Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't connect to WindowsUpdate, Possible Nullo Trojan [Solved]

Started by dangger , Dec 10 2011 11:52 AM

  • This topic is locked This topic is locked

#1
dangger
Posted 10 December 2011 - 11:52 AM

dangger

    Member

  • Member
  • PipPip
  • 38 posts
Hello. Tried to clean computer with MalwareBytes, AVG Antivirus,
ComboFix, and SmitfraudFix. Attempted to clean with SuperAntiSpyware
but it was always freeze. SuperAntiSpyware was the only program that
would find Nullo Trojan in its list.

Windows XP Home, SP3

Thank You for your help.




OTL logfile created on: 12/10/2011 12:32:19 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and
Settings\Paul\Desktop\Malware Tools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type =
NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date
Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory |
75.57% Memory free
3.85 Gb Paging File | 3.53 Gb Available in Paging File | 91.61% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% =
C:\Program Files
Drive C: | 146.47 Gb Total Space | 124.26 Gb Free Space | 84.84% Space
Free | Partition Type: NTFS

Computer Name: PAUL_LAPTOP | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company
Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/10 12:26:58 | 000,584,192 | ---- | M] (OldTimer Tools)
-- C:\Documents and Settings\Paul\Desktop\Malware Tools\OTL.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft
Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick
Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe


========== Modules (No Company Name) ==========

MOD - [2007/12/11 14:21:52 | 000,753,664 | ---- | M] () --
C:\WINDOWS\system32\bcm1xsup.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (getPlus® Helper) getPlus®
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick
Systems) [Auto | Running] -- C:\Program Files\Dell Network
Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint
Corporation) [Disabled | Stopped] -- C:\Program
Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager
Service)


========== Driver Services (SafeList) ==========

DRV - [2007/12/11 14:22:24 | 001,123,328 | ---- | M] (Broadcom Corp.)
[Kernel | On_Demand | Running] --
C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/12/02 19:26:22 | 000,989,952 | ---- | M] (Conexant
Systems, Inc.) [Kernel | On_Demand | Running] --
C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 19:26:20 | 000,731,136 | ---- | M] (Conexant
Systems, Inc.) [Kernel | On_Demand | Running] --
C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 19:26:20 | 000,211,200 | ---- | M] (Conexant
Systems, Inc.) [Kernel | On_Demand | Running] --
C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/06/06 16:28:16 | 001,222,840 | ---- | M] (SigmaTel, Inc.)
[Kernel | On_Demand | Running] --
C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/05/08 22:49:02 | 000,045,568 | ---- | M] (Broadcom
Corporation) [Kernel | On_Demand | Running] --
C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/08 22:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel |
Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys --
(rismxdp)
DRV - [2007/05/08 22:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel |
Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys --
(rimsptsk)
DRV - [2007/05/08 22:46:06 | 000,032,256 | ---- | M] (REDC) [Kernel |
Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys --
(rimmptsk)
DRV - [2006/12/18 20:01:20 | 000,012,672 | ---- | M] (SingleClick
Systems) [Kernel | Auto | Running] --
C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/11/02 13:31:38 | 000,103,168 | ---- | M] (Knowles
Acoustics) [Kernel | On_Demand | Running] --
C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL
= partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080215
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080215

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:
"ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:
"ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl:
"http://aim.search.ao...rud=07-07-2010"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage:
"http://www.aol.com/?...usaimc00000001"
FF - prefs.js..keyword.URL:
"http://search.avg.co...s&lng=en-US&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:
C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0:
c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll (
Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program
Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]:
C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox
3.6.8\extensions\\Components: C:\Program Files\Mozilla
Firefox\components [2010/12/12 16:50:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox
3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2011/12/02 18:58:46 | 000,000,000 | ---D | M]

[2010/04/16 04:59:19 | 000,000,000 | ---D | M] (No name found) --
C:\Documents and Settings\Paul\Application Data\Mozilla\Extensions
[2011/12/04 21:26:21 | 000,000,000 | ---D | M] (No name found) --
C:\Documents and Settings\Paul\Application
Data\Mozilla\Firefox\Profiles\rkkq2uri.default\extensions
[2010/07/07 16:33:03 | 000,001,490 | ---- | M] () -- C:\Documents and
Settings\Paul\Application
Data\Mozilla\Firefox\Profiles\rkkq2uri.default\searchplugins\AOL
Search.xml
[2010/04/16 04:59:01 | 000,000,000 | ---D | M] (No name found) --
C:\Program Files\Mozilla Firefox\extensions
[2010/07/07 16:33:03 | 000,001,490 | ---- | M] () -- C:\Program
Files\mozilla firefox\searchplugins\AOL Search.xml

O1 HOSTS File: ([2011/12/06 17:00:52 | 000,000,027 | ---- | M]) -
C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No
CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) -
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) -
{A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA
Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate]
C:\WINDOWS\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe
Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Software\Microsoft\Windows\CurrentVersion\Group
Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System:
DisableTaskMgr = 1
O9 - Extra 'Tools' menuitem : Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB}
http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch
Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab
(Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.ma...r/ultrashim.cab
(Reg Error: Key error.)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03}
http://www.worldwinn...eweledtwist.cab
(BejeweledTwist Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F}
http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab
(Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab
(Java Plug-in 1.5.0_06)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A}
http://www.worldwinn.../familyfeud.cab
(FamilyFeud Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key
error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4CE02C3-ABDD-4611-9C0A-C28702C59C51}:
DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe
(Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe)
-C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:2 () -
http://por-chr.cimco...0.png?rev=32172
O24 - Desktop Components:3 () -
http://www.burlingto...es/index_09.jpg
O24 - Desktop Components:4 () -
http://por-chr.cimco...0.png?rev=34749
O24 - Desktop Components:5 () - http://www.google.co...11/mlk11-hp.jpg
O24 - Desktop Components:6 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Paul\Local
Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/26 22:24:15 | 000,000,050 | ---- | M] ()
- C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/03/18 16:54:23 | 000,002,392 | ---- | M] ()
- C:\autorun.PNF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days
==========

[2011/12/10 12:26:39 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Paul\Desktop\Malware Tools
[2011/12/05 21:43:12 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/12/05 21:33:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/03 10:50:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/03 00:33:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/02 23:56:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/02 23:54:08 | 000,518,144 | ---- | C] (SteelWerX) --
C:\WINDOWS\SWREG.exe
[2011/12/02 23:54:08 | 000,406,528 | ---- | C] (SteelWerX) --
C:\WINDOWS\SWSC.exe
[2011/12/02 23:54:08 | 000,212,480 | ---- | C] (SteelWerX) --
C:\WINDOWS\SWXCACLS.exe
[2011/12/02 23:54:08 | 000,060,416 | ---- | C] (NirSoft) --
C:\WINDOWS\NIRCMD.exe
[2011/12/02 23:53:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/02 23:52:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/02 23:52:13 | 000,000,000 | R--D | C] -- C:\Documents and
Settings\Paul\Start Menu\Programs\Administrative Tools
[2011/12/02 22:58:16 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\All Users\Application Data\MFAData
[2011/12/02 18:56:37 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Paul\Local Settings\Application Data\SupportSoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/10 12:26:39 | 000,027,240 | ---- | M] () --
C:\WINDOWS\System32\nvModes.001
[2011/12/10 12:23:02 | 000,458,854 | ---- | M] () --
C:\WINDOWS\System32\perfh009.dat
[2011/12/10 12:23:02 | 000,076,244 | ---- | M] () --
C:\WINDOWS\System32\perfc009.dat
[2011/12/10 12:19:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/10 12:18:54 | 2145,427,456 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/10 12:14:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/06 17:00:55 | 000,001,286 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/12/06 17:00:52 | 000,000,027 | ---- | M] () --
C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/04 23:34:06 | 000,000,100 | ---- | M] () -- C:\Documents and
Settings\Paul\Desktop\Microsoft Fix it.url
[2011/12/02 23:56:13 | 000,000,327 | -H-- | M] () -- C:\boot.ini
[2011/12/02 18:20:06 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/07 18:33:32 | 2145,427,456 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/04 23:34:06 | 000,000,100 | ---- | C] () -- C:\Documents and
Settings\Paul\Desktop\Microsoft Fix it.url
[2011/12/04 21:28:19 | 000,001,286 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2011/12/02 23:56:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/12/02 23:56:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/02 23:54:08 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/02 23:54:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/02 23:54:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/02 23:54:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/02 23:54:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/20 17:50:59 | 000,000,664 | ---- | C] () --
C:\WINDOWS\System32\d3d9caps.dat
[2010/07/11 11:24:54 | 000,000,954 | ---- | C] () -- C:\Documents and
Settings\Paul\Application Data\wklnhst.dat
[2010/05/24 15:58:45 | 000,001,147 | ---- | C] () -- C:\WINDOWS\Jpuyuwuse.dat
[2010/05/24 15:58:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Cbofima.bin
[2010/05/24 15:56:58 | 000,000,020 | ---- | C] () -- C:\Documents and
Settings\NetworkService\Application Data\khiteb.dat
[2010/04/16 04:59:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/15 17:51:28 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/21 00:26:32 | 000,010,407 | ---- | C] () -- C:\WINDOWS\lyxo.com
[2009/08/12 19:23:10 | 000,010,668 | ---- | C] () -- C:\Documents and
Settings\Paul\Application Data\nogeda.dl
[2009/07/21 13:59:20 | 000,018,667 | ---- | C] () -- C:\Program
Files\Common Files\epijatir.bin
[2009/07/21 13:59:20 | 000,018,538 | ---- | C] () -- C:\Program
Files\Common Files\asajudig.reg
[2009/07/21 13:59:20 | 000,017,647 | ---- | C] () -- C:\Program
Files\Common Files\dijim.bat
[2009/07/21 13:59:20 | 000,017,569 | ---- | C] () -- C:\Documents and
Settings\Paul\Local Settings\Application Data\apesosiluq._sy
[2009/07/21 13:59:20 | 000,016,763 | ---- | C] () -- C:\Documents and
Settings\Paul\Local Settings\Application Data\adynu._dl
[2009/07/21 13:59:20 | 000,015,947 | ---- | C] () --
C:\WINDOWS\System32\ytum.exe
[2009/07/21 13:59:20 | 000,015,871 | ---- | C] () -- C:\Documents and
Settings\All Users\Application Data\ikodo.inf
[2009/07/21 13:59:20 | 000,015,196 | ---- | C] () -- C:\Documents and
Settings\All Users\Application Data\humizu._sy
[2009/07/21 13:59:20 | 000,014,990 | ---- | C] () -- C:\Documents and
Settings\All Users\Application Data\rogyz.dat
[2009/07/21 13:59:20 | 000,014,367 | ---- | C] () -- C:\Documents and
Settings\Paul\Local Settings\Application Data\ihowavo.pif
[2009/07/21 13:59:20 | 000,013,993 | ---- | C] () -- C:\WINDOWS\iwamivusin.com
[2009/07/21 13:59:20 | 000,013,608 | ---- | C] () -- C:\Program
Files\Common Files\ripivav.bat
[2009/07/21 13:59:20 | 000,013,138 | ---- | C] () -- C:\Documents and
Settings\Paul\Local Settings\Application Data\nowapi.pif
[2009/07/21 13:59:20 | 000,012,528 | ---- | C] () -- C:\Documents and
Settings\Paul\Local Settings\Application Data\gihadyne.exe
[2009/07/21 13:59:20 | 000,011,701 | ---- | C] () -- C:\Documents and
Settings\Paul\Application Data\ugevejube.db
[2009/07/21 13:59:20 | 000,010,556 | ---- | C] () -- C:\Documents and
Settings\Paul\Application Data\yhyran.ban
[2009/01/09 23:55:04 | 000,000,027 | ---- | C] () -- C:\WINDOWS\sssTbarV2.ini
[2009/01/09 23:35:03 | 000,000,074 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2009/01/08 16:41:15 | 000,017,841 | ---- | C] () --
C:\WINDOWS\System32\soap664.bin
[2009/01/08 16:41:15 | 000,017,709 | ---- | C] () --
C:\WINDOWS\System32\718page.dat
[2009/01/08 16:41:15 | 000,017,285 | ---- | C] () --
C:\WINDOWS\System32\sparse0672.bin
[2009/01/08 16:41:15 | 000,017,153 | ---- | C] () --
C:\WINDOWS\System32\keys726.dat
[2009/01/08 16:41:15 | 000,015,790 | ---- | C] () --
C:\WINDOWS\System32\user681.dat
[2009/01/08 16:41:15 | 000,015,376 | ---- | C] () --
C:\WINDOWS\System32\resource581.bin
[2009/01/08 16:41:15 | 000,014,820 | ---- | C] () --
C:\WINDOWS\System32\soap589.bin
[2009/01/08 16:41:15 | 000,013,326 | ---- | C] () --
C:\WINDOWS\System32\user598.dat
[2009/01/08 16:41:15 | 000,012,769 | ---- | C] () --
C:\WINDOWS\System32\threat606y.dat
[2009/01/08 16:41:15 | 000,012,146 | ---- | C] () --
C:\WINDOWS\System32\797base.bin
[2009/01/08 16:41:15 | 000,011,590 | ---- | C] () --
C:\WINDOWS\System32\cookies805.bin
[2009/01/08 16:41:15 | 000,011,275 | ---- | C] () --
C:\WINDOWS\System32\uninstall267.dat
[2009/01/08 16:41:15 | 000,010,096 | ---- | C] () --
C:\WINDOWS\System32\data032E.bin
[2009/01/08 16:41:15 | 000,009,539 | ---- | C] () --
C:\WINDOWS\System32\keys822.dat
[2009/01/08 16:41:15 | 000,008,045 | ---- | C] () -- C:\WINDOWS\System32\33f.dat
[2009/01/08 16:41:15 | 000,007,489 | ---- | C] () --
C:\WINDOWS\System32\user839.dat
[2009/01/08 16:41:15 | 000,007,206 | ---- | C] () --
C:\WINDOWS\System32\wtl_dt430.bin
[2009/01/08 16:41:15 | 000,005,712 | ---- | C] () --
C:\WINDOWS\System32\user439.bin
[2009/01/08 16:41:15 | 000,005,580 | ---- | C] () -- C:\WINDOWS\System32\1ed.dat
[2009/01/08 16:41:15 | 000,005,024 | ---- | C] () --
C:\WINDOWS\System32\502backup.dat
[2009/01/08 16:41:15 | 000,004,401 | ---- | C] () --
C:\WINDOWS\System32\uninstall2b4.bin
[2009/01/08 16:41:15 | 000,003,845 | ---- | C] () --
C:\WINDOWS\System32\701_data.bin
[2009/01/08 16:41:15 | 000,003,661 | ---- | C] () --
C:\WINDOWS\System32\uninstall1c8.dat
[2009/01/08 16:41:15 | 000,003,420 | ---- | C] () --
C:\WINDOWS\System32\028F.bin
[2009/01/08 16:41:15 | 000,003,288 | ---- | C] () --
C:\WINDOWS\System32\709part.bin
[2009/01/08 16:41:15 | 000,003,105 | ---- | C] () --
C:\WINDOWS\System32\images465.dat
[2009/01/08 16:41:15 | 000,002,549 | ---- | C] () --
C:\WINDOWS\System32\wtl_dt473.dat
[2009/01/08 16:41:14 | 000,013,457 | ---- | C] () --
C:\WINDOWS\System32\0121mixed.bin
[2009/01/08 16:41:14 | 000,012,901 | ---- | C] () --
C:\WINDOWS\System32\297backup.bin
[2009/01/08 16:41:14 | 000,011,407 | ---- | C] () --
C:\WINDOWS\System32\306base.dat
[2009/01/08 16:41:14 | 000,010,850 | ---- | C] () --
C:\WINDOWS\System32\wtl_dt314.dat
[2009/01/08 16:41:14 | 000,009,356 | ---- | C] () --
C:\WINDOWS\System32\323page.dat
[2009/01/08 16:41:14 | 000,008,386 | ---- | C] () --
C:\WINDOWS\System32\231part.dat
[2009/01/08 16:41:14 | 000,006,891 | ---- | C] () --
C:\WINDOWS\System32\240page.dat
[2009/01/08 16:41:14 | 000,005,287 | ---- | C] () --
C:\WINDOWS\System32\139backup.bin
[2009/01/08 16:41:14 | 000,003,793 | ---- | C] () --
C:\WINDOWS\System32\147base.bin
[2009/01/08 16:41:14 | 000,003,237 | ---- | C] () --
C:\WINDOWS\System32\data009C.bin
[2008/06/15 10:18:20 | 000,011,776 | ---- | C] () -- C:\Documents and
Settings\Paul\Local Settings\Application
Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/23 12:01:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/02/14 22:52:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/02/14 22:47:48 | 000,198,144 | ---- | C] () --
C:\WINDOWS\System32\_psisdecd.dll
[2008/02/14 22:41:06 | 000,139,264 | ---- | C] () --
C:\WINDOWS\System32\preflib.dll
[2008/02/14 22:41:05 | 000,753,664 | ---- | C] () --
C:\WINDOWS\System32\bcm1xsup.dll
[2008/02/14 22:41:05 | 000,024,064 | ---- | C] () --
C:\WINDOWS\System32\WLTRYSVC.EXE
[2008/02/14 22:23:49 | 000,027,240 | ---- | C] () --
C:\WINDOWS\System32\nvModes.dat
[2008/02/14 22:17:57 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/02/14 22:17:56 | 000,016,480 | ---- | C] () --
C:\WINDOWS\System32\rixdicon.dll
[2008/02/14 22:17:43 | 001,626,112 | ---- | C] () --
C:\WINDOWS\System32\nwiz.exe
[2008/02/14 22:17:43 | 001,019,904 | ---- | C] () --
C:\WINDOWS\System32\nvwimg.dll
[2008/02/14 22:17:42 | 001,703,936 | ---- | C] () --
C:\WINDOWS\System32\nvwdmcpl.dll
[2008/02/14 22:17:42 | 001,018,804 | ---- | C] () --
C:\WINDOWS\System32\nvucode.bin
[2008/02/14 22:17:42 | 000,466,944 | ---- | C] () --
C:\WINDOWS\System32\nvshell.dll
[2008/02/14 22:17:41 | 001,474,560 | ---- | C] () --
C:\WINDOWS\System32\nview.dll
[2008/02/14 22:17:41 | 001,339,392 | ---- | C] () --
C:\WINDOWS\System32\nvdspsch.exe
[2008/02/14 22:17:38 | 000,442,368 | ---- | C] () --
C:\WINDOWS\System32\nvappbar.exe
[2008/02/14 22:17:38 | 000,425,984 | ---- | C] () --
C:\WINDOWS\System32\keystone.exe
[2008/02/14 22:16:12 | 000,001,118 | ---- | C] () --
C:\WINDOWS\System32\OEMINFO.INI
[2007/08/26 21:45:44 | 000,438,272 | ---- | C] () --
C:\WINDOWS\System32\OpenQuicktimeLib_dec.dll
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () --
C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () --
C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,333,072 | ---- | C] () --
C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () --
C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,458,854 | ---- | C] () --
C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () --
C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,076,244 | ---- | C] () --
C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () --
C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () --
C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () --
C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () --
C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () --
C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () --
C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () --
C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2008/10/04 20:03:53 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\Acoustica
[2011/12/02 18:49:04 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\avg9
[2011/07/05 16:11:49 | 000,000,000 | -H-D | M] -- C:\Documents and
Settings\All Users\Application Data\Common Files
[2011/12/05 21:34:15 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\MFAData
[2008/02/14 22:46:04 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\SingleClick Systems
[2008/06/08 14:57:07 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\Viewpoint
[2008/10/04 20:11:19 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Paul\Application Data\Acoustica
[2008/10/11 11:16:57 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Paul\Application Data\Audacity
[2010/07/11 11:25:10 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Paul\Application Data\Template

========== Purity Check ==========



< End of report >






OTL Extras logfile created on: 12/10/2011 12:32:19 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and
Settings\Paul\Desktop\Malware Tools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type =
NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date
Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory |
75.57% Memory free
3.85 Gb Paging File | 3.53 Gb Available in Paging File | 91.61% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% =
C:\Program Files
Drive C: | 146.47 Gb Total Space | 124.26 Gb Free Space | 84.84% Space
Free | Partition Type: NTFS

Computer Name: PAUL_LAPTOP | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company
Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla
Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe
%SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L
(Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC
"8085:TCP" = 8085:TCP:*:Enabled:LitvinenKO

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program
Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema
Resident Program -- (CyberLink Corp.)
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program
Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network
Assistant -- (SingleClick Systems)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program
Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008
ATL Update kb973924 - x86 9.0.30729.4148
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008
Redistributable - x86 9.0.30729.4148
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4
Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005
ATL Update kb973923 - x86 8.0.50727.4053
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005
Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update
for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI
(English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}"
= Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI
(English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}"
= Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint
MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}"
= Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher
MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}"
= Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook
MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}"
= Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI
(English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}"
= Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}"
= Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}"
= Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}"
= Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the
2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing
(English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}"
= Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}"
= Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath
MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}"
= Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI
(English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}"
= Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote
MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}"
= Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI
(English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}"
= Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove
Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}"
= Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared
Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}"
= Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access
Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}"
= Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint
Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008
Redistributable - x86 9.0.30729.17
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}" = IntelliSonic Speech Enhancement
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"3ivx MPEG-4 5.0.1 Decoder" = 3ivx MPEG-4 5.0.1 Decoder (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA
D330 MDC V.92 Modem
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework
4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Dell Touchpad
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/2/2011 7:16:29 PM | Computer Name = PAUL_LAPTOP | Source =
EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during
its internal
processing. HRESULT was 8007041D from line 44 of
d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 12/2/2011 7:16:59 PM | Computer Name = PAUL_LAPTOP | Source =
EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during
its internal
processing. HRESULT was 8007041D from line 44 of
d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 12/2/2011 7:17:29 PM | Computer Name = PAUL_LAPTOP | Source =
EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during
its internal
processing. HRESULT was 8007041D from line 44 of
d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 12/2/2011 8:03:36 PM | Computer Name = PAUL_LAPTOP | Source =
MsiInstaller | ID = 11706
Description = Product: Microsoft Works -- Error 1706.No valid source
could be found
for product Microsoft Works. The Windows installer cannot continue.

Error - 12/5/2011 12:39:47 AM | Computer Name = PAUL_LAPTOP | Source =
MsiInstaller | ID = 11921
Description = Product: Microsoft Fix it 50202 -- Error 1921. Service 'Automatic
Updates' (WUAUSERV) could not be stopped. Verify that you have
sufficient privileges
to stop system services.

Error - 12/5/2011 12:59:54 AM | Computer Name = PAUL_LAPTOP | Source =
MsiInstaller | ID = 11920
Description = Product: Microsoft Fix it 50202 -- Error 1920. Service 'Automatic
Updates' (WUAUSERV) failed to start. Verify that you have sufficient privileges
to start system services.

Error - 12/5/2011 10:39:24 PM | Computer Name = PAUL_LAPTOP | Source =
Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module shlwapi.dll, version 6.0.2900.5912, fault address 0x0002c4d8.

Error - 12/7/2011 1:04:19 PM | Computer Name = PAUL_LAPTOP | Source =
Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module shlwapi.dll, version 6.0.2900.5912, fault address 0x0002c4d8.

Error - 12/7/2011 1:06:26 PM | Computer Name = PAUL_LAPTOP | Source =
Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module shlwapi.dll, version 6.0.2900.5912, fault address 0x0002c4d8.

Error - 12/7/2011 1:10:45 PM | Computer Name = PAUL_LAPTOP | Source =
Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module shlwapi.dll, version 6.0.2900.5912, fault address 0x0002c4d8.

[ System Events ]
Error - 12/7/2011 7:28:15 PM | Computer Name = PAUL_LAPTOP | Source =
DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/7/2011 7:28:33 PM | Computer Name = PAUL_LAPTOP | Source =
Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 12/7/2011 7:28:33 PM | Computer Name = PAUL_LAPTOP | Source =
Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol
Driver service
which failed to start because of the following error: %%31

Error - 12/7/2011 7:28:33 PM | Computer Name = PAUL_LAPTOP | Source =
Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 12/7/2011 7:28:33 PM | Computer Name = PAUL_LAPTOP | Source =
Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver
service which
failed to start because of the following error: %%31

Error - 12/7/2011 7:28:33 PM | Computer Name = PAUL_LAPTOP | Source =
Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss
SASDIFSV SASKUTIL Tcpip

Error - 12/7/2011 7:32:42 PM | Computer Name = PAUL_LAPTOP | Source =
DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 12/7/2011 7:32:52 PM | Computer Name = PAUL_LAPTOP | Source =
DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/10/2011 1:14:26 PM | Computer Name = PAUL_LAPTOP | Source =
W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS
lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try
the DNS lookup
again in 15 minutes. The error was: A socket operation was
attempted to an unreachable
host. (0x80072751)

Error - 12/10/2011 1:14:26 PM | Computer Name = PAUL_LAPTOP | Source =
W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently
accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no
source of accurate
time.


< End of report >
  • 0

Advertisements

#2
Render
Posted 13 December 2011 - 11:16 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Step 1

Please go here and download Internet Explorer 8. Double-click on downloaded file to install it and then follow setup instructions.

Step 2

Please post Combofix log. You can find it here: C:\combofix.txt.
  • 0

#3
dangger
Posted 18 December 2011 - 09:23 PM

dangger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Thank you for your response.
Sorry for the delay in reply. I've subscribed to this thread, but did not get notified.
I don't have the restore CD, but do have a separate Win XP Pro install disc.

Installed Windows Explorer 8, but still cannot do a Windows Update.

Actually can't even access this forum thread on infected computer, but can read other posts. Had to email the combofix.txt to another computer in order to reply to this thread.

ComboFix.txt copied below






ComboFix 11-12-02.02 - Paul 12/03/2011 0:21.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1609 [GMT -5:00]
Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-03 to 2011-12-03 )))))))))))))))))))))))))))))))
.
.
2011-12-03 05:03 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2011-12-03 05:03 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2011-12-03 04:27 . 2011-12-03 04:27 -------- d-----w- C:\$AVG
2011-12-03 04:05 . 2011-12-03 04:05 -------- d-----w- c:\documents and settings\Paul\Application Data\AVG2012
2011-12-03 04:02 . 2011-12-03 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-12-03 04:02 . 2011-12-03 04:08 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-03 03:58 . 2011-12-03 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-12-02 23:56 . 2011-12-02 23:56 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\SupportSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 11:23 . 2011-10-07 11:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 11:21 . 2011-10-04 11:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-13 11:30 . 2011-09-13 11:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-07-21 18:59 . 2009-07-21 18:59 18667 ----a-w- c:\program files\Common Files\epijatir.bin
2009-07-21 18:59 . 2009-07-21 18:59 18538 ----a-w- c:\program files\Common Files\asajudig.reg
2009-07-21 18:59 . 2009-07-21 18:59 17647 ----a-w- c:\program files\Common Files\dijim.bat
2009-07-21 18:59 . 2009-07-21 18:59 13608 ----a-w- c:\program files\Common Files\ripivav.bat
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-03_05.07.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-10 18:51 . 2011-12-03 05:22 55726 c:\windows\system32\perfc009.dat
- 2004-08-10 18:51 . 2011-12-03 03:41 55726 c:\windows\system32\perfc009.dat
+ 2004-08-10 18:51 . 2011-12-03 05:22 387936 c:\windows\system32\perfh009.dat
- 2004-08-10 18:51 . 2011-12-03 03:41 387936 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@="{E4000AC4-5E5F-4956-807A-C5854405D64F}"
[HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]
2008-06-15 15:36 73728 ----a-w- c:\windows\system32\VirtualExpander\VEShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...90&ver=9.0.901" [?]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Paul^Start Menu^Programs^Startup^VirtualExpander.lnk]
path=c:\documents and settings\Paul\Start Menu\Programs\Startup\VirtualExpander.lnk
backup=c:\windows\pss\VirtualExpander.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 09:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-24 13:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KADxMain]
2006-11-02 20:05 282624 ----a-w- c:\windows\system32\KADxMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-06-06 21:34 8429568 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2007-06-06 21:34 67584 ----a-w- c:\windows\system32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ojahizeba]
2008-04-14 00:12 182272 ----a-w- c:\windows\oyuveruqapiweson.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-11-01 21:39 189736 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-06-06 21:28 405504 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 19:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-06-03 20:20 851968 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"gusvc"=3 (0x3)
"DellAMBrokerService"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"8085:TCP"= 8085:TCP:LitvinenKO
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
S0 isbdddlt;isbdddlt;c:\windows\system32\drivers\yddkpesv.sys --> c:\windows\system32\drivers\yddkpesv.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/8/2008 2:57 PM 24652]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\rkkq2uri.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=07-07-2010&tb_mrud=07-07-2010
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc754ad&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-03 00:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: FUJITSU_MHY2160BH rev.0085000B -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A8F1555]<<
c:\docume~1\Paul\LOCALS~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a8f77b0]; MOV EAX, [0x8a8f782c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A908AB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E13B9] -> [0x8A9BFA58]
\Driver\atapi[0x8A9C24E8] -> IRP_MJ_CREATE -> 0x8A8F1555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskFUJITSU_MHY2160BH_______________________0085000B#5&12a65145&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A8F139B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion*Vdogivolupufaxaw]
"Mtacife"=hex:42,01,44,03,42,05,35,07,3c,09,4f,0b,3f,0d,3e,0f,23,11,21,13,25,
15,55,17,2c,19,2c,1b,5f,1d,2e,1f,18,21,16,23,65,25,67,27,6b,29,1e,2b,1f,2d,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1092)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(2104)
c:\program files\Microsoft Office\Office12\GrooveShellExtensions.dll
c:\windows\system32\VirtualExpander\VEShellExt.dll
.
Completion time: 2011-12-03 00:33:51
ComboFix-quarantined-files.txt 2011-12-03 05:33
ComboFix2.txt 2011-12-03 05:12
.
Pre-Run: 133,631,361,024 bytes free
Post-Run: 133,612,478,464 bytes free
.
- - End Of File - - 658EB1CFB4F83A3DA07C07481239E036
  • 0

#4
Render
Posted 19 December 2011 - 01:33 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
On your workable computer please install this:

  • Please download Panda USB Vaccine here (you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
  • Install and run it.
  • Plug in USB drive and click on Vaccinate USB and Vaccinate computer.

Please download this tool below on your workable computer, use USB flash drive to transfer files between infected and workable computers and run it on infected computer:

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK button.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".
Please copy and paste its contents on your next reply.
  • 0

#5
dangger
Posted 19 December 2011 - 05:13 PM

dangger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Ran TDSSKiller
Restarted.
Can now access this thread with infected computer

Attached are the logs.

18:05:25.0140 2340 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
18:05:25.0437 2340 ============================================================
18:05:25.0437 2340 Current date / time: 2011/12/19 18:05:25.0437
18:05:25.0437 2340 SystemInfo:
18:05:25.0437 2340
18:05:25.0437 2340 OS Version: 5.1.2600 ServicePack: 3.0
18:05:25.0437 2340 Product type: Workstation
18:05:25.0437 2340 ComputerName: PAUL_LAPTOP
18:05:25.0437 2340 UserName: Paul
18:05:25.0437 2340 Windows directory: C:\WINDOWS
18:05:25.0437 2340 System windows directory: C:\WINDOWS
18:05:25.0437 2340 Processor architecture: Intel x86
18:05:25.0437 2340 Number of processors: 2
18:05:25.0437 2340 Page size: 0x1000
18:05:25.0437 2340 Boot type: Normal boot
18:05:25.0437 2340 ============================================================
18:05:27.0453 2340 Initialize success
18:05:41.0437 2748 ============================================================
18:05:41.0437 2748 Scan started
18:05:41.0437 2748 Mode: Manual; SigCheck; TDLFS;
18:05:41.0437 2748 ============================================================
18:05:42.0265 2748 Abiosdsk - ok
18:05:42.0343 2748 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:05:44.0312 2748 abp480n5 - ok
18:05:44.0546 2748 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:05:44.0750 2748 ACPI - ok
18:05:44.0859 2748 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:05:44.0984 2748 ACPIEC - ok
18:05:45.0062 2748 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:05:45.0171 2748 adpu160m - ok
18:05:45.0265 2748 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:05:45.0406 2748 aec - ok
18:05:45.0531 2748 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
18:05:45.0593 2748 AFD - ok
18:05:45.0625 2748 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:05:45.0781 2748 agp440 - ok
18:05:45.0843 2748 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:05:46.0031 2748 agpCPQ - ok
18:05:46.0125 2748 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:05:46.0156 2748 Aha154x - ok
18:05:46.0234 2748 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:05:46.0343 2748 aic78u2 - ok
18:05:46.0421 2748 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:05:46.0531 2748 aic78xx - ok
18:05:46.0546 2748 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:05:46.0656 2748 AliIde - ok
18:05:46.0687 2748 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:05:46.0812 2748 alim1541 - ok
18:05:46.0875 2748 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:05:47.0000 2748 amdagp - ok
18:05:47.0078 2748 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:05:47.0140 2748 amsint - ok
18:05:47.0250 2748 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:05:47.0343 2748 Arp1394 - ok
18:05:47.0406 2748 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:05:47.0515 2748 asc - ok
18:05:47.0531 2748 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:05:47.0593 2748 asc3350p - ok
18:05:47.0609 2748 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:05:47.0734 2748 asc3550 - ok
18:05:47.0765 2748 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:05:47.0890 2748 AsyncMac - ok
18:05:47.0937 2748 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:05:48.0046 2748 atapi - ok
18:05:48.0062 2748 Atdisk - ok
18:05:48.0125 2748 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:05:48.0250 2748 Atmarpc - ok
18:05:48.0328 2748 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:05:48.0437 2748 audstub - ok
18:05:48.0546 2748 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
18:05:48.0765 2748 BCM43XX - ok
18:05:48.0812 2748 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
18:05:48.0859 2748 bcm4sbxp - ok
18:05:48.0968 2748 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:05:49.0156 2748 Beep - ok
18:05:49.0375 2748 catchme - ok
18:05:49.0468 2748 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:05:49.0578 2748 cbidf - ok
18:05:49.0640 2748 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:05:49.0750 2748 cbidf2k - ok
18:05:49.0781 2748 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:05:49.0828 2748 cd20xrnt - ok
18:05:49.0906 2748 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:05:50.0015 2748 Cdaudio - ok
18:05:50.0062 2748 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:05:50.0171 2748 Cdfs - ok
18:05:50.0203 2748 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:05:50.0312 2748 Cdrom - ok
18:05:50.0328 2748 Changer - ok
18:05:50.0343 2748 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:05:50.0453 2748 CmBatt - ok
18:05:50.0625 2748 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:05:50.0765 2748 CmdIde - ok
18:05:50.0875 2748 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:05:51.0000 2748 Compbatt - ok
18:05:51.0031 2748 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:05:51.0140 2748 Cpqarray - ok
18:05:51.0234 2748 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:05:51.0343 2748 dac2w2k - ok
18:05:51.0390 2748 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:05:51.0500 2748 dac960nt - ok
18:05:51.0609 2748 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:05:51.0734 2748 Disk - ok
18:05:51.0828 2748 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:05:52.0000 2748 dmboot - ok
18:05:52.0078 2748 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:05:52.0203 2748 dmio - ok
18:05:52.0296 2748 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:05:52.0406 2748 dmload - ok
18:05:52.0515 2748 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:05:52.0625 2748 DMusic - ok
18:05:52.0687 2748 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:05:52.0796 2748 dpti2o - ok
18:05:52.0859 2748 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:05:52.0968 2748 drmkaud - ok
18:05:53.0031 2748 DXEC02 (0c8762b91b967a91373e0e022b62acfc) C:\WINDOWS\system32\drivers\dxec02.sys
18:05:53.0046 2748 DXEC02 ( UnsignedFile.Multi.Generic ) - warning
18:05:53.0046 2748 DXEC02 - detected UnsignedFile.Multi.Generic (1)
18:05:53.0109 2748 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:05:53.0234 2748 E100B - ok
18:05:53.0296 2748 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:05:53.0421 2748 Fastfat - ok
18:05:53.0500 2748 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:05:53.0625 2748 Fdc - ok
18:05:53.0718 2748 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:05:53.0828 2748 Fips - ok
18:05:53.0875 2748 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:05:54.0000 2748 Flpydisk - ok
18:05:54.0062 2748 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:05:54.0156 2748 FltMgr - ok
18:05:54.0203 2748 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:05:54.0312 2748 Fs_Rec - ok
18:05:54.0343 2748 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:05:54.0453 2748 Ftdisk - ok
18:05:54.0546 2748 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:05:54.0671 2748 Gpc - ok
18:05:54.0796 2748 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:05:54.0906 2748 HDAudBus - ok
18:05:54.0953 2748 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:05:55.0078 2748 HidUsb - ok
18:05:55.0156 2748 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:05:55.0265 2748 hpn - ok
18:05:55.0328 2748 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
18:05:55.0359 2748 HSFHWAZL - ok
18:05:55.0421 2748 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
18:05:55.0500 2748 HSF_DPV - ok
18:05:55.0640 2748 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:05:55.0687 2748 HTTP - ok
18:05:55.0796 2748 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:05:55.0906 2748 i2omgmt - ok
18:05:55.0953 2748 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:05:56.0078 2748 i2omp - ok
18:05:56.0093 2748 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:05:56.0203 2748 i8042prt - ok
18:05:56.0312 2748 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\drivers\iaStor.sys
18:06:06.0046 2748 iaStor - ok
18:06:06.0203 2748 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:06:06.0390 2748 Imapi - ok
18:06:06.0515 2748 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:06:06.0625 2748 ini910u - ok
18:06:06.0687 2748 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:06:06.0796 2748 IntelIde - ok
18:06:06.0859 2748 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:06:06.0953 2748 intelppm - ok
18:06:07.0078 2748 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:06:07.0234 2748 Ip6Fw - ok
18:06:07.0281 2748 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:06:07.0421 2748 IpFilterDriver - ok
18:06:07.0500 2748 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:06:07.0656 2748 IpInIp - ok
18:06:07.0750 2748 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:06:07.0890 2748 IpNat - ok
18:06:07.0984 2748 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:06:08.0125 2748 IPSec - ok
18:06:08.0156 2748 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:06:08.0234 2748 IRENUM - ok
18:06:08.0312 2748 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:06:08.0453 2748 isapnp - ok
18:06:08.0515 2748 isbdddlt - ok
18:06:08.0546 2748 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:06:08.0656 2748 Kbdclass - ok
18:06:08.0734 2748 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:06:08.0843 2748 kmixer - ok
18:06:08.0921 2748 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:06:08.0984 2748 KSecDD - ok
18:06:09.0046 2748 lbrtfdc - ok
18:06:09.0062 2748 MBAMSwissArmy - ok
18:06:09.0109 2748 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:06:09.0140 2748 mdmxsdk - ok
18:06:09.0218 2748 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:06:09.0359 2748 mnmdd - ok
18:06:09.0437 2748 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:06:09.0609 2748 Modem - ok
18:06:09.0671 2748 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:06:09.0781 2748 Mouclass - ok
18:06:09.0906 2748 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:06:10.0031 2748 mouhid - ok
18:06:10.0093 2748 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:06:10.0218 2748 MountMgr - ok
18:06:10.0234 2748 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:06:10.0343 2748 mraid35x - ok
18:06:10.0359 2748 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:06:10.0484 2748 MRxDAV - ok
18:06:10.0562 2748 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:06:10.0593 2748 MRxSmb - ok
18:06:10.0640 2748 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:06:10.0765 2748 Msfs - ok
18:06:10.0875 2748 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:06:11.0000 2748 MSKSSRV - ok
18:06:11.0031 2748 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:06:11.0171 2748 MSPCLOCK - ok
18:06:11.0250 2748 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:06:11.0390 2748 MSPQM - ok
18:06:11.0437 2748 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:06:11.0531 2748 mssmbios - ok
18:06:11.0578 2748 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
18:06:11.0671 2748 Mup - ok
18:06:11.0703 2748 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:06:11.0812 2748 NDIS - ok
18:06:11.0890 2748 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:06:11.0984 2748 NdisTapi - ok
18:06:12.0078 2748 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:06:12.0171 2748 Ndisuio - ok
18:06:12.0234 2748 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:06:12.0343 2748 NdisWan - ok
18:06:12.0406 2748 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:06:12.0484 2748 NDProxy - ok
18:06:12.0578 2748 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:06:12.0718 2748 NetBIOS - ok
18:06:12.0812 2748 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:06:12.0968 2748 NetBT - ok
18:06:13.0062 2748 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:06:13.0250 2748 NIC1394 - ok
18:06:13.0265 2748 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:06:13.0375 2748 Npfs - ok
18:06:13.0437 2748 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:06:13.0593 2748 Ntfs - ok
18:06:13.0640 2748 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:06:13.0750 2748 Null - ok
18:06:14.0093 2748 nv (e531eaa795a273fc70c9de3f195069c8) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:06:14.0671 2748 nv - ok
18:06:14.0765 2748 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:06:14.0984 2748 NwlnkFlt - ok
18:06:15.0031 2748 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:06:15.0218 2748 NwlnkFwd - ok
18:06:15.0312 2748 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:06:15.0484 2748 ohci1394 - ok
18:06:15.0578 2748 Packet (8f856dae19383bd69db444004d5d4f50) C:\WINDOWS\system32\DRIVERS\packet.sys
18:06:15.0593 2748 Packet ( UnsignedFile.Multi.Generic ) - warning
18:06:15.0593 2748 Packet - detected UnsignedFile.Multi.Generic (1)
18:06:15.0703 2748 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:06:15.0828 2748 Parport - ok
18:06:15.0859 2748 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:06:15.0984 2748 PartMgr - ok
18:06:16.0046 2748 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:06:16.0234 2748 ParVdm - ok
18:06:16.0375 2748 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:06:16.0484 2748 PCI - ok
18:06:16.0562 2748 PCIDump - ok
18:06:16.0625 2748 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:06:16.0734 2748 PCIIde - ok
18:06:16.0812 2748 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:06:16.0984 2748 Pcmcia - ok
18:06:17.0031 2748 PDCOMP - ok
18:06:17.0062 2748 PDFRAME - ok
18:06:17.0093 2748 PDRELI - ok
18:06:17.0140 2748 PDRFRAME - ok
18:06:17.0218 2748 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:06:17.0328 2748 perc2 - ok
18:06:17.0375 2748 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:06:17.0500 2748 perc2hib - ok
18:06:17.0640 2748 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:06:17.0812 2748 PptpMiniport - ok
18:06:17.0859 2748 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:06:17.0953 2748 PSched - ok
18:06:18.0000 2748 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:06:18.0109 2748 Ptilink - ok
18:06:18.0171 2748 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:06:18.0296 2748 ql1080 - ok
18:06:18.0359 2748 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:06:18.0515 2748 Ql10wnt - ok
18:06:18.0593 2748 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:06:18.0718 2748 ql12160 - ok
18:06:18.0765 2748 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:06:18.0875 2748 ql1240 - ok
18:06:18.0921 2748 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:06:19.0062 2748 ql1280 - ok
18:06:19.0109 2748 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:06:19.0234 2748 RasAcd - ok
18:06:19.0328 2748 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:06:19.0468 2748 Rasl2tp - ok
18:06:19.0531 2748 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:06:19.0656 2748 RasPppoe - ok
18:06:19.0703 2748 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:06:19.0828 2748 Raspti - ok
18:06:19.0890 2748 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:06:20.0015 2748 Rdbss - ok
18:06:20.0078 2748 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:06:20.0203 2748 RDPCDD - ok
18:06:20.0343 2748 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:06:20.0484 2748 rdpdr - ok
18:06:20.0546 2748 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
18:06:20.0687 2748 RDPWD - ok
18:06:20.0718 2748 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:06:20.0890 2748 redbook - ok
18:06:21.0015 2748 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
18:06:21.0062 2748 rimmptsk - ok
18:06:21.0109 2748 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
18:06:21.0156 2748 rimsptsk - ok
18:06:21.0203 2748 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
18:06:21.0234 2748 rismxdp - ok
18:06:21.0359 2748 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
18:06:21.0468 2748 sdbus - ok
18:06:21.0562 2748 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:06:21.0625 2748 Secdrv - ok
18:06:21.0718 2748 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:06:21.0828 2748 serenum - ok
18:06:21.0890 2748 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:06:22.0000 2748 Serial - ok
18:06:22.0125 2748 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
18:06:22.0234 2748 sffdisk - ok
18:06:22.0296 2748 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
18:06:22.0437 2748 sffp_sd - ok
18:06:22.0531 2748 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:06:22.0640 2748 Sfloppy - ok
18:06:22.0703 2748 Simbad - ok
18:06:22.0765 2748 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:06:22.0906 2748 sisagp - ok
18:06:22.0968 2748 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:06:23.0046 2748 Sparrow - ok
18:06:23.0109 2748 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:06:23.0218 2748 splitter - ok
18:06:23.0343 2748 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:06:23.0375 2748 sr - ok
18:06:23.0468 2748 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
18:06:23.0515 2748 Srv - ok
18:06:23.0671 2748 STHDA (58f855684e163466a5c565adf0865536) C:\WINDOWS\system32\drivers\sthda.sys
18:06:23.0796 2748 STHDA - ok
18:06:23.0921 2748 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:06:24.0015 2748 swenum - ok
18:06:24.0125 2748 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:06:24.0218 2748 swmidi - ok
18:06:24.0312 2748 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:06:24.0406 2748 symc810 - ok
18:06:24.0515 2748 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:06:24.0640 2748 symc8xx - ok
18:06:24.0718 2748 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:06:24.0843 2748 sym_hi - ok
18:06:24.0859 2748 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:06:24.0968 2748 sym_u3 - ok
18:06:25.0000 2748 SynTP (936cd58395d36659bb798b961ef7357f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:06:25.0046 2748 SynTP - ok
18:06:25.0109 2748 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:06:25.0203 2748 sysaudio - ok
18:06:25.0312 2748 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:06:25.0359 2748 Tcpip - ok
18:06:25.0453 2748 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:06:25.0578 2748 TDPIPE - ok
18:06:25.0656 2748 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:06:25.0750 2748 TDTCP - ok
18:06:25.0812 2748 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:06:25.0921 2748 TermDD - ok
18:06:26.0000 2748 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:06:26.0125 2748 TosIde - ok
18:06:26.0218 2748 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:06:26.0328 2748 Udfs - ok
18:06:26.0421 2748 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:06:26.0484 2748 ultra - ok
18:06:26.0578 2748 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:06:26.0687 2748 Update - ok
18:06:26.0734 2748 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:06:26.0859 2748 usbaudio - ok
18:06:26.0921 2748 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:06:27.0046 2748 usbccgp - ok
18:06:27.0156 2748 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:06:27.0265 2748 usbehci - ok
18:06:27.0312 2748 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:06:27.0406 2748 usbhub - ok
18:06:27.0500 2748 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:06:27.0609 2748 usbscan - ok
18:06:27.0640 2748 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:06:27.0765 2748 USBSTOR - ok
18:06:27.0843 2748 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:06:27.0953 2748 usbuhci - ok
18:06:28.0015 2748 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:06:28.0109 2748 VgaSave - ok
18:06:28.0203 2748 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:06:28.0296 2748 viaagp - ok
18:06:28.0359 2748 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:06:28.0484 2748 ViaIde - ok
18:06:28.0562 2748 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:06:28.0671 2748 VolSnap - ok
18:06:28.0765 2748 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:06:28.0875 2748 Wanarp - ok
18:06:28.0937 2748 WDICA - ok
18:06:28.0968 2748 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:06:29.0078 2748 wdmaud - ok
18:06:29.0203 2748 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:06:29.0250 2748 winachsf - ok
18:06:29.0328 2748 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:06:29.0421 2748 WmiAcpi - ok
18:06:29.0453 2748 MBR (0x1B8) (6740902318e30bd6e23729157057aa65) \Device\Harddisk0\DR0
18:06:29.0453 2748 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
18:06:29.0453 2748 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
18:06:29.0500 2748 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:06:29.0500 2748 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:06:29.0531 2748 Boot (0x1200) (fc6b6e007a0e72209deae1cde6298db5) \Device\Harddisk0\DR0\Partition0
18:06:29.0531 2748 \Device\Harddisk0\DR0\Partition0 - ok
18:06:29.0531 2748 ============================================================
18:06:29.0531 2748 Scan finished
18:06:29.0531 2748 ============================================================
18:06:29.0640 2740 Detected object count: 4
18:06:29.0640 2740 Actual detected object count: 4
18:07:17.0265 2740 DXEC02 ( UnsignedFile.Multi.Generic ) - skipped by user
18:07:17.0265 2740 DXEC02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:07:17.0265 2740 Packet ( UnsignedFile.Multi.Generic ) - skipped by user
18:07:17.0265 2740 Packet ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:07:17.0265 2740 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
18:07:17.0265 2740 \Device\Harddisk0\DR0 - ok
18:07:17.0265 2740 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
18:07:17.0265 2740 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:07:17.0265 2740 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
18:07:28.0125 2316 Deinitialize success
  • 0

#6
Render
Posted 19 December 2011 - 05:24 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please follow now steps below:

Step 1

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply

Step 2

Please delete your copy of OTL.exe. We will get a fresh one.

Posted Image OTL Custom Scan

  • Download OTL to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:
  • aswMBR log and attached zipped MBR.dat file
  • OTL scan log
  • Extras log

  • 0

#7
dangger
Posted 19 December 2011 - 11:11 PM

dangger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-19 23:45:41
-----------------------------
23:45:41.890 OS Version: Windows 5.1.2600 Service Pack 3
23:45:41.890 Number of processors: 2 586 0xF0D
23:45:41.890 ComputerName: PAUL_LAPTOP UserName: Paul
23:45:43.140 Initialize success
23:50:28.281 AVAST engine defs: 11121901
23:51:00.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
23:51:00.921 Disk 0 Vendor: FUJITSU_MHY2160BH 0085000B Size: 152627MB BusType: 3
23:51:02.953 Disk 0 MBR read successfully
23:51:02.953 Disk 0 MBR scan
23:51:03.000 Disk 0 Windows XP default MBR code
23:51:03.000 Disk 0 scanning sectors +312576705
23:51:03.093 Disk 0 scanning C:\WINDOWS\system32\drivers
23:51:15.421 Service scanning
23:51:16.765 Modules scanning
23:51:20.625 Disk 0 trace - called modules:
23:51:20.656 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
23:51:20.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a9b0ab8]
23:51:20.671 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a9b1940]
23:51:21.546 AVAST engine scan C:\WINDOWS
23:51:40.843 File: C:\WINDOWS\oyuveruqapiweson.dll **INFECTED** Win32:Hilot [Trj]
23:51:45.000 AVAST engine scan C:\WINDOWS\system32
23:53:55.250 AVAST engine scan C:\WINDOWS\system32\drivers
23:54:12.546 AVAST engine scan C:\Documents and Settings\Paul
23:57:53.312 AVAST engine scan C:\Documents and Settings\All Users
23:58:42.968 Scan finished successfully
00:02:54.171 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Paul\Desktop\Malware Tools\MBR.dat"
00:02:54.187 The log file has been saved successfully to "C:\Documents and Settings\Paul\Desktop\Malware Tools\aswMBR.txt"


OTL logfile created on: 12/20/2011 12:06:07 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Paul\Desktop\Malware Tools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 82.92% Memory free
3.85 Gb Paging File | 3.66 Gb Available in Paging File | 95.20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.47 Gb Total Space | 124.01 Gb Free Space | 84.67% Space Free | Partition Type: NTFS

Computer Name: PAUL_LAPTOP | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/19 23:47:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\Malware Tools\OTL.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe


========== Modules (No Company Name) ==========

MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 19:12:42 | 000,148,992 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2008/04/13 19:12:03 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:52 | 000,498,742 | ---- | M] () -- C:\WINDOWS\system32\dxmasf.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/12/11 14:21:52 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2007/08/26 21:45:44 | 000,438,272 | ---- | M] () -- C:\WINDOWS\system32\OpenQuicktimeLib_dec.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (getPlus® Helper) getPlus®
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2007/12/11 14:22:24 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/12/02 19:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 19:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 19:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/06/06 16:28:16 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/05/08 22:49:02 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/08 22:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/08 22:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/08 22:46:06 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/12/18 20:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/11/02 13:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080215
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080215


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080215
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080215
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1947599032-523287664-3925604637-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1947599032-523287664-3925604637-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1947599032-523287664-3925604637-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.ao...rud=07-07-2010"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?...usaimc00000001"
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/12 16:50:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/02 18:58:46 | 000,000,000 | ---D | M]

[2010/04/16 04:59:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Extensions
[2011/12/04 21:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rkkq2uri.default\extensions
[2010/07/07 16:33:03 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rkkq2uri.default\searchplugins\AOL Search.xml
[2010/04/16 04:59:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/07 16:33:03 | 000,001,490 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\AOL Search.xml

O1 HOSTS File: ([2011/12/06 17:00:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\S-1-5-21-1947599032-523287664-3925604637-1006\..\Toolbar\ShellBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1947599032-523287664-3925604637-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-1947599032-523287664-3925604637-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1947599032-523287664-3925604637-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1947599032-523287664-3925604637-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1947599032-523287664-3925604637-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1947599032-523287664-3925604637-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System: DisableTaskMgr = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinn...eweledtwist.cab (BejeweledTwist Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4CE02C3-ABDD-4611-9C0A-C28702C59C51}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:2 () - http://por-chr.cimco...0.png?rev=32172
O24 - Desktop Components:3 () - http://www.burlingto...es/index_09.jpg
O24 - Desktop Components:4 () - http://por-chr.cimco...0.png?rev=34749
O24 - Desktop Components:5 () - http://www.google.co...11/mlk11-hp.jpg
O24 - Desktop Components:6 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/26 22:24:15 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/03/18 16:54:23 | 000,002,392 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/18 22:16:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Paul\IECompatCache
[2011/12/18 22:14:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Paul\PrivacIE
[2011/12/18 22:14:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Paul\IETldCache
[2011/12/18 22:11:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/12/18 22:10:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/12/18 22:02:44 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/12/10 12:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\Malware Tools
[2011/12/05 21:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/12/05 21:33:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/03 10:50:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/03 00:33:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/03 00:03:14 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2011/12/03 00:03:14 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
[2011/12/02 23:56:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/02 23:54:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/02 23:54:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/02 23:54:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/02 23:54:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/02 23:53:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/02 23:52:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/02 23:52:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Paul\Start Menu\Programs\Administrative Tools
[2011/12/02 22:58:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/02 18:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\SupportSoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/19 23:41:55 | 000,458,854 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/19 23:41:55 | 000,076,244 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/19 23:37:55 | 000,027,240 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/12/19 23:37:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/19 23:37:41 | 2145,427,456 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/18 22:14:09 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/18 22:02:44 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/12/18 22:02:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/06 17:00:55 | 000,001,286 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/12/06 17:00:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/04 23:34:06 | 000,000,100 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Microsoft Fix it.url
[2011/12/02 23:56:13 | 000,000,327 | -H-- | M] () -- C:\boot.ini
[2011/12/02 18:20:06 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/19 18:03:58 | 2145,427,456 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/04 23:34:06 | 000,000,100 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Microsoft Fix it.url
[2011/12/04 21:28:19 | 000,001,286 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2011/12/02 23:56:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/12/02 23:56:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/02 23:54:08 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/02 23:54:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/02 23:54:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/02 23:54:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/02 23:54:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/20 17:50:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/11 11:24:54 | 000,000,954 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\wklnhst.dat
[2010/05/24 15:58:45 | 000,001,147 | ---- | C] () -- C:\WINDOWS\Jpuyuwuse.dat
[2010/05/24 15:58:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Cbofima.bin
[2010/05/24 15:56:58 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\khiteb.dat
[2010/04/16 04:59:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/15 17:51:28 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/21 00:26:32 | 000,010,407 | ---- | C] () -- C:\WINDOWS\lyxo.com
[2009/08/12 19:23:10 | 000,010,668 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\nogeda.dl
[2009/07/21 13:59:20 | 000,018,667 | ---- | C] () -- C:\Program Files\Common Files\epijatir.bin
[2009/07/21 13:59:20 | 000,018,538 | ---- | C] () -- C:\Program Files\Common Files\asajudig.reg
[2009/07/21 13:59:20 | 000,017,647 | ---- | C] () -- C:\Program Files\Common Files\dijim.bat
[2009/07/21 13:59:20 | 000,017,569 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\apesosiluq._sy
[2009/07/21 13:59:20 | 000,016,763 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\adynu._dl
[2009/07/21 13:59:20 | 000,015,947 | ---- | C] () -- C:\WINDOWS\System32\ytum.exe
[2009/07/21 13:59:20 | 000,015,871 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ikodo.inf
[2009/07/21 13:59:20 | 000,015,196 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\humizu._sy
[2009/07/21 13:59:20 | 000,014,990 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rogyz.dat
[2009/07/21 13:59:20 | 000,014,367 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\ihowavo.pif
[2009/07/21 13:59:20 | 000,013,993 | ---- | C] () -- C:\WINDOWS\iwamivusin.com
[2009/07/21 13:59:20 | 000,013,608 | ---- | C] () -- C:\Program Files\Common Files\ripivav.bat
[2009/07/21 13:59:20 | 000,013,138 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\nowapi.pif
[2009/07/21 13:59:20 | 000,012,528 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\gihadyne.exe
[2009/07/21 13:59:20 | 000,011,701 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\ugevejube.db
[2009/07/21 13:59:20 | 000,010,556 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\yhyran.ban
[2009/01/09 23:55:04 | 000,000,027 | ---- | C] () -- C:\WINDOWS\sssTbarV2.ini
[2009/01/09 23:35:03 | 000,000,074 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2009/01/08 16:41:15 | 000,017,841 | ---- | C] () -- C:\WINDOWS\System32\soap664.bin
[2009/01/08 16:41:15 | 000,017,709 | ---- | C] () -- C:\WINDOWS\System32\718page.dat
[2009/01/08 16:41:15 | 000,017,285 | ---- | C] () -- C:\WINDOWS\System32\sparse0672.bin
[2009/01/08 16:41:15 | 000,017,153 | ---- | C] () -- C:\WINDOWS\System32\keys726.dat
[2009/01/08 16:41:15 | 000,015,790 | ---- | C] () -- C:\WINDOWS\System32\user681.dat
[2009/01/08 16:41:15 | 000,015,376 | ---- | C] () -- C:\WINDOWS\System32\resource581.bin
[2009/01/08 16:41:15 | 000,014,820 | ---- | C] () -- C:\WINDOWS\System32\soap589.bin
[2009/01/08 16:41:15 | 000,013,326 | ---- | C] () -- C:\WINDOWS\System32\user598.dat
[2009/01/08 16:41:15 | 000,012,769 | ---- | C] () -- C:\WINDOWS\System32\threat606y.dat
[2009/01/08 16:41:15 | 000,012,146 | ---- | C] () -- C:\WINDOWS\System32\797base.bin
[2009/01/08 16:41:15 | 000,011,590 | ---- | C] () -- C:\WINDOWS\System32\cookies805.bin
[2009/01/08 16:41:15 | 000,011,275 | ---- | C] () -- C:\WINDOWS\System32\uninstall267.dat
[2009/01/08 16:41:15 | 000,010,096 | ---- | C] () -- C:\WINDOWS\System32\data032E.bin
[2009/01/08 16:41:15 | 000,009,539 | ---- | C] () -- C:\WINDOWS\System32\keys822.dat
[2009/01/08 16:41:15 | 000,008,045 | ---- | C] () -- C:\WINDOWS\System32\33f.dat
[2009/01/08 16:41:15 | 000,007,489 | ---- | C] () -- C:\WINDOWS\System32\user839.dat
[2009/01/08 16:41:15 | 000,007,206 | ---- | C] () -- C:\WINDOWS\System32\wtl_dt430.bin
[2009/01/08 16:41:15 | 000,005,712 | ---- | C] () -- C:\WINDOWS\System32\user439.bin
[2009/01/08 16:41:15 | 000,005,580 | ---- | C] () -- C:\WINDOWS\System32\1ed.dat
[2009/01/08 16:41:15 | 000,005,024 | ---- | C] () -- C:\WINDOWS\System32\502backup.dat
[2009/01/08 16:41:15 | 000,004,401 | ---- | C] () -- C:\WINDOWS\System32\uninstall2b4.bin
[2009/01/08 16:41:15 | 000,003,845 | ---- | C] () -- C:\WINDOWS\System32\701_data.bin
[2009/01/08 16:41:15 | 000,003,661 | ---- | C] () -- C:\WINDOWS\System32\uninstall1c8.dat
[2009/01/08 16:41:15 | 000,003,420 | ---- | C] () -- C:\WINDOWS\System32\028F.bin
[2009/01/08 16:41:15 | 000,003,288 | ---- | C] () -- C:\WINDOWS\System32\709part.bin
[2009/01/08 16:41:15 | 000,003,105 | ---- | C] () -- C:\WINDOWS\System32\images465.dat
[2009/01/08 16:41:15 | 000,002,549 | ---- | C] () -- C:\WINDOWS\System32\wtl_dt473.dat
[2009/01/08 16:41:14 | 000,013,457 | ---- | C] () -- C:\WINDOWS\System32\0121mixed.bin
[2009/01/08 16:41:14 | 000,012,901 | ---- | C] () -- C:\WINDOWS\System32\297backup.bin
[2009/01/08 16:41:14 | 000,011,407 | ---- | C] () -- C:\WINDOWS\System32\306base.dat
[2009/01/08 16:41:14 | 000,010,850 | ---- | C] () -- C:\WINDOWS\System32\wtl_dt314.dat
[2009/01/08 16:41:14 | 000,009,356 | ---- | C] () -- C:\WINDOWS\System32\323page.dat
[2009/01/08 16:41:14 | 000,008,386 | ---- | C] () -- C:\WINDOWS\System32\231part.dat
[2009/01/08 16:41:14 | 000,006,891 | ---- | C] () -- C:\WINDOWS\System32\240page.dat
[2009/01/08 16:41:14 | 000,005,287 | ---- | C] () -- C:\WINDOWS\System32\139backup.bin
[2009/01/08 16:41:14 | 000,003,793 | ---- | C] () -- C:\WINDOWS\System32\147base.bin
[2009/01/08 16:41:14 | 000,003,237 | ---- | C] () -- C:\WINDOWS\System32\data009C.bin
[2008/06/15 10:18:20 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/23 12:01:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/02/14 22:52:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/02/14 22:47:48 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2008/02/14 22:41:06 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/02/14 22:41:05 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/02/14 22:41:05 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2008/02/14 22:23:49 | 000,027,240 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/02/14 22:17:57 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/02/14 22:17:56 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/02/14 22:17:43 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/02/14 22:17:43 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/02/14 22:17:42 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/02/14 22:17:42 | 001,018,804 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2008/02/14 22:17:42 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/02/14 22:17:41 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/02/14 22:17:41 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/02/14 22:17:38 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/02/14 22:17:38 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/02/14 22:16:12 | 000,001,118 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/08/26 21:45:44 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib_dec.dll
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,333,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,458,854 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,076,244 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2008/10/04 20:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2011/12/02 18:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/07/05 16:11:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/12/05 21:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/02/14 22:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2008/06/08 14:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/10/04 20:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Acoustica
[2008/10/11 11:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Audacity
[2010/07/11 11:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Template

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/07/27 16:58:36 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/07/27 16:58:36 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/07/27 16:58:36 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/07/27 16:58:34 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/07/27 16:58:34 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/07/27 16:58:34 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/07/27 16:58:36 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/07/27 16:58:36 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/07/27 16:58:36 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/07/27 16:58:34 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/07/27 16:58:34 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/07/27 16:58:34 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >


OTL Extras logfile created on: 12/20/2011 12:06:07 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Paul\Desktop\Malware Tools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 82.92% Memory free
3.85 Gb Paging File | 3.66 Gb Available in Paging File | 95.20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.47 Gb Total Space | 124.01 Gb Free Space | 84.67% Space Free | Partition Type: NTFS

Computer Name: PAUL_LAPTOP | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1947599032-523287664-3925604637-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC
"8085:TCP" = 8085:TCP:*:Enabled:LitvinenKO

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant -- (SingleClick Systems)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}" = IntelliSonic Speech Enhancement
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"3ivx MPEG-4 5.0.1 Decoder" = 3ivx MPEG-4 5.0.1 Decoder (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Dell Touchpad
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/2/2011 7:16:29 PM | Computer Name = PAUL_LAPTOP | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041D from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 12/2/2011 7:16:59 PM | Computer Name = PAUL_LAPTOP | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041D from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 12/2/2011 7:17:29 PM | Computer Name = PAUL_LAPTOP | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041D from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 12/2/2011 8:03:36 PM | Computer Name = PAUL_LAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Works -- Error 1706.No valid source could be found
for product Microsoft Works. The Windows installer cannot continue.

Error - 12/5/2011 12:39:47 AM | Computer Name = PAUL_LAPTOP | Source = MsiInstaller | ID = 11921
Description = Product: Microsoft Fix it 50202 -- Error 1921. Service 'Automatic
Updates' (WUAUSERV) could not be stopped. Verify that you have sufficient privileges
to stop system services.

Error - 12/5/2011 12:59:54 AM | Computer Name = PAUL_LAPTOP | Source = MsiInstaller | ID = 11920
Description = Product: Microsoft Fix it 50202 -- Error 1920. Service 'Automatic
Updates' (WUAUSERV) failed to start. Verify that you have sufficient privileges
to start system services.

Error - 12/5/2011 10:39:24 PM | Computer Name = PAUL_LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module shlwapi.dll, version 6.0.2900.5912, fault address 0x0002c4d8.

Error - 12/7/2011 1:04:19 PM | Computer Name = PAUL_LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module shlwapi.dll, version 6.0.2900.5912, fault address 0x0002c4d8.

Error - 12/7/2011 1:06:26 PM | Computer Name = PAUL_LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module shlwapi.dll, version 6.0.2900.5912, fault address 0x0002c4d8.

Error - 12/7/2011 1:10:45 PM | Computer Name = PAUL_LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module shlwapi.dll, version 6.0.2900.5912, fault address 0x0002c4d8.

[ System Events ]
Error - 12/7/2011 7:28:33 PM | Computer Name = PAUL_LAPTOP | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 12/7/2011 7:28:33 PM | Computer Name = PAUL_LAPTOP | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 12/7/2011 7:28:33 PM | Computer Name = PAUL_LAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip

Error - 12/7/2011 7:32:42 PM | Computer Name = PAUL_LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 12/7/2011 7:32:52 PM | Computer Name = PAUL_LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/10/2011 1:14:26 PM | Computer Name = PAUL_LAPTOP | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 12/10/2011 1:14:26 PM | Computer Name = PAUL_LAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 12/19/2011 6:58:53 PM | Computer Name = PAUL_LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/19/2011 7:00:06 PM | Computer Name = PAUL_LAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm

Error - 12/19/2011 7:03:21 PM | Computer Name = PAUL_LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

Attached Files

  • Attached File  MBR.zip   526bytes   101 downloads

  • 0

#8
Render
Posted 20 December 2011 - 09:15 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Step 1

Please uninstall following programs (if present):
  • Viewpoint Media Player

How to unistall program in Windows Vista & 7:

  • Open Programs and Features by clicking the Start button Posted Image, clicking Control Panel, clicking Programs, and then clicking Programs and Features.
  • Select a program(s) listed above, and then click Uninstall. Some programs include the option to change or repair the program in addition to uninstalling it. But many simply offer the option to uninstall. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Step 2

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

    :OTL
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
  	
:Files
c:\windows\oyuveruqapiweson.dll
ipconfig /flushdns /c

:Reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ojahizeba]

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYJAVA]
[emptyflash]
[createrestorepoint]
[reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 3

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

When completed the above, please post back the following in the order asked for:
  • OTL fix log
  • OTL quick scan log
  • checkup.txt log

  • 0

#9
dangger
Posted 20 December 2011 - 10:24 PM

dangger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
I am now able to go to the Windows Update site. Please let me know if I should start performing all the Windows Updates.

Uninstalled the Viewpoint Media Player.
Ran OTL Fix
Ran Quickscan
Ran SecurityCheck

Below are the logs.


All processes killed
========== OTL ==========
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ not found.
File C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll not found.
========== FILES ==========
c:\windows\oyuveruqapiweson.dll moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Paul\Desktop\Malware Tools\cmd.bat deleted successfully.
C:\Documents and Settings\Paul\Desktop\Malware Tools\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ojahizeba\ deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Administrator.PAUL_LAPTOP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Administrator.PAUL_LAPTOP.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 60225 bytes
->Flash cache emptied: 1255 bytes

User: All Users

User: Default User
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 163974 bytes
->Flash cache emptied: 1530 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2818182 bytes
->Flash cache emptied: 43355 bytes

User: Paul
->Temp folder emptied: 214270118 bytes
->Temporary Internet Files folder emptied: 85649964 bytes
->Java cache emptied: 21312713 bytes
->FireFox cache emptied: 100596412 bytes
->Flash cache emptied: 164079 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 214 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 215442 bytes
RecycleBin emptied: 15972832 bytes

Total Files Cleaned = 421.00 mb


[EMPTYJAVA]

User: Administrator

User: Administrator.PAUL_LAPTOP

User: Administrator.PAUL_LAPTOP.000

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Paul
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.PAUL_LAPTOP

User: Administrator.PAUL_LAPTOP.000
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Paul
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 12202011_230819

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




OTL logfile created on: 12/20/2011 11:14:53 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Paul\Desktop\Malware Tools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 79.21% Memory free
3.85 Gb Paging File | 3.59 Gb Available in Paging File | 93.39% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.47 Gb Total Space | 124.34 Gb Free Space | 84.89% Space Free | Partition Type: NTFS

Computer Name: PAUL_LAPTOP | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/19 23:47:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\Malware Tools\OTL.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe


========== Modules (No Company Name) ==========

MOD - [2007/12/11 14:21:52 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2007/06/06 16:35:02 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (getPlus® Helper) getPlus®
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)


========== Driver Services (SafeList) ==========

DRV - [2007/12/11 14:22:24 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/12/02 19:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 19:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 19:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/06/06 16:28:16 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/05/08 22:49:02 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/08 22:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/08 22:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/08 22:46:06 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/12/18 20:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/11/02 13:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080215
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080215

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.ao...rud=07-07-2010"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?...usaimc00000001"
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/12 16:50:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/02 18:58:46 | 000,000,000 | ---D | M]

[2010/04/16 04:59:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Extensions
[2011/12/04 21:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rkkq2uri.default\extensions
[2010/07/07 16:33:03 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rkkq2uri.default\searchplugins\AOL Search.xml
[2010/04/16 04:59:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/07 16:33:03 | 000,001,490 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\AOL Search.xml

O1 HOSTS File: ([2011/12/20 23:08:20 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System: DisableTaskMgr = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinn...eweledtwist.cab (BejeweledTwist Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4CE02C3-ABDD-4611-9C0A-C28702C59C51}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:2 () - http://por-chr.cimco...0.png?rev=32172
O24 - Desktop Components:3 () - http://www.burlingto...es/index_09.jpg
O24 - Desktop Components:4 () - http://por-chr.cimco...0.png?rev=34749
O24 - Desktop Components:5 () - http://www.google.co...11/mlk11-hp.jpg
O24 - Desktop Components:6 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/26 22:24:15 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/03/18 16:54:23 | 000,002,392 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/20 23:08:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/18 22:16:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Paul\IECompatCache
[2011/12/18 22:14:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Paul\PrivacIE
[2011/12/18 22:14:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Paul\IETldCache
[2011/12/18 22:11:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/12/18 22:10:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/12/10 12:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\Malware Tools
[2011/12/05 21:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/12/05 21:33:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/03 10:50:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/03 00:33:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/02 23:56:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/02 23:54:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/02 23:54:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/02 23:54:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/02 23:54:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/02 23:53:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/02 23:52:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/02 23:52:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Paul\Start Menu\Programs\Administrative Tools
[2011/12/02 22:58:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/02 18:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\SupportSoft

========== Files - Modified Within 30 Days ==========

[2011/12/20 23:15:51 | 000,458,854 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/20 23:15:51 | 000,076,244 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/20 23:11:21 | 000,027,240 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/12/20 23:11:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/20 23:11:08 | 2145,427,456 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/20 23:08:20 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/18 22:14:09 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/18 22:02:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/06 17:00:55 | 000,001,286 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/12/04 23:34:06 | 000,000,100 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Microsoft Fix it.url
[2011/12/02 23:56:13 | 000,000,327 | -H-- | M] () -- C:\boot.ini
[2011/12/02 18:20:06 | 000,000,211 | ---- | M] () -- C:\Boot.bak

========== Files Created - No Company Name ==========

[2011/12/19 18:03:58 | 2145,427,456 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/04 23:34:06 | 000,000,100 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Microsoft Fix it.url
[2011/12/04 21:28:19 | 000,001,286 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2011/12/02 23:56:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/12/02 23:56:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/02 23:54:08 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/02 23:54:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/02 23:54:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/02 23:54:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/02 23:54:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/20 17:50:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/11 11:24:54 | 000,000,954 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\wklnhst.dat
[2010/05/24 15:58:45 | 000,001,147 | ---- | C] () -- C:\WINDOWS\Jpuyuwuse.dat
[2010/05/24 15:58:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Cbofima.bin
[2010/05/24 15:56:58 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\khiteb.dat
[2010/04/16 04:59:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/15 17:51:28 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/21 00:26:32 | 000,010,407 | ---- | C] () -- C:\WINDOWS\lyxo.com
[2009/08/12 19:23:10 | 000,010,668 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\nogeda.dl
[2009/07/21 13:59:20 | 000,018,667 | ---- | C] () -- C:\Program Files\Common Files\epijatir.bin
[2009/07/21 13:59:20 | 000,018,538 | ---- | C] () -- C:\Program Files\Common Files\asajudig.reg
[2009/07/21 13:59:20 | 000,017,647 | ---- | C] () -- C:\Program Files\Common Files\dijim.bat
[2009/07/21 13:59:20 | 000,017,569 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\apesosiluq._sy
[2009/07/21 13:59:20 | 000,016,763 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\adynu._dl
[2009/07/21 13:59:20 | 000,015,947 | ---- | C] () -- C:\WINDOWS\System32\ytum.exe
[2009/07/21 13:59:20 | 000,015,871 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ikodo.inf
[2009/07/21 13:59:20 | 000,015,196 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\humizu._sy
[2009/07/21 13:59:20 | 000,014,990 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rogyz.dat
[2009/07/21 13:59:20 | 000,014,367 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\ihowavo.pif
[2009/07/21 13:59:20 | 000,013,993 | ---- | C] () -- C:\WINDOWS\iwamivusin.com
[2009/07/21 13:59:20 | 000,013,608 | ---- | C] () -- C:\Program Files\Common Files\ripivav.bat
[2009/07/21 13:59:20 | 000,013,138 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\nowapi.pif
[2009/07/21 13:59:20 | 000,012,528 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\gihadyne.exe
[2009/07/21 13:59:20 | 000,011,701 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\ugevejube.db
[2009/07/21 13:59:20 | 000,010,556 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\yhyran.ban
[2009/01/09 23:55:04 | 000,000,027 | ---- | C] () -- C:\WINDOWS\sssTbarV2.ini
[2009/01/09 23:35:03 | 000,000,074 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2009/01/08 16:41:15 | 000,017,841 | ---- | C] () -- C:\WINDOWS\System32\soap664.bin
[2009/01/08 16:41:15 | 000,017,709 | ---- | C] () -- C:\WINDOWS\System32\718page.dat
[2009/01/08 16:41:15 | 000,017,285 | ---- | C] () -- C:\WINDOWS\System32\sparse0672.bin
[2009/01/08 16:41:15 | 000,017,153 | ---- | C] () -- C:\WINDOWS\System32\keys726.dat
[2009/01/08 16:41:15 | 000,015,790 | ---- | C] () -- C:\WINDOWS\System32\user681.dat
[2009/01/08 16:41:15 | 000,015,376 | ---- | C] () -- C:\WINDOWS\System32\resource581.bin
[2009/01/08 16:41:15 | 000,014,820 | ---- | C] () -- C:\WINDOWS\System32\soap589.bin
[2009/01/08 16:41:15 | 000,013,326 | ---- | C] () -- C:\WINDOWS\System32\user598.dat
[2009/01/08 16:41:15 | 000,012,769 | ---- | C] () -- C:\WINDOWS\System32\threat606y.dat
[2009/01/08 16:41:15 | 000,012,146 | ---- | C] () -- C:\WINDOWS\System32\797base.bin
[2009/01/08 16:41:15 | 000,011,590 | ---- | C] () -- C:\WINDOWS\System32\cookies805.bin
[2009/01/08 16:41:15 | 000,011,275 | ---- | C] () -- C:\WINDOWS\System32\uninstall267.dat
[2009/01/08 16:41:15 | 000,010,096 | ---- | C] () -- C:\WINDOWS\System32\data032E.bin
[2009/01/08 16:41:15 | 000,009,539 | ---- | C] () -- C:\WINDOWS\System32\keys822.dat
[2009/01/08 16:41:15 | 000,008,045 | ---- | C] () -- C:\WINDOWS\System32\33f.dat
[2009/01/08 16:41:15 | 000,007,489 | ---- | C] () -- C:\WINDOWS\System32\user839.dat
[2009/01/08 16:41:15 | 000,007,206 | ---- | C] () -- C:\WINDOWS\System32\wtl_dt430.bin
[2009/01/08 16:41:15 | 000,005,712 | ---- | C] () -- C:\WINDOWS\System32\user439.bin
[2009/01/08 16:41:15 | 000,005,580 | ---- | C] () -- C:\WINDOWS\System32\1ed.dat
[2009/01/08 16:41:15 | 000,005,024 | ---- | C] () -- C:\WINDOWS\System32\502backup.dat
[2009/01/08 16:41:15 | 000,004,401 | ---- | C] () -- C:\WINDOWS\System32\uninstall2b4.bin
[2009/01/08 16:41:15 | 000,003,845 | ---- | C] () -- C:\WINDOWS\System32\701_data.bin
[2009/01/08 16:41:15 | 000,003,661 | ---- | C] () -- C:\WINDOWS\System32\uninstall1c8.dat
[2009/01/08 16:41:15 | 000,003,420 | ---- | C] () -- C:\WINDOWS\System32\028F.bin
[2009/01/08 16:41:15 | 000,003,288 | ---- | C] () -- C:\WINDOWS\System32\709part.bin
[2009/01/08 16:41:15 | 000,003,105 | ---- | C] () -- C:\WINDOWS\System32\images465.dat
[2009/01/08 16:41:15 | 000,002,549 | ---- | C] () -- C:\WINDOWS\System32\wtl_dt473.dat
[2009/01/08 16:41:14 | 000,013,457 | ---- | C] () -- C:\WINDOWS\System32\0121mixed.bin
[2009/01/08 16:41:14 | 000,012,901 | ---- | C] () -- C:\WINDOWS\System32\297backup.bin
[2009/01/08 16:41:14 | 000,011,407 | ---- | C] () -- C:\WINDOWS\System32\306base.dat
[2009/01/08 16:41:14 | 000,010,850 | ---- | C] () -- C:\WINDOWS\System32\wtl_dt314.dat
[2009/01/08 16:41:14 | 000,009,356 | ---- | C] () -- C:\WINDOWS\System32\323page.dat
[2009/01/08 16:41:14 | 000,008,386 | ---- | C] () -- C:\WINDOWS\System32\231part.dat
[2009/01/08 16:41:14 | 000,006,891 | ---- | C] () -- C:\WINDOWS\System32\240page.dat
[2009/01/08 16:41:14 | 000,005,287 | ---- | C] () -- C:\WINDOWS\System32\139backup.bin
[2009/01/08 16:41:14 | 000,003,793 | ---- | C] () -- C:\WINDOWS\System32\147base.bin
[2009/01/08 16:41:14 | 000,003,237 | ---- | C] () -- C:\WINDOWS\System32\data009C.bin
[2008/06/15 10:18:20 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/23 12:01:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/02/14 22:52:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/02/14 22:47:48 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2008/02/14 22:41:06 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/02/14 22:41:05 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/02/14 22:41:05 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2008/02/14 22:23:49 | 000,027,240 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/02/14 22:17:57 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/02/14 22:17:56 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/02/14 22:17:43 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/02/14 22:17:43 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/02/14 22:17:42 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/02/14 22:17:42 | 001,018,804 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2008/02/14 22:17:42 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/02/14 22:17:41 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/02/14 22:17:41 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/02/14 22:17:38 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/02/14 22:17:38 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/02/14 22:16:12 | 000,001,118 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/08/26 21:45:44 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib_dec.dll
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,333,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,458,854 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,076,244 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2008/10/04 20:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2011/12/02 18:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/07/05 16:11:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/12/05 21:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/02/14 22:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2011/12/20 23:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/10/04 20:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Acoustica
[2008/10/11 11:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Audacity
[2010/07/11 11:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Template

========== Purity Check ==========



< End of report >




Results of screen317's Security Check version 0.99.29
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
```````````````````````````````
Anti-malware/Other Utilities Check:
Adobe Flash Player 10.0.45.2 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (3.6.8) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Paul Desktop Malware Tools OTL.exe
Paul Desktop Malware Tools SecurityCheck.exe
``````````End of Log````````````
  • 0

#10
Render
Posted 21 December 2011 - 05:33 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Windows Update is working now or not?
  • 0

Advertisements

#11
dangger
Posted 21 December 2011 - 08:03 AM

dangger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Yes, Windows Update site is now working. Should I proceed to install all Windows Updates? Does this mean everything is all clean?
  • 0

#12
Render
Posted 21 December 2011 - 08:15 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please wait a little with updates and proceed with this:

We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#13
dangger
Posted 21 December 2011 - 11:07 PM

dangger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Ran VRT virus scan
Ran the Manual Disinfection Analysis

Attached are the logs and analysis.

Attached Files


  • 0

#14
Render
Posted 22 December 2011 - 06:37 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please install one of the following antivirus programs:

Then install all Windows updates.
  • 0

#15
dangger
Posted 24 December 2011 - 04:07 PM

dangger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Applied all Windows Update
Install Avast Antivirus and ran scan and boot scan.

Attach is screenshot of scan.

Attached Thumbnails

  • avast.JPG

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP