-core-static
"{AA35566E-FE00-B933-B07D-16CDEFCF582F}" = CCC Help Finnish
"{AA716909-456B-FFC8-3421-70DA51C87C2C}" = CCC Help Spanish
"{ABC7CD00-BE88-24D2-0A4B-14ECFFBD206D}" = ccc-utility
"{AC5F0006-B59B-EEB5-BAE2-02F53E6A484D}" = AMD Catalyst Install Manager
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B1CA9E18-CF9D-CDD2-3B63-7FE37F4DF61A}" = Catalyst Control Center Localization Chinese Traditional
"{B39916D7-71AD-A556-6E88-ED1C7E77CD46}" = Catalyst Control Center Localization Italian
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BB60C298-4D09-F980-08FE-7B20CEAA007F}" = CCC Help Hungarian
"{BBF79B97-F1F4-B472-B8D4-70D865E1AB5A}" = Catalyst Control Center Localization Swedish
"{BC33E578-2003-C1DD-5769-470E32195CF2}" = Catalyst Control Center Graphics Previews Common
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7A9095-71FB-2891-78B3-31C9C5B0C901}" = CCC Help Turkish
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1DC125C-9CB9-31ED-9F52-6056F63BF6E2}" = Catalyst Control Center Core Implementation
"{C3E6BD4B-B0E5-F989-E431-EB6949FB4ADA}" = Catalyst Control Center Localization Korean
"{C5F15B3A-3B3F-7865-1A76-BC2BE1FE81AF}" = CCC Help Thai
"{CA1C8BBC-0DDA-1A3B-CCDD-24313832DABE}" = CCC Help German
"{CC5D2528-A9D0-FBCD-3CE0-0BDA658B30AF}" = Catalyst Control Center Localization Greek
"{CD6DC991-9FDD-0338-FC18-B36B09669F6C}" = CCC Help Russian
"{CE0C5526-9283-A1CC-220F-AED90349ACDC}" = Catalyst Control Center Localization Hungarian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2AE6E2C-1D83-1D42-FE28-1BD9681E25FC}" = CCC Help Czech
"{D88615A2-E957-D475-5476-515620E07119}" = Catalyst Control Center Localization Chinese Standard
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E1BB2F42-B3AA-79D7-4F3A-53791A09EB10}" = Catalyst Control Center Localization Danish
"{E3995DE8-3772-6215-C5AE-BF343E3BEA0C}" = CCC Help Dutch
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E9A1C620-2F7B-3A85-398A-3F0006903F7E}" = Catalyst Control Center Localization Thai
"{EACD7C2E-FC91-5342-83C7-4A62DB710948}" = CCC Help Polish
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F14B6DB9-11AE-8998-F871-46DD4463DC11}" = Catalyst Control Center Localization Finnish
"{F7F2F97C-D65C-550D-FEBE-6B71ED9D241F}" = Catalyst Control Center Graphics Previews Common
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CCleaner" = CCleaner
"EZBack-it-up_is1" = EZBack-it-up 2.0.1
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Liveupdate5_is1" = Liveupdate5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 8.0 (x86 en-GB)" = Mozilla Firefox 8.0 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Picasa 3" = Picasa 3
"ST6UNST #1" = Näppäri
"Trillian" = Trillian
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Vokabel_is1" = Vokabel 2.31
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XMind" = XMind

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SmartDraw 2010" = SmartDraw 2010

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23.9.2010 0:39:24 | Computer Name = ADMIN-78A2E3BA3 | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8.10.2010 15:05:39 | Computer Name = ADMIN-78A2E3BA3 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3909, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 23.9.2010 0:39:24 | Computer Name = ADMIN-78A2E3BA3 | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8.10.2010 15:05:39 | Computer Name = ADMIN-78A2E3BA3 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3909, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 20.11.2011 10:31:58 | Computer Name = ADMIN-78A2E3BA3 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 20.11.2011 10:31:58 | Computer Name = ADMIN-78A2E3BA3 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 20.11.2011 10:31:58 | Computer Name = ADMIN-78A2E3BA3 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 20.11.2011 10:31:58 | Computer Name = ADMIN-78A2E3BA3 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 20.11.2011 10:31:58 | Computer Name = ADMIN-78A2E3BA3 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 20.11.2011 11:01:17 | Computer Name = ADMIN-78A2E3BA3 | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%3

Error - 20.11.2011 11:01:17 | Computer Name = ADMIN-78A2E3BA3 | Source = Service Control Manager | ID = 7023
Description = The SSHNAS service terminated with the following error: %%126

Error - 20.11.2011 14:18:22 | Computer Name = ADMIN-78A2E3BA3 | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%3

Error - 20.11.2011 15:16:10 | Computer Name = ADMIN-78A2E3BA3 | Source = Removable Storage Service | ID = 262159
Description = RSM cannot manage library PhysicalDrive2. The database is corrupt.

Error - 21.11.2011 12:49:18 | Computer Name = ADMIN-78A2E3BA3 | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%3


< End of report >



Gmer.txt

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-21 19:24:37
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort2 SAMSUNG_HD103UJ rev.1AA01113
Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\fwporaow.sys


---- System - GMER 1.0.15 ----

SSDT F37C723C ZwClose
SSDT F37C71F6 ZwCreateKey
SSDT F37C7246 ZwCreateSection
SSDT F37C71EC ZwCreateThread
SSDT F37C71FB ZwDeleteKey
SSDT F37C7205 ZwDeleteValueKey
SSDT F37C7237 ZwDuplicateObject
SSDT F37C720A ZwLoadKey
SSDT F37C71D8 ZwOpenProcess
SSDT F37C71DD ZwOpenThread
SSDT F37C725F ZwQueryValueKey
SSDT F37C7214 ZwReplaceKey
SSDT F37C7250 ZwRequestWaitReplyPort
SSDT F37C720F ZwRestoreKey
SSDT F37C724B ZwSetContextThread
SSDT F37C7255 ZwSetSecurityObject
SSDT F37C7200 ZwSetValueKey
SSDT F37C725A ZwSystemDebugControl
SSDT F37C71E7 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF647C000, 0x2AAE02, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[124] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[124] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C6000A
.text C:\WINDOWS\Explorer.EXE[124] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C0000C
.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0071000A
.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0072000A
.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0070000C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1768] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106AC350 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1768] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106AC2E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1768] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1045E363 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1768] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1045E91C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2784] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0156000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2784] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0157000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2784] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0155000C
.text C:\WINDOWS\system32\wuauclt.exe[3360] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CC000A
.text C:\WINDOWS\system32\wuauclt.exe[3360] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CD000A
.text C:\WINDOWS\system32\wuauclt.exe[3360] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00CB000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T0L0-11 8A76131B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A76131B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A76131B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T0L0-5 8A76131B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A76131B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8A76131B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T1L0-19 8A76131B

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 [email protected] code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

Edited by GaryGG, 25 November 2011 - 02:39 AM.

  • 0

#4
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Hello again GaryGG

You do have an infection on your computer so we need to do some more work. ;)

Please download TDSSKiller.zip

  • extract it to your desktop
  • double click TDSSKiller.exe
  • press Start Scan
  • only if Malicious objects are found then ensure Cure is selected
  • then click Continue > Reboot now
  • copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\) called TDSSKiller_*** (*** denotes version & date)

======================================================

Download and run ComboFix

Download ComboFix from the following location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.

Posted Image


  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.

Note: Do not mouse-click combofix's window while it is running. That may cause it to stall.

When finished, it will produce a log. Please include the ComboFix.txt in your next reply. It can be found at C:\ComboFix.txt

Satchfan
  • 0

#5
GaryGG

GaryGG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi, here are the two logs you asked for:

TDSSKiller

09:41:37.0734 1780 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
09:41:39.0015 1780 ============================================================
09:41:39.0015 1780 Current date / time: 2011/11/22 09:41:39.0015
09:41:39.0015 1780 SystemInfo:
09:41:39.0015 1780
09:41:39.0015 1780 OS Version: 5.1.2600 ServicePack: 3.0
09:41:39.0015 1780 Product type: Workstation
09:41:39.0015 1780 ComputerName: ADMIN-78A2E3BA3
09:41:39.0015 1780 UserName: Admin
09:41:39.0015 1780 Windows directory: C:\WINDOWS
09:41:39.0015 1780 System windows directory: C:\WINDOWS
09:41:39.0015 1780 Processor architecture: Intel x86
09:41:39.0015 1780 Number of processors: 2
09:41:39.0015 1780 Page size: 0x1000
09:41:39.0015 1780 Boot type: Normal boot
09:41:39.0015 1780 ============================================================
09:41:40.0531 1780 Initialize success
09:41:57.0859 3416 ============================================================
09:41:57.0859 3416 Scan started
09:41:57.0859 3416 Mode: Manual;
09:41:57.0859 3416 ============================================================
09:41:58.0609 3416 Abiosdsk - ok
09:41:58.0625 3416 abp480n5 - ok
09:41:58.0656 3416 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:41:58.0656 3416 ACPI - ok
09:41:58.0687 3416 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:41:58.0687 3416 ACPIEC - ok
09:41:58.0687 3416 adpu160m - ok
09:41:58.0718 3416 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:41:58.0718 3416 aec - ok
09:41:58.0750 3416 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:41:58.0750 3416 AFD - ok
09:41:58.0750 3416 Aha154x - ok
09:41:58.0765 3416 aic78u2 - ok
09:41:58.0765 3416 aic78xx - ok
09:41:58.0781 3416 AliIde - ok
09:41:58.0781 3416 amsint - ok
09:41:58.0796 3416 asc - ok
09:41:58.0812 3416 asc3350p - ok
09:41:58.0812 3416 asc3550 - ok
09:41:58.0828 3416 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:41:58.0843 3416 AsyncMac - ok
09:41:58.0859 3416 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:41:58.0859 3416 atapi - ok
09:41:58.0859 3416 Atdisk - ok
09:41:59.0125 3416 ati2mtag (0a8b257db810be78ac9fd1860b4ba22b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:41:59.0156 3416 ati2mtag - ok
09:41:59.0171 3416 AtiHdmiService (591a9eabb5ef5168e435c2f18b05dd76) C:\WINDOWS\system32\drivers\AtiHdmi.sys
09:41:59.0171 3416 AtiHdmiService - ok
09:41:59.0187 3416 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:41:59.0187 3416 Atmarpc - ok
09:41:59.0218 3416 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:41:59.0218 3416 audstub - ok
09:41:59.0250 3416 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
09:41:59.0250 3416 avgntflt - ok
09:41:59.0281 3416 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOWS\system32\DRIVERS\avipbb.sys
09:41:59.0281 3416 avipbb - ok
09:41:59.0312 3416 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
09:41:59.0312 3416 avkmgr - ok
09:41:59.0359 3416 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:41:59.0359 3416 Beep - ok
09:41:59.0406 3416 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:41:59.0421 3416 cbidf2k - ok
09:41:59.0437 3416 CCDECODE (fdc06e2ada8c468ebb161624e03976cf) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:41:59.0453 3416 CCDECODE - ok
09:41:59.0468 3416 cd20xrnt - ok
09:41:59.0468 3416 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:41:59.0468 3416 Cdaudio - ok
09:41:59.0484 3416 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:41:59.0484 3416 Cdfs - ok
09:41:59.0515 3416 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:41:59.0515 3416 Cdrom - ok
09:41:59.0515 3416 Changer - ok
09:41:59.0546 3416 CmdIde - ok
09:41:59.0562 3416 Cpqarray - ok
09:41:59.0593 3416 dac2w2k - ok
09:41:59.0609 3416 dac960nt - ok
09:41:59.0625 3416 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:41:59.0625 3416 Disk - ok
09:41:59.0718 3416 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:41:59.0750 3416 dmboot - ok
09:41:59.0765 3416 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:41:59.0765 3416 dmio - ok
09:41:59.0781 3416 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:41:59.0796 3416 dmload - ok
09:41:59.0812 3416 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:41:59.0812 3416 DMusic - ok
09:41:59.0828 3416 dpti2o - ok
09:41:59.0843 3416 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:41:59.0843 3416 drmkaud - ok
09:41:59.0859 3416 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:41:59.0859 3416 Fastfat - ok
09:41:59.0859 3416 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:41:59.0875 3416 Fdc - ok
09:41:59.0890 3416 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:41:59.0890 3416 Fips - ok
09:41:59.0890 3416 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:41:59.0890 3416 Flpydisk - ok
09:41:59.0906 3416 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:41:59.0906 3416 FltMgr - ok
09:41:59.0937 3416 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
09:41:59.0937 3416 fssfltr - ok
09:41:59.0953 3416 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:41:59.0953 3416 Fs_Rec - ok
09:41:59.0953 3416 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:41:59.0968 3416 Ftdisk - ok
09:41:59.0968 3416 GMSIPCI - ok
09:41:59.0984 3416 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:41:59.0984 3416 Gpc - ok
09:42:00.0000 3416 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:42:00.0000 3416 HDAudBus - ok
09:42:00.0031 3416 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:42:00.0031 3416 hidusb - ok
09:42:00.0046 3416 hpn - ok
09:42:00.0078 3416 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:42:00.0078 3416 HTTP - ok
09:42:00.0093 3416 i2omgmt - ok
09:42:00.0093 3416 i2omp - ok
09:42:00.0109 3416 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:42:00.0109 3416 i8042prt - ok
09:42:00.0125 3416 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:42:00.0125 3416 Imapi - ok
09:42:00.0125 3416 ini910u - ok
09:42:00.0203 3416 IntcAzAudAddService (662b65eeb8d070bd1162a7b63859afcf) C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:42:00.0234 3416 IntcAzAudAddService - ok
09:42:00.0234 3416 IntelIde - ok
09:42:00.0250 3416 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:42:00.0250 3416 intelppm - ok
09:42:00.0265 3416 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:42:00.0281 3416 Ip6Fw - ok
09:42:00.0281 3416 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:42:00.0296 3416 IpFilterDriver - ok
09:42:00.0296 3416 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:42:00.0296 3416 IpInIp - ok
09:42:00.0312 3416 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:42:00.0312 3416 IpNat - ok
09:42:00.0312 3416 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:42:00.0328 3416 IPSec - ok
09:42:00.0328 3416 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:42:00.0328 3416 IRENUM - ok
09:42:00.0343 3416 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:42:00.0359 3416 isapnp - ok
09:42:00.0359 3416 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:42:00.0359 3416 Kbdclass - ok
09:42:00.0375 3416 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:42:00.0375 3416 kbdhid - ok
09:42:00.0375 3416 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:42:00.0375 3416 kmixer - ok
09:42:00.0390 3416 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:42:00.0390 3416 KSecDD - ok
09:42:00.0406 3416 lbrtfdc - ok
09:42:00.0421 3416 LVPr2Mon (c57c48fb9ae3efb9848af594e3123a63) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
09:42:00.0437 3416 LVPr2Mon - ok
09:42:00.0453 3416 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
09:42:00.0453 3416 MBAMProtector - ok
09:42:00.0468 3416 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:42:00.0468 3416 mnmdd - ok
09:42:00.0484 3416 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:42:00.0484 3416 Modem - ok
09:42:00.0500 3416 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:42:00.0500 3416 Mouclass - ok
09:42:00.0515 3416 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:42:00.0515 3416 mouhid - ok
09:42:00.0531 3416 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:42:00.0531 3416 MountMgr - ok
09:42:00.0546 3416 mraid35x - ok
09:42:00.0546 3416 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:42:00.0546 3416 MRxDAV - ok
09:42:00.0578 3416 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:42:00.0578 3416 MRxSmb - ok
09:42:00.0593 3416 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:42:00.0593 3416 Msfs - ok
09:42:00.0640 3416 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\Program Files\MSI\Live Update 5\msibios32_100507.sys
09:42:00.0640 3416 MSI_MSIBIOS_010507 - ok
09:42:00.0656 3416 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:42:00.0671 3416 MSKSSRV - ok
09:42:00.0687 3416 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:42:00.0687 3416 MSPCLOCK - ok
09:42:00.0703 3416 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:42:00.0703 3416 MSPQM - ok
09:42:00.0718 3416 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:42:00.0718 3416 mssmbios - ok
09:42:00.0750 3416 MSTEE (d5059366b361f0e1124753447af08aa2) C:\WINDOWS\system32\drivers\MSTEE.sys
09:42:00.0750 3416 MSTEE - ok
09:42:00.0765 3416 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:42:00.0765 3416 Mup - ok
09:42:00.0781 3416 NABTSFEC (ac31b352ce5e92704056d409834beb74) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:42:00.0781 3416 NABTSFEC - ok
09:42:00.0796 3416 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:42:00.0796 3416 NDIS - ok
09:42:00.0812 3416 NdisIP (abd7629cf2796250f315c1dd0b6cf7a0) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:42:00.0812 3416 NdisIP - ok
09:42:00.0828 3416 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:42:00.0828 3416 NdisTapi - ok
09:42:00.0843 3416 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:42:00.0843 3416 Ndisuio - ok
09:42:00.0859 3416 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:42:00.0859 3416 NdisWan - ok
09:42:00.0875 3416 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:42:00.0875 3416 NDProxy - ok
09:42:00.0875 3416 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:42:00.0875 3416 NetBIOS - ok
09:42:00.0890 3416 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:42:00.0890 3416 NetBT - ok
09:42:00.0921 3416 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:42:00.0921 3416 Npfs - ok
09:42:00.0921 3416 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:42:00.0937 3416 Ntfs - ok
09:42:00.0953 3416 NTIOLib_1_0_4 (cd2166c9511d336a058cde91778aaa69) C:\Program Files\MSI\Live Update 5\NTIOLib.sys
09:42:00.0953 3416 NTIOLib_1_0_4 - ok
09:42:00.0984 3416 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:42:00.0984 3416 Null - ok
09:42:01.0000 3416 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:42:01.0000 3416 NwlnkFlt - ok
09:42:01.0015 3416 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:42:01.0015 3416 NwlnkFwd - ok
09:42:01.0031 3416 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:42:01.0031 3416 Parport - ok
09:42:01.0031 3416 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:42:01.0031 3416 PartMgr - ok
09:42:01.0046 3416 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:42:01.0046 3416 ParVdm - ok
09:42:01.0078 3416 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:42:01.0078 3416 PCI - ok
09:42:01.0078 3416 PCIDump - ok
09:42:01.0093 3416 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:42:01.0093 3416 PCIIde - ok
09:42:01.0109 3416 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:42:01.0109 3416 Pcmcia - ok
09:42:01.0125 3416 PDCOMP - ok
09:42:01.0125 3416 PDFRAME - ok
09:42:01.0140 3416 PDRELI - ok
09:42:01.0140 3416 PDRFRAME - ok
09:42:01.0140 3416 perc2 - ok
09:42:01.0156 3416 perc2hib - ok
09:42:01.0218 3416 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
09:42:01.0250 3416 PID_PEPI - ok
09:42:01.0281 3416 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:42:01.0281 3416 PptpMiniport - ok
09:42:01.0281 3416 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:42:01.0281 3416 PSched - ok
09:42:01.0296 3416 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:42:01.0296 3416 Ptilink - ok
09:42:01.0312 3416 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:42:01.0312 3416 PxHelp20 - ok
09:42:01.0328 3416 ql1080 - ok
09:42:01.0343 3416 Ql10wnt - ok
09:42:01.0343 3416 ql12160 - ok
09:42:01.0343 3416 ql1240 - ok
09:42:01.0359 3416 ql1280 - ok
09:42:01.0359 3416 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:42:01.0359 3416 RasAcd - ok
09:42:01.0375 3416 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:42:01.0375 3416 Rasl2tp - ok
09:42:01.0390 3416 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:42:01.0390 3416 RasPppoe - ok
09:42:01.0390 3416 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:42:01.0390 3416 Raspti - ok
09:42:01.0437 3416 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:42:01.0437 3416 Rdbss - ok
09:42:01.0437 3416 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:42:01.0437 3416 RDPCDD - ok
09:42:01.0468 3416 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:42:01.0468 3416 RDPWD - ok
09:42:01.0484 3416 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:42:01.0484 3416 redbook - ok
09:42:01.0515 3416 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
09:42:01.0515 3416 RTLE8023xp - ok
09:42:01.0546 3416 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:42:01.0546 3416 Secdrv - ok
09:42:01.0562 3416 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:42:01.0562 3416 serenum - ok
09:42:01.0578 3416 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:42:01.0578 3416 Serial - ok
09:42:01.0609 3416 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:42:01.0609 3416 Sfloppy - ok
09:42:01.0625 3416 Simbad - ok
09:42:01.0640 3416 SLIP (1ffc44d6787ec1ea9a2b1440a90fa5c1) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:42:01.0656 3416 SLIP - ok
09:42:01.0656 3416 Sparrow - ok
09:42:01.0671 3416 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:42:01.0671 3416 splitter - ok
09:42:01.0687 3416 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:42:01.0703 3416 sr - ok
09:42:01.0718 3416 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:42:01.0718 3416 Srv - ok
09:42:01.0750 3416 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
09:42:01.0750 3416 ssmdrv - ok
09:42:01.0765 3416 streamip (a9f9fd0212e572b84edb9eb661f6bc04) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:42:01.0765 3416 streamip - ok
09:42:01.0781 3416 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:42:01.0781 3416 swenum - ok
09:42:01.0796 3416 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:42:01.0796 3416 swmidi - ok
09:42:01.0796 3416 symc810 - ok
09:42:01.0812 3416 symc8xx - ok
09:42:01.0812 3416 sym_hi - ok
09:42:01.0828 3416 sym_u3 - ok
09:42:01.0859 3416 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:42:01.0859 3416 sysaudio - ok
09:42:01.0875 3416 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:42:01.0875 3416 Tcpip - ok
09:42:01.0890 3416 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:42:01.0890 3416 TDPIPE - ok
09:42:01.0906 3416 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:42:01.0921 3416 TDTCP - ok
09:42:01.0921 3416 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:42:01.0921 3416 TermDD - ok
09:42:01.0937 3416 TosIde - ok
09:42:01.0953 3416 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:42:01.0953 3416 Udfs - ok
09:42:01.0968 3416 ultra - ok
09:42:01.0984 3416 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:42:01.0984 3416 Update - ok
09:42:02.0015 3416 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
09:42:02.0031 3416 usbaudio - ok
09:42:02.0046 3416 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:42:02.0046 3416 usbccgp - ok
09:42:02.0062 3416 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:42:02.0062 3416 usbehci - ok
09:42:02.0078 3416 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:42:02.0078 3416 usbhub - ok
09:42:02.0109 3416 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:42:02.0109 3416 usbscan - ok
09:42:02.0125 3416 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:42:02.0125 3416 USBSTOR - ok
09:42:02.0140 3416 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:42:02.0140 3416 usbuhci - ok
09:42:02.0156 3416 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:42:02.0156 3416 VgaSave - ok
09:42:02.0156 3416 ViaIde - ok
09:42:02.0171 3416 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:42:02.0187 3416 VolSnap - ok
09:42:02.0203 3416 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:42:02.0203 3416 Wanarp - ok
09:42:02.0203 3416 WDICA - ok
09:42:02.0218 3416 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:42:02.0218 3416 wdmaud - ok
09:42:02.0265 3416 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
09:42:02.0265 3416 WpdUsb - ok
09:42:02.0281 3416 WSTCODEC (233cdd1c06942115802eb7ce6669e099) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:42:02.0281 3416 WSTCODEC - ok
09:42:02.0296 3416 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:42:02.0296 3416 WudfPf - ok
09:42:02.0296 3416 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:42:02.0312 3416 WudfRd - ok
09:42:02.0328 3416 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
09:42:02.0328 3416 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
09:42:02.0328 3416 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
09:42:02.0343 3416 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
09:42:02.0343 3416 \Device\Harddisk1\DR1 - ok
09:42:02.0375 3416 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR5
09:42:02.0406 3416 \Device\Harddisk2\DR5 - ok
09:42:02.0406 3416 Boot (0x1200) (68b858d48e3afc01def204380439872a) \Device\Harddisk0\DR0\Partition0
09:42:02.0406 3416 \Device\Harddisk0\DR0\Partition0 - ok
09:42:02.0421 3416 Boot (0x1200) (c42566f3895626633fc46435e1c3a1b2) \Device\Harddisk0\DR0\Partition1
09:42:02.0421 3416 \Device\Harddisk0\DR0\Partition1 - ok
09:42:02.0421 3416 Boot (0x1200) (7ea06bd38cf34443b8825c7e7c4343f6) \Device\Harddisk1\DR1\Partition0
09:42:02.0421 3416 \Device\Harddisk1\DR1\Partition0 - ok
09:42:02.0437 3416 Boot (0x1200) (73cc18a54567696d90148fbfdc3a34ee) \Device\Harddisk2\DR5\Partition0
09:42:02.0437 3416 \Device\Harddisk2\DR5\Partition0 - ok
09:42:02.0453 3416 ============================================================
09:42:02.0453 3416 Scan finished
09:42:02.0453 3416 ============================================================
09:42:02.0453 0932 Detected object count: 1
09:42:02.0453 0932 Actual detected object count: 1
09:42:34.0109 0932 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
09:42:34.0109 0932 \Device\Harddisk0\DR0 - ok
09:42:34.0109 0932 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
09:42:37.0890 2452 Deinitialize success



ComboFix

ComboFix 11-11-22.01 - Admin 22.11.2011 9:56.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1446 [GMT 2:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\System
c:\documents and settings\Admin\System\win_qs8.jqx
c:\documents and settings\Admin\WINDOWS
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\IsUn0407.exe
c:\windows\system32\554501205.dat
c:\windows\TEMP\logishrd\LVPrcInj02.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RASMANVSS
-------\Legacy_SSHNAS
-------\Service_RasManVSS
.
.
((((((((((((((((((((((((( Files Created from 2011-10-22 to 2011-11-22 )))))))))))))))))))))))))))))))
.
.
2011-11-21 18:59 . 2011-11-21 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2011-11-21 18:58 . 2011-11-21 18:58 -------- d-----w- c:\program files\AMD APP
2011-11-21 17:47 . 2011-11-21 17:47 -------- d-----w- c:\program files\Microsoft.NET
2011-11-20 19:16 . 2011-11-20 19:16 -------- d-----w- c:\windows\system32\NtmsData
2011-11-20 18:24 . 2011-11-20 18:24 -------- d-----w- c:\documents and settings\Admin\Application Data\Avira
2011-11-20 18:19 . 2011-10-19 14:56 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-20 18:19 . 2011-10-19 14:56 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-11-20 18:19 . 2011-10-19 14:56 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-11-20 18:19 . 2011-11-20 18:19 -------- d-----w- c:\program files\Avira
2011-11-20 18:19 . 2011-11-20 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-11-20 15:37 . 2011-11-20 15:37 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Temp
2011-11-20 15:17 . 2011-11-20 15:17 -------- d-----w- c:\program files\Common Files\Adobe
2011-11-20 15:06 . 2011-11-20 15:06 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Sun
2011-11-20 14:57 . 2011-11-20 14:57 54016 ----a-w- c:\windows\system32\drivers\bynht.sys
2011-11-20 14:48 . 2011-11-20 14:48 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2011-11-20 14:48 . 2011-11-20 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-20 14:48 . 2011-11-20 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-20 14:48 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-20 14:38 . 2011-11-20 14:38 -------- d-----w- c:\program files\Common Files\Java
2011-11-20 14:38 . 2011-11-20 14:38 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-20 14:38 . 2011-11-20 14:38 -------- d-----w- c:\program files\Java
2011-11-07 17:48 . 2011-11-07 17:48 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-20 18:34 . 2011-06-30 19:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-20 14:38 . 2010-09-19 11:33 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-10 14:22 . 2009-05-19 16:04 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 08:41 . 2008-07-29 16:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 08:41 . 2008-04-14 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 08:41 . 2008-04-14 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-14 09:47 . 2011-09-14 09:47 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-09-14 09:46 . 2011-09-14 09:46 13625856 ----a-w- c:\windows\system32\amdocl.dll
2011-09-14 09:38 . 2011-09-14 09:38 37376 ----a-w- c:\windows\system32\amdoclcl.dll
2011-09-08 18:24 . 2008-09-05 18:57 7180800 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-09-08 18:17 . 2009-05-19 16:26 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-09-08 17:50 . 2011-05-04 17:04 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-09-08 17:50 . 2011-05-04 17:04 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-09-08 17:46 . 2011-05-04 17:04 5701632 ----a-w- c:\windows\system32\aticaldd.dll
2011-09-08 17:41 . 2008-09-05 14:02 18571264 ----a-w- c:\windows\system32\atioglxx.dll
2011-09-08 17:26 . 2009-05-19 16:26 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-09-08 17:25 . 2008-09-05 13:59 3953280 ----a-w- c:\windows\system32\ati3duag.dll
2011-09-08 17:25 . 2008-09-05 14:22 303104 ----a-w- c:\windows\system32\ati2dvag.dll
2011-09-08 17:19 . 2011-05-04 17:04 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-09-08 17:09 . 2008-09-05 13:41 3174656 ----a-w- c:\windows\system32\ativvaxx.dll
2011-09-08 17:09 . 2008-09-05 14:12 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-09-08 17:09 . 2008-09-05 14:12 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-09-08 17:09 . 2008-09-05 14:12 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-09-08 17:08 . 2008-09-05 14:12 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-09-08 17:08 . 2008-09-05 14:11 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-09-08 17:07 . 2008-09-05 14:10 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-09-08 17:06 . 2008-09-05 14:08 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-09-08 17:05 . 2011-05-04 17:04 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-09-08 17:01 . 2008-09-05 13:20 704512 ----a-w- c:\windows\system32\atikvmag.dll
2011-09-08 17:00 . 2008-09-05 13:18 528384 ----a-w- c:\windows\system32\atiok3x2.dll
2011-09-08 16:58 . 2008-09-05 13:19 208896 ----a-w- c:\windows\system32\atiadlxx.dll
2011-09-08 16:58 . 2008-09-05 13:19 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-09-08 16:52 . 2008-09-05 13:12 876544 ----a-w- c:\windows\system32\ati2cqag.dll
2011-09-08 16:52 . 2011-05-04 17:04 65024 ----a-w- c:\windows\system32\atimpc32.dll
2011-09-08 16:52 . 2008-09-05 13:25 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2011-09-08 16:52 . 2008-09-05 13:18 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-09-06 13:20 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 18:28 . 2011-05-08 15:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-02-17 20:49 191488 ------w- c:\program files\PageRage\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-06-02 5451536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-26 18081280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Admin\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Trillian.lnk]
path=c:\documents and settings\Admin\Start Menu\Programs\Startup\Trillian.lnk
backup=c:\windows\pss\Trillian.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZBack-it-up Tray Scheduler]
2004-06-03 14:30 631808 ----a-w- c:\program files\EZBackitup\EZBkuptray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Live Update 5]
2011-03-22 13:07 1261568 ----a-w- c:\program files\MSI\Live Update 5\LU5.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-05-08 07:35 2780432 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-04-18 14:30 15146376 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-05-04 11:59 252136 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
.
R?2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [20.11.2011 20:19 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [20.11.2011 20:19 86224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20.11.2011 16:48 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20.11.2011 16:48 22216]
S2 AMService;AMService;c:\windows\TEMP\ayitwl\setup.exe run --> c:\windows\TEMP\ayitwl\setup.exe run [?]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\MSI\Live Update 5\msibios32_100507.sys [4.5.2011 18:36 25912]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [4.5.2011 18:36 7680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-22 c:\windows\Tasks\User_Feed_Synchronization-{99CDBBA8-5870-40DA-98BE-39626B4DEE36}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 194.100.153.174 194.100.7.84
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\y5h36sm4.default\
FF - prefs.js: browser.startup.homepage - hxxp://fi.wikipedia.org/wiki/Toiminnot:Satunnainen_sivu
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-Run-AMService - c:\windows\TEMP\ayitwl\setup.exe
MSConfigStartUp-8DDYX0ZBPZ - c:\windows\TEMP\Ppl.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-bipro - c:\windows\$XNTUninstall643$\ppjxq.dll
MSConfigStartUp-Ryopoz - c:\windows\dpidvsv.dll
MSConfigStartUp-wintask - c:\program files\wintask.exe
AddRemove-ArcSoft PhotoStudio 2000 - c:\windows\IsUn0407.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
AddRemove-SmartDraw 2010 - c:\program files\SmartDraw 2010\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-22 10:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3756)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\RTHDCPL.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2011-11-22 10:05:27 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-22 08:05
.
Pre-Run: 98 763 890 688 bytes free
Post-Run: 99 035 332 608 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - B667C09998C646FFC7EE90155691D857
  • 0

#6
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
GaryGG

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:

  • start Malwarebytes-Anti-Malware and update it, (“Update” tab}
  • once it is updated, click on “Scanner” tab, select Perform quick scan, then click Scan.
  • when the scan is complete, click OK, then Show Results to view the results.
  • be sure that everything is checked, and click Remove Selected.
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Can you also tell me now your computer is running and if there are any remaining problems,

Satchfan
  • 0

#7
GaryGG

GaryGG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi,

I did the scan and nothing found, BUT before starting the scan, my virus scanner (Avira) found the following:
A0076927.exe (TR/Kazy.41189.11). Seems almost the same as the original one (on my first post).
So there is still something weird going on...


The MBAM log is here:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8216

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22.11.2011 16:24:25
mbam-log-2011-11-22 (16-24-25).txt

Scan type: Quick scan
Objects scanned: 152991
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#8
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    %systemroot%\A0076927.exe
    *\A0076927.exe
    

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

=========================================================

Run DDS

Please download DDS by sUBs from one of the following links and save it to your desktop.

  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
  • Post the contents of the DDS.txt and Attach.txt reports in your next reply

Satchfan
  • 0

#9
GaryGG

GaryGG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi,
I was pretty sure that SystemLook would not find anything, because Avira deleted the file (A0076927.exe) after my previous post.

Here is the SystemLook log anyway:

SystemLook 30.07.11 by jpshortstuff
Log created at 21:05 on 23/11/2011 by Admin
Administrator - Elevation successful

========== filefind ==========

Searching for "%systemroot%\A0076927.exe"
No files found.

Searching for "*\A0076927.exe"
No files found.

-= EOF =-



DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.1.0
Run by Admin at 21:10:11 on 2011-11-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1339 [GMT 2:00]
.
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Admin\Desktop\SystemLook.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\pagerage\YontooIEClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [AMService] c:\windows\temp\ayitwl\setup.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 194.100.153.174 194.100.7.84
TCP: Interfaces\{F324E164-693F-4342-AD76-BD1AF57D72F4} : DhcpNameServer = 194.100.153.174 194.100.7.84
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\y5h36sm4.default\
FF - prefs.js: browser.startup.homepage - hxxp://fi.wikipedia.org/wiki/Toiminnot:Satunnainen_sivu
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-20 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-11-20 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-11-20 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-11-20 74640]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-11-15 54760]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-20 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-20 22216]
S2 AMService;AMService;c:\windows\temp\ayitwl\setup.exe run --> c:\windows\temp\ayitwl\setup.exe run [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\msi\live update 5\msibios32_100507.sys [2011-5-4 25912]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\msi\live update 5\NTIOLib.sys [2011-5-4 7680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-22 07:54:47 -------- d-sha-r- C:\cmdcons
2011-11-22 07:50:57 98816 ----a-w- c:\windows\sed.exe
2011-11-22 07:50:57 518144 ----a-w- c:\windows\SWREG.exe
2011-11-22 07:50:57 256000 ----a-w- c:\windows\PEV.exe
2011-11-22 07:50:57 208896 ----a-w- c:\windows\MBR.exe
2011-11-21 18:58:37 -------- d-----w- c:\program files\AMD APP
2011-11-20 19:16:05 -------- d-----w- c:\windows\system32\NtmsData
2011-11-20 18:24:57 -------- d-----w- c:\documents and settings\admin\application data\Avira
2011-11-20 18:19:29 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-20 18:19:29 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-11-20 18:19:26 -------- d-----w- c:\program files\Avira
2011-11-20 18:19:26 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-11-20 15:37:29 -------- d-----w- c:\documents and settings\admin\local settings\application data\Temp
2011-11-20 15:06:35 -------- d-----w- c:\documents and settings\admin\local settings\application data\Sun
2011-11-20 14:57:51 54016 ----a-w- c:\windows\system32\drivers\bynht.sys
2011-11-20 14:48:30 -------- d-----w- c:\documents and settings\admin\application data\Malwarebytes
2011-11-20 14:48:23 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-11-20 14:48:19 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-20 14:48:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-20 14:38:38 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-07 17:48:36 -------- d-----w- c:\program files\CCleaner
.
==================== Find3M ====================
.
2011-11-20 18:34:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-20 14:38:27 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 08:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 08:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 08:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-14 09:47:40 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-09-14 09:46:58 13625856 ----a-w- c:\windows\system32\amdocl.dll
2011-09-14 09:38:28 37376 ----a-w- c:\windows\system32\amdoclcl.dll
2011-09-08 18:24:14 7180800 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-09-08 18:17:00 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-09-08 17:50:08 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-09-08 17:50:02 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-09-08 17:46:32 5701632 ----a-w- c:\windows\system32\aticaldd.dll
2011-09-08 17:41:52 18571264 ----a-w- c:\windows\system32\atioglxx.dll
2011-09-08 17:26:46 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-09-08 17:25:58 3953280 ----a-w- c:\windows\system32\ati3duag.dll
2011-09-08 17:25:42 303104 ----a-w- c:\windows\system32\ati2dvag.dll
2011-09-08 17:19:36 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-09-08 17:09:28 3174656 ----a-w- c:\windows\system32\ativvaxx.dll
2011-09-08 17:09:18 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-09-08 17:09:08 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-09-08 17:09:02 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-09-08 17:08:54 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-09-08 17:08:42 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-09-08 17:07:36 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-09-08 17:06:26 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-09-08 17:05:10 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-09-08 17:01:54 704512 ----a-w- c:\windows\system32\atikvmag.dll
2011-09-08 17:00:28 528384 ----a-w- c:\windows\system32\atiok3x2.dll
2011-09-08 16:58:28 208896 ----a-w- c:\windows\system32\atiadlxx.dll
2011-09-08 16:58:06 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-09-08 16:52:44 876544 ----a-w- c:\windows\system32\ati2cqag.dll
2011-09-08 16:52:08 65024 ----a-w- c:\windows\system32\atimpc32.dll
2011-09-08 16:52:08 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2011-09-08 16:52:06 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 21:10:25,79 ===============



Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 19.5.2009 19:07:17
System Uptime: 23.11.2011 21:02:14 (0 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7528
Processor: Intel Pentium III Xeon processor | CPU 1 | 2722/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 181 GiB total, 92,635 GiB free.
D: is FIXED (NTFS) - 751 GiB total, 700,491 GiB free.
E: is FIXED (NTFS) - 466 GiB total, 404,523 GiB free.
F: is CDROM ()
G: is FIXED (FAT) - 2 GiB total, 1,896 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP541: 25.8.2011 20:25:56 - System Checkpoint
RP542: 27.8.2011 17:12:09 - System Checkpoint
RP543: 29.8.2011 11:49:22 - Software Distribution Service 3.0
RP544: 4.9.2011 18:06:04 - System Checkpoint
RP545: 7.9.2011 17:56:46 - System Checkpoint
RP546: 7.9.2011 18:55:40 - Software Distribution Service 3.0
RP547: 20.9.2011 11:22:30 - System Checkpoint
RP548: 20.9.2011 15:50:39 - Software Distribution Service 3.0
RP549: 27.9.2011 17:16:39 - Removed AMD Catalyst Install Manager
RP550: 28.9.2011 17:59:43 - System Checkpoint
RP551: 28.9.2011 21:30:49 - Software Distribution Service 3.0
RP552: 30.9.2011 22:57:58 - System Checkpoint
RP553: 5.10.2011 15:11:11 - System Checkpoint
RP554: 6.10.2011 19:52:23 - System Checkpoint
RP555: 12.10.2011 11:45:52 - System Checkpoint
RP556: 13.10.2011 0:01:30 - Software Distribution Service 3.0
RP557: 13.10.2011 18:49:13 - Software Distribution Service 3.0
RP558: 18.10.2011 14:42:49 - System Checkpoint
RP559: 18.10.2011 15:17:22 - Installed DirectX
RP560: 19.10.2011 18:25:10 - System Checkpoint
RP561: 21.10.2011 16:03:37 - System Checkpoint
RP562: 26.10.2011 13:44:08 - System Checkpoint
RP563: 27.10.2011 17:53:31 - System Checkpoint
RP564: 3.11.2011 17:15:06 - System Checkpoint
RP565: 6.11.2011 21:26:03 - System Checkpoint
RP566: 7.11.2011 21:28:42 - System Checkpoint
RP567: 9.11.2011 18:42:20 - System Checkpoint
RP568: 9.11.2011 23:31:15 - Software Distribution Service 3.0
RP569: 11.11.2011 18:05:06 - System Checkpoint
RP570: 12.11.2011 0:34:23 - Software Distribution Service 3.0
RP571: 15.11.2011 18:26:54 - System Checkpoint
RP572: 20.11.2011 16:31:33 - Removed Java™ 6 Update 13
RP573: 20.11.2011 16:38:25 - Installed Java™ 7 Update 1
RP574: 20.11.2011 17:16:46 - Removed Adobe Reader 9.4.6.
RP575: 20.11.2011 17:17:24 - Installed Adobe Reader X (10.1.1).
RP576: 20.11.2011 20:15:48 - Avira AntiVir Personal - 20.11.2011 20:15
RP577: 21.11.2011 19:05:58 - OTL Restore Point - 21.11.2011 19:05:55
RP578: 21.11.2011 19:29:22 - Software Distribution Service 3.0
RP579: 21.11.2011 19:46:47 - Software Distribution Service 3.0
RP580: 21.11.2011 20:01:49 - Software Distribution Service 3.0
RP581: 21.11.2011 20:20:00 - Software Distribution Service 3.0
RP582: 21.11.2011 20:53:07 - Removed ATI Catalyst Control Center
RP583: 22.11.2011 23:02:12 - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
AMD APP SDK Runtime
AMD Catalyst Install Manager
ASUS VGA Driver
ATI AVIVO Codecs
ATI Parental Control & Encoder
Avira Free Antivirus
Canon CanoScan Toolbox 4.1
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-utility
CCC Help English
CCleaner
EZBack-it-up 2.0.1
FreeMind
GIMP 2.6.6
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IrfanView (remove only)
Java Auto Updater
Java™ 7 Update 1
Junk Mail filter update
Liveupdate5
Logitech Webcam Software
Logitech Vid
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 8.0 (x86 en-GB)
MSN
MSVCRT
Näppäri
OpenOffice.org 3.0
Picasa 3
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype Toolbars
Skype™ 5.3
Spelling Dictionaries Support For Adobe Reader 9
Trillian
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Vokabel 2.31
XMind
.
==== Event Viewer Messages From Past Week ========
.
22.11.2011 9:49:59, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
21.11.2011 19:32:40, error: atapi [9] - The device, \Device\Ide\IdePort3, did not respond within the timeout period.
21.11.2011 19:15:25, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
20.11.2011 21:16:10, error: Removable Storage Service [15] - RSM cannot manage library PhysicalDrive2. The database is corrupt.
20.11.2011 17:01:17, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the path specified.
20.11.2011 16:31:55, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
20.11.2011 16:18:19, error: Service Control Manager [7023] - The SSHNAS service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================
  • 0

#10
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
There’s a new flavour of the infection you have on your computer so let’s run a scan and see what turns up.

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan


1. Click the Eset online Scanner button.
2. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
• Double click on the Eset installer icon on your desktop.

3. Check Yes, I accept the Terms of Use
4. Click the Start button.
5. Accept any security warnings from your browser.
6. Check Scan archives
7. Push the Start button.
8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
9. When the scan completes, push List of found threats
10. Push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Note - when ESET doesn't find any threats, no report will be created.
11. Push the back button.
12. Push Finish
If a log has been produced post it in your next reply.

Satchfan
  • 0

Advertisements


#11
GaryGG

GaryGG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
ESETScan.txt

C:\Program Files\PageRage\YontooIEClient.dll Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{072C95C1-9838-4742-8837-C83C87CF7891}\RP583\A0079950.exe Win32/Adware.NdotNet application deleted - quarantined
C:\System Volume Information\_restore{072C95C1-9838-4742-8837-C83C87CF7891}\RP584\A0079951.dll Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
D:\Viktigt\Downloads\MsgPlusLive-483.exe a variant of Win32/Adware.CiDHelp application cleaned by deleting - quarantined
D:\Viktigt\minnesticka 08.11\Minne\PhotoStory.exe a variant of Win32/TrojanDownloader.ConHook.NAJ trojan cleaned by deleting - quarantined
E:\Backup\Viktigt\D\Viktigt\Downloads\MsgPlusLive-483.exe a variant of Win32/Adware.CiDHelp application cleaned by deleting - quarantined
E:\Backup\Viktigt\D\Viktigt\minnesticka 08.11\Minne\PhotoStory.exe a variant of Win32/TrojanDownloader.ConHook.NAJ trojan cleaned by deleting - quarantined

Edited by GaryGG, 25 November 2011 - 02:40 AM.

  • 0

#12
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Hi GaryGG

The online scan cleaned up some adware but I don’t see any sign of infection left in your DDS log but I’d like a scan of this file and another scan to be sure the rootkit has gone.

Submit a file to VirusTotal

Go to VirusTotal and submit this file for analysis:

C:\WINDOWS\System32\drivers\bynht.sys


• click on Browse
• click on the arrow and choose Local Disc (C:)
Posted Image
• below, double-click on Windows
• double-click on the System32folder and then the Drivers folder
• locate the file bynht.sys click on it and then on Open
• click on Send File.
You will get a report back; post the report into this thread for me to see.

===================================================

Run aswMBR

  • download aswMBR.exe to your desktop.
  • double click the aswMBR.exe to run it
  • if asked, accept the AVAST virus definition download
  • click the "Scan" button to start scan
  • on completion of the scan click Save log, save it to your desktop and post in your next reply

Logs to include with next post:

Virus Total report
aswMBR log


Can you also tell me if there are any problems remaining.

Thanks

Satchfan
  • 0

#13
GaryGG

GaryGG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

During the latter scan (aswMBR) my own Avira Free AntiVirus scanner found 4 different viruses or malware:
C:\Documents and Settings\Admin\...\unp130832846.tmp (TR/Crypt.XPACK.Gen)
C:\Documents and Settings\Admin\...\unp66709890.tmp (TR/Crypt.XPACK.Gen)
av47C6.tmp (TR/Crypt.XPACK.Gen)
ComboFix.exe (TR/Yakes.ado.11)

So there is still something weird going on...

Here are the logs again:

Virus Total report


File name: bynht.sys
Submission date: 2011-11-24 18:43:53 (UTC)
Current status: finished
Result: 2/ 43 (4.7%)

Antivirus Version Last Update Result
AhnLab-V3 2011.11.24.00 2011.11.24 -
AntiVir 7.11.18.63 2011.11.24 -
Antiy-AVL 2.0.3.7 2011.11.24 -
Avast 6.0.1289.0 2011.11.24 -
AVG 10.0.0.1190 2011.11.24 -
BitDefender 7.2 2011.11.24 -
ByteHero 1.0.0.1 2011.11.14 -
CAT-QuickHeal 12.00 2011.11.22 -
ClamAV 0.97.3.0 2011.11.24 -
Commtouch 5.3.2.6 2011.11.24 -
Comodo 10786 2011.11.24 -
DrWeb 5.0.2.03300 2011.11.24 -
Emsisoft 5.1.0.11 2011.11.24 -
eSafe 7.0.17.0 2011.11.24 Win32.TrojanHorse
eTrust-Vet 37.0.9585 2011.11.24 -
F-Prot 4.6.5.141 2011.11.24 -
F-Secure 9.0.16440.0 2011.11.24 -
Fortinet 4.3.370.0 2011.11.24 -
GData 22.286/22.527 2011.11.24 -
Ikarus T3.1.1.109.0 2011.11.24 -
Jiangmin 13.0.900 2011.11.24 -
K7AntiVirus 9.119.5534 2011.11.24 -
Kaspersky 9.0.0.837 2011.11.24 -
McAfee 5.400.0.1158 2011.11.24 -
McAfee-GW-Editi 2010.1D 2011.11.24 -
Microsoft 1.7801 2011.11.24 -
NOD32 6656 2011.11.24 -
Norman 6.07.13 2011.11.24 -
nProtect 2011-11-24.02 2011.11.24 -
Panda 10.0.3.5 2011.11.24 Trj/Hupigon.BDH
PCTools 8.0.0.5 2011.11.24 -
Prevx 3.0 2011.11.24 -
Rising 23.85.03.02 2011.11.24 -
Sophos 4.71.0 2011.11.24 -
SUPERAntiSpyware4.40.0.1006 2011.11.24 -
Symantec 20111.2.0.82 2011.11.24 -
TheHacker 6.7.0.1.347 2011.11.24 -
TrendMicro 9.500.0.1008 2011.11.24 -
TrendMicro-House9.500.0.1008 2011.11.24 -
VBA32 3.12.16.4 2011.11.24 -
VIPRE 11137 2011.11.24 -
ViRobot 2011.11.24.4791 2011.11.24 -
VirusBuster 14.1.83.1 2011.11.24 -


aswMBR

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-24 21:20:08
-----------------------------
21:20:08.765 OS Version: Windows 5.1.2600 Service Pack 3
21:20:08.765 Number of processors: 2 586 0x170A
21:20:08.765 ComputerName: ADMIN-78A2E3BA3 UserName: Admin
21:20:09.859 Initialze error C000010E - driver not loaded
21:20:16.015 AVAST engine defs: 11112400
21:20:23.828 Service scanning
21:20:24.031 Service GMSIPCI F:\INSTALL\GMSIPCI.SYS **LOCKED** 21
21:20:24.593 Modules scanning
21:20:24.593 Disk 0 trace - called modules:
21:20:24.593
21:20:25.078 AVAST engine scan C:\WINDOWS
21:20:42.921 AVAST engine scan C:\WINDOWS\system32
21:21:30.765 AVAST engine scan C:\WINDOWS\system32\drivers
21:21:35.703 AVAST engine scan C:\Documents and Settings\Admin
21:32:47.562 AVAST engine scan C:\Documents and Settings\All Users
21:33:07.937 Scan finished successfully
21:33:48.281 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"

Edited by GaryGG, 24 November 2011 - 11:59 PM.

  • 0

#14
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Those are false positives due to Avira finding files in Avast!'s temporary folder when running aswMBR.

If I didn’t, I should have advised you to disable your AV before running aswMBR.

Your computer appears to be clean. Are you experiencing any problems now?

Satchfan
  • 0

#15
GaryGG

GaryGG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Thank You Very Much for Your Help!

Everything seems to be now as wanted. I have not had any problems or "virus announcements by my virus scanner".
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP